UEFITool

{{Short description|Software program}}

{{Infobox software

| name = UEFITool

| logo =

| logo alt =

| screenshot =

| caption =

| screenshot alt =

| collapsible =

| author = Nikolaj Schlej

| developer =

| released =

| discontinued =

| latest release version = A62

| latest release date = {{Start date and age|03|10|2022|df=yes}}

| latest preview version =

| latest preview date =

| status =

| programming language = C++

| operating system = Windows, macOS, Linux

| platform =

| size =

| language =

| language count =

| language footnote =

| genre =

| license = BSD-2-Clause license

| alexa =

| website = https://github.com/LongSoft/UEFITool/wiki

| standard =

| AsOf =

}}

UEFITool is a software program for reading and modifying EEPROM images with UEFI firmware.{{Cite web |first=Micah |last=Lee |date=April 28, 2018 |title=It's Impossible to Prove Your Laptop Hasn't Been Hacked. I Spent Two Years Finding Out.|url=https://theintercept.com/2018/04/28/computer-malware-tampering/ |access-date=2021-09-13|website=The Intercept|language=en}} It is written in C++ using the Qt library.{{cite journal |url=https://www.usenix.org/system/files/sec20-christensen.pdf |title=DECAF: automatic, adaptive de-bloating and hardening of COTS firmware |journal=SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium |first1=Jake |last1=Christensen |first2=Ionut Mugurel |last2=Anghel |first3=Rob |last3=Taglang |first4=Mihai |last4=Chiroiu |first5=Radu |last5=Sion |date=August 2020 |access-date=January 22, 2024}} Features include the ability to view the flash regions and to extract and import them.{{Cite book|last=Matrosov|first=Alex |title=Rootkits and bootkits: reversing modern malware and next generation threats|date=2019|others=Eugene Rodionov, Sergey Bratus|isbn=978-1-59327-883-0|location=San Francisco |publisher=No Starch Press |pages=380–390|oclc=1005741834}} UEFITool allows the user to search for hex and text patterns.{{cite journal |title=Forensic method for decrypting TPM-protected BitLocker volumes using Intel DCI |journal=Forensic Science International: Digital Investigation |first1=Matheus Bichara |last1=de Assumpção |first2=Marcelo Abdalla |last2=dos Reis |first3=Marcos Roberto |last3=Marcondes |first4=Pedro Monteiro |last4=da Silva Eleutério |first5=Victor Hugo |last5=Vieira |date=March 2023 |volume=44 |doi=10.1016/j.fsidi.2023.301514 |doi-access=free }}

UEFITool presents UEFI firmware images in a tree-like structure. It highlights the modules which are protected by the Intel Boot Guard.