An educational EFI bootkit project for macOS that demonstrates the construction, deployment, and testing of UEFI shellcode. The toolkit includes:
- 🧱 A shellcode builder (
builder.py) - 🗂 A FAT32 EFI System Partition injector (
injector.py) - 💾 Tools to extract and inspect ESP contents
- 🔬 Unit tests and safety guidelines
mac_efi_bootkit/ ├── bootkit/ │ ├── builder.py # Wraps raw shellcode in PE/COFF │ ├── injector.py # Mounts and patches ESP │ ├── fs_utils.py # FAT32 mount and patch logic │ ├── uefi_structs.py # UEFI data structures │ ├── efi_payload.asm # NASM x64 shellcode (UEFI entrypoint) │ └── efi_payload.bin # Flat binary output │ ├── tools/ │ ├── nasm_compile.py # Assembles efi_payload.asm │ ├── esp_extractor.py # Mounts and copies ESP to folder │ ├── device_info.py # Lists EFI volumes and partitions │ └── firmware_injector.py # Firmware DXE injection & SPI flash automation │ ├── scripts/ │ ├── build_bootkit.sh # Automates build + injection │ └── launch_vm.sh # Boot EFI in QEMU + OVMF │ ├── tests/ # Unit tests using unittest + mock ├── docs/ │ ├── architecture.md │ └── safety_guidelines.md ├── requirements.txt └── setup.py - Install dependencies:
brew install nasm qemu pip install -r requirements.txt- Assemble payload:
python3 tools/nasm_compile.py- Build EFI binary:
python3 -c "from bootkit import builder; builder.build_efi_image('bootkit/efi_payload.bin', 'bootkit/BOOTX64.EFI')"- Inject to ESP:
sudo python3 -m bootkit.injectorbash scripts/launch_vm.shRequires OVMF_CODE.fd and OVMF_VARS.fd in /usr/local/share/OVMF/.
python3 tools/esp_extractor.pypytest tests/This toolkit includes low-level firmware interaction tools that can irreversibly alter your hardware. It is for academic use only on test machines or virtual environments.
Do not attempt real-world deployment without full understanding of UEFI internals, SPI flash layout, and platform-specific protections.
The authors are not responsible for damage, data loss, or unintended behavior caused by use or misuse. See docs/safety_guidelines.md.