Skip to content

0x00Alchemist/ResilienceKit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Resilience
Resilience
 
 
ResilienceLoader
ResilienceLoader
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
media.gif
media.gif
 
 
resilience.default.props
resilience.default.props
 
 
resilience.props
resilience.props
 
 
resilience.sln
resilience.sln
 
 

Repository files navigation

Resilience

Another UEFI bootkit that drops payload in RT phase of OS.

media

Usage

  1. Move your payload to the file Payload.h
  2. Create a bootable flash drive with \EFI\Boot structure. In the Boot folder you should put ResilienceLoader, renamed bootx64.efi. In the folder EFI must be the bootkit itself (not the bootloader). If needed, the path to the bootkit can be changed in ResilienceLoader.
  3. Reboot with bootable flash drive

Compilation

The project uses the EDK2 library to compile the bootkit and the bootloader. Depending on your framework to work with UEFI applications, you will need EDK2 anyway. This project uses VisualUEFI as its framework.

Payload requirements

The payload must be compiled without Fx/GsDriverEntry EP (because they will load functions from wdfldr.sys). This can be configured in the linker options: Linker -> Advanced -> Entry Point. Replace what is in the Entry Point field with yours (for example, DriverEntry) Also, you must disable stack security checking.

Tests

Should work mostly on Windows 10 (21H2, 22H2). Hit me up if there are any problems.

About

Another UEFI runtime bootkit

Topics

uefi bootkit

Resources

Readme

License

MIT license
Activity

Stars

25 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages