An educational EFI bootkit project for macOS that demonstrates the construction, deployment, and testing of UEFI shellcode. The toolkit includes:
- 𧱠A shellcode builder (
builder.py) - π A FAT32 EFI System Partition injector (
injector.py) - πΎ Tools to extract and inspect ESP contents
- π¬ Unit tests and safety guidelines
mac_efi_bootkit/
βββ bootkit/
β βββ builder.py # Wraps raw shellcode in PE/COFF
β βββ injector.py # Mounts and patches ESP
β βββ fs_utils.py # FAT32 mount and patch logic
β βββ uefi_structs.py # UEFI data structures
β βββ efi_payload.asm # NASM x64 shellcode (UEFI entrypoint)
β βββ efi_payload.bin # Flat binary output
β
βββ tools/
β βββ nasm_compile.py # Assembles efi_payload.asm
β βββ esp_extractor.py # Mounts and copies ESP to folder
β βββ device_info.py # Lists EFI volumes and partitions
β βββ firmware_injector.py # Firmware DXE injection & SPI flash automation
β
βββ scripts/
β βββ build_bootkit.sh # Automates build + injection
β βββ launch_vm.sh # Boot EFI in QEMU + OVMF
β
βββ tests/ # Unit tests using unittest + mock
βββ docs/
β βββ architecture.md
β βββ safety_guidelines.md
βββ requirements.txt
βββ setup.py
- Install dependencies:
brew install nasm qemu
pip install -r requirements.txt- Assemble payload:
python3 tools/nasm_compile.py- Build EFI binary:
python3 -c "from bootkit import builder; builder.build_efi_image('bootkit/efi_payload.bin', 'bootkit/BOOTX64.EFI')"- Inject to ESP:
sudo python3 -m bootkit.injectorbash scripts/launch_vm.shRequires OVMF_CODE.fd and OVMF_VARS.fd in /usr/local/share/OVMF/.
python3 tools/esp_extractor.pypytest tests/This toolkit includes low-level firmware interaction tools that can irreversibly alter your hardware. It is for academic use only on test machines or virtual environments.
Do not attempt real-world deployment without full understanding of UEFI internals, SPI flash layout, and platform-specific protections.
The authors are not responsible for damage, data loss, or unintended behavior caused by use or misuse. See docs/safety_guidelines.md.