Recon 2024

Binary Golfing UEFI Applications
06-29, 17:00–18:00 (US/Eastern), Grand Salon

Have you ever wondered how UEFI applications are loaded? Have you ever wondered what the smallest possible UEFI application could be? Let's make an ultra tiny self-replicating UEFI application and answer both of these questions!


The smallest self-replicating UEFI application was developed as a submission to the 4th Annual Binary Golf Grand Prix. This talk will cover UEFI, the UEFI x64 ABI, writing UEFI applications in x86_64 assembly, Tianocore EDK2 image loader internals, QEMU automation, and binary golf strategies for UEFI PEs.

The purpose of this talk is to peel back the layers of abstraction that UEFI provides, reveal how applications actually work, and explore what can be accomplished with tiny payloads. It will also touch on techniques to obfuscate hand crafted binaries to reduce chances of detection.

Netspooky is a security researcher. He is the founder and organizer of the Binary Golf Grand Prix, cofounder/editor/art director of Linux VX zine tmp.0ut, and was the art director for ThugCrowd. His research background includes protocol reverse engineering, file format hacking, industrial control systems, firmware dev, and embedded device security. His work has appeared in tmp.0ut, BGGP, PoC||GTFO, VX Underground, Defcon and others.