mattifestation/dbxhashoutput.csv

## dbxhashoutput.csv

          
            SignatureOwner
            SHA256Hash

            
              00000000-0000-0000-0000-000000000000
              6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              F52F83A3FA9CFBD6920F722824DBE4034534D25B8507246B3B957DAC6E1BCE7A

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              C5D9D8A186E2C82D09AFAA2A6F7F2E73870D3E64F72C4E08EF67796A840F0FBD

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              363384D14D1F2E0B7815626484C459AD57A318EF4396266048D058C5A19BBF76

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              1AEC84B84B6C65A51220A9BE7181965230210D62D6D33C48999C6B295A2B0A06

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              E6CA68E94146629AF03F69C2F86E6BEF62F930B37C6FBCC878B78DF98C0334E5

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              C3A99A460DA464A057C3586D83CEF5F4AE08B7103979ED8932742DF0ED530C66

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              58FB941AEF95A25943B3FB5F2510A0DF3FE44C58C95E0AB80487297568AB9771

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              5391C3A2FB112102A6AA1EDC25AE77E19F5D6F09CD09EEB2509922BFCD5992EA

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              D626157E1D6A718BC124AB8DA27CBB65072CA03A7B6B257DBDCBBD60F65EF3D1

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              D063EC28F67EBA53F1642DBF7DFF33C6A32ADD869F6013FE162E2C32F1CBE56D

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              29C6EB52B43C3AA18B2CD8ED6EA8607CEF3CFAE1BAFE1165755CF2E614844A44

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              90FBE70E69D633408D3E170C6832DBB2D209E0272527DFB63D49D29572A6F44C

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              075EEA060589548BA060B2FEED10DA3C20C7FE9B17CD026B94E8A683B8115238

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              07E6C6A858646FB1EFC67903FE28B116011F2367FE92E6BE2B36999EFF39D09E

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              09DF5F4E511208EC78B96D12D08125FDB603868DE39F6F72927852599B659C26

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              0BBB4392DAAC7AB89B30A4AC657531B97BFAAB04F90B0DAFE5F9B6EB90A06374

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              0C189339762DF336AB3DD006A463DF715A39CFB0F492465C600E6C6BD7BD898C

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              0D0DBECA6F29ECA06F331A7D72E4884B12097FB348983A2A14A0D73F4F10140F

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              0DC9F3FB99962148C3CA833632758D3ED4FC8D0B0007B95B31E6528F2ACD5BFC

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              106FACEACFECFD4E303B74F480A08098E2D0802B936F8EC774CE21F31686689C

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              174E3A0B5B43C6A607BBD3404F05341E3DCF396267CE94F8B50E2E23A9DA920C

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              18333429FF0562ED9F97033E1148DCEEE52DBE2E496D5410B5CFD6C864D2D10F

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              2B99CF26422E92FE365FBF4BC30D27086C9EE14B7A6FFF44FB2F6B9001699939

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              2BBF2CA7B8F1D91F27EE52B6FB2A5DD049B85A2B9B529C5D6662068104B055F8

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              2C73D93325BA6DCBE589D4A4C63C5B935559EF92FBF050ED50C4E2085206F17D

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              2E70916786A6F773511FA7181FAB0F1D70B557C6322EA923B2A8D3B92B51AF7D

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              306628FA5477305728BA4A467DE7D0387A54F569D3769FCE5E75EC89D28D1593

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              3608EDBAF5AD0F41A414A1777ABF2FAF5E670334675EC3995E6935829E0CAAD2

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              3841D221368D1583D75C0A02E62160394D6C4E0A6760B6F607B90362BC855B02

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              3FCE9B9FDF3EF09D5452B0F95EE481C2B7F06D743A737971558E70136ACE3E73

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              4397DACA839E7F63077CB50C92DF43BC2D2FB2A8F59F26FC7A0E4BD4D9751692

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              47CC086127E2069A86E03A6BEF2CD410F8C55A6D6BDB362168C31B2CE32A5ADF

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              518831FE7382B514D03E15C621228B8AB65479BD0CBFA3C5C1D0F48D9C306135

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              5AE949EA8855EB93E439DBC65BDA2E42852C2FDF6789FA146736E3C3410F2B5C

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              6B1D138078E4418AA68DEB7BB35E066092CF479EEB8CE4CD12E7D072CCB42F66

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              6C8854478DD559E29351B826C06CB8BFEF2B94AD3538358772D193F82ED1CA11

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              6F1428FF71C9DB0ED5AF1F2E7BBFCBAB647CC265DDF5B293CDB626F50A3A785E

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              71F2906FD222497E54A34662AB2497FCC81020770FF51368E9E3D9BFCBFD6375

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              726B3EB654046A30F3F83D9B96CE03F670E9A806D1708A0371E62DC49D2C23C1

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              72E0BD1867CF5D9D56AB158ADF3BDDBC82BF32A8D8AA1D8C5E2F6DF29428D6D8

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              7827AF99362CFAF0717DADE4B1BFE0438AD171C15ADDC248B75BF8CAA44BB2C5

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              81A8B965BB84D3876B9429A95481CC955318CFAA1412D808C8A33BFD33FFF0E4

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              82DB3BCEB4F60843CE9D97C3D187CD9B5941CD3DE8100E586F2BDA5637575F67

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              895A9785F617CA1D7ED44FC1A1470B71F3F1223862D9FF9DCC3AE2DF92163DAF

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              8AD64859F195B5F58DAFAA940B6A6167ACD67A886E8F469364177221C55945B9

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              8BF434B49E00CCF71502A2CD900865CB01EC3B3DA03C35BE505FDF7BD563F521

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              8D8EA289CFE70A1C07AB7365CB28EE51EDD33CF2506DE888FBADD60EBF80481C

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              9998D363C491BE16BD74BA10B94D9291001611736FDCA643A36664BC0F315A42

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              9E4A69173161682E55FDE8FEF560EB88EC1FFEDCAF04001F66C0CAF707B2B734

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              A6B5151F3655D3A2AF0D472759796BE4A4200E5495A7D869754C4848857408A7

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              A7F32F508D4EB0FEAD9A087EF94ED1BA0AEC5DE6F7EF6FF0A62B93BEDF5D458D

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              AD6826E1946D26D3EAF3685C88D97D85DE3B4DCB3D0EE2AE81C70560D13C5720

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              AEEBAE3151271273ED95AA2E671139ED31A98567303A332298F83709A9D55AA1

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              AFE2030AFB7D2CDA13F9FA333A02E34F6751AFEC11B010DBCD441FDF4C4002B3

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              B54F1EE636631FAD68058D3B0937031AC1B90CCB17062A391CCA68AFDBE40D55

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              B8F078D983A24AC433216393883514CD932C33AF18E7DD70884C8235F4275736

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              B97A0889059C035FF1D54B6DB53B11B9766668D9F955247C028B2837D7A04CD9

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              BC87A668E81966489CB508EE805183C19E6ACD24CF17799CA062D2E384DA0EA7

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              C409BDAC4775ADD8DB92AA22B5B718FB8C94A1462C1FE9A416B95D8A3388C2FC

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              C617C1A8B1EE2A811C28B5A81B4C83D7C98B5B0C27281D610207EBE692C2967F

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              C90F336617B8E7F983975413C997F10B73EB267FD8A10CB9E3BDBFC667ABDB8B

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              CB6B858B40D3A098765815B592C1514A49604FAFD60819DA88D7A76E9778FEF7

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              CE3BFABE59D67CE8AC8DFD4A16F7C43EF9C224513FBC655957D735FA29F540CE

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              D8CBEB9735F5672B367E4F96CDC74969615D17074AE96C724D42CE0216F8F3FA

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              E92C22EB3B5642D65C1EC2CAF247D2594738EEBB7FB3841A44956F59E2B0D1FA

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              FDDD6E3D29EA84C7743DAD4A1BDBC700B5FEC1B391F932409086ACC71DD6DBD8

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              FE63A84F782CC9D3FCF2CCF9FC11FBD03760878758D26285ED12669BDC6E6D01

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              FECFB232D12E994B6D485D2C7167728AA5525984AD5CA61E7516221F079A1436

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              CA171D614A8D7E121C93948CD0FE55D39981F9D11AA96E03450A415227C2C65B

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              55B99B0DE53DBCFE485AA9C737CF3FB616EF3D91FAB599AA7CAB19EDA763B5BA

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              77DD190FA30D88FF5E3B011A0AE61E6209780C130B535ECB87E6F0888A0B6B2F

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              C83CB13922AD99F560744675DD37CC94DCAD5A1FCBA6472FEE341171D939E884

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              3B0287533E0CC3D0EC1AA823CBF0A941AAD8721579D1C499802DD1C3A636B8A9

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              939AEEF4F5FA51E23340C3F2E49048CE8872526AFDF752C3A7F3A3F2BC9F6049

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              64575BD912789A2E14AD56F6341F52AF6BF80CF94400785975E9F04E2D64D745

            
              77fa9abd-0359-4d32-bd60-28f4e78f784b
              45C7C8AE750ACFBB48FC37527D6412DD644DAED8913CCD8A24C94D856967DF8E

## dbxparser.ps1
function Get-SecureBootUEFIDBXHash {
<#
.SYNOPSIS

Dumps SHA256 hashes of blacklisted UEFI bootloaders from the 'dbx' UEFI variable.

.DESCRIPTION

Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause

.PARAMETER DBXVariable

Specifies a UEFI variable, an instance of which is returned by calling the Get-SecureBootUEFI cmdlet.

.PARAMETER DBXBytes

Specifies a byte array consisting of the 'dbx' UEFI vairable contents.

.EXAMPLE

Get-SecureBootUEFI -Name dbx | Get-SecureBootUEFIDBXHash

.EXAMPLE

$DBXBytes = [IO.File]::ReadAllBytes('C:\Temp\dbx.bin')

Get-SecureBootUEFIDBXHash -DBXBytes $DBXBytes

.INPUTS

Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable

Accepts the output of `Get-SecureBootUEFI -Name dbx` over the pipeline.

.OUTPUTS

UEFIDBXHash

Outputs a custom object consisting of banned SHA256 hashes and the respective "owner" of each hash. "77fa9abd-0359-4d32-bd60-28f4e78f784b" refers to Microsoft as the owner.
#>

    param (
        [Parameter(Mandatory, ValueFromPipeline, ParameterSetName = 'UEFIVariable')]
        [PSTypeName('Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable')]
        [ValidateScript({ $_.Name -eq 'dbx' })]
        $DBXVariable,

        [Parameter(Mandatory, ParameterSetName = 'ByteArray')]
        [Byte[]]
        [ValidateNotNullOrEmpty()]
        $DBXBytes
    )

    # This obviously needs to be extended to support all possible EFI_SIGNATURE_LIST.SignatureTypes
    # Only supporting EFI_CERT_SHA256_GUID for dbx is sufficient for this PoC though.
    $SignatureTypeMapping = @{
        'c1c41626-504c-4092-aca9-41f936934328' = 'EFI_CERT_SHA256_GUID'
        'A5C059A1-94E4-4AA7-87B5-AB155C2BF072' = 'EFI_CERT_X509_GUID'
    }

    $Bytes = $null

    if ($DBXVariable) {
        $Bytes = $DBXVariable.Bytes
    } else {
        $Bytes = $DBXBytes
    }

    $MemoryStream = New-Object -TypeName IO.MemoryStream -ArgumentList @(,$Bytes)
    $BinaryReader = New-Object -TypeName IO.BinaryReader -ArgumentList $MemoryStream, ([Text.Encoding]::Unicode)

    while ($BinaryReader.PeekChar() -ne -1) {
        $SignatureType = [Guid][Byte[]] $BinaryReader.ReadBytes(16)
        $SignatureName = $SignatureTypeMapping["$SignatureType"]

        switch ($SignatureName) {
            'EFI_CERT_SHA256_GUID' {
                $SignatureListSize = $BinaryReader.ReadUInt32()

                # This should always be zero
                $SignatureHeaderSize = $BinaryReader.ReadUInt32()

                # This should always be 0x30 for EFI_CERT_SHA256_GUID
                #   SignatureOwner GUID + 0x20 byte SHA256 hash
                $SignatureSize = $BinaryReader.ReadUInt32()

                # 0x1C is the size of the EFI_SIGNATURE_LIST header
                $EFISignatureDataCount = ($SignatureListSize - 0x1C) / $SignatureSize

                for ($i = 0; $i -lt $EFISignatureDataCount; $i++) {
                    $EFISignatureData = $BinaryReader.ReadBytes($SignatureSize)

                    $SignatureOwner = [Guid][Byte[]] $EFISignatureData[0..0x0F]
                    $Hash = ([Byte[]] $EFISignatureData[0x10..0x2F] | ForEach-Object { $_.ToString('X2') }) -join ''

                    [PSCustomObject] @{
                        PSTypeName = 'UEFIDBXHash'
                        SignatureOwner = $SignatureOwner
                        SHA256Hash = $Hash
                    }
                }
            }
        }
    }
}
	SignatureOwner	SHA256Hash
	00000000-0000-0000-0000-000000000000	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
	77fa9abd-0359-4d32-bd60-28f4e78f784b	80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A
	77fa9abd-0359-4d32-bd60-28f4e78f784b	F52F83A3FA9CFBD6920F722824DBE4034534D25B8507246B3B957DAC6E1BCE7A
	77fa9abd-0359-4d32-bd60-28f4e78f784b	C5D9D8A186E2C82D09AFAA2A6F7F2E73870D3E64F72C4E08EF67796A840F0FBD
	77fa9abd-0359-4d32-bd60-28f4e78f784b	363384D14D1F2E0B7815626484C459AD57A318EF4396266048D058C5A19BBF76
	77fa9abd-0359-4d32-bd60-28f4e78f784b	1AEC84B84B6C65A51220A9BE7181965230210D62D6D33C48999C6B295A2B0A06
	77fa9abd-0359-4d32-bd60-28f4e78f784b	E6CA68E94146629AF03F69C2F86E6BEF62F930B37C6FBCC878B78DF98C0334E5
	77fa9abd-0359-4d32-bd60-28f4e78f784b	C3A99A460DA464A057C3586D83CEF5F4AE08B7103979ED8932742DF0ED530C66
	77fa9abd-0359-4d32-bd60-28f4e78f784b	58FB941AEF95A25943B3FB5F2510A0DF3FE44C58C95E0AB80487297568AB9771
	77fa9abd-0359-4d32-bd60-28f4e78f784b	5391C3A2FB112102A6AA1EDC25AE77E19F5D6F09CD09EEB2509922BFCD5992EA
	77fa9abd-0359-4d32-bd60-28f4e78f784b	D626157E1D6A718BC124AB8DA27CBB65072CA03A7B6B257DBDCBBD60F65EF3D1
	77fa9abd-0359-4d32-bd60-28f4e78f784b	D063EC28F67EBA53F1642DBF7DFF33C6A32ADD869F6013FE162E2C32F1CBE56D
	77fa9abd-0359-4d32-bd60-28f4e78f784b	29C6EB52B43C3AA18B2CD8ED6EA8607CEF3CFAE1BAFE1165755CF2E614844A44
	77fa9abd-0359-4d32-bd60-28f4e78f784b	90FBE70E69D633408D3E170C6832DBB2D209E0272527DFB63D49D29572A6F44C
	77fa9abd-0359-4d32-bd60-28f4e78f784b	075EEA060589548BA060B2FEED10DA3C20C7FE9B17CD026B94E8A683B8115238
	77fa9abd-0359-4d32-bd60-28f4e78f784b	07E6C6A858646FB1EFC67903FE28B116011F2367FE92E6BE2B36999EFF39D09E
	77fa9abd-0359-4d32-bd60-28f4e78f784b	09DF5F4E511208EC78B96D12D08125FDB603868DE39F6F72927852599B659C26
	77fa9abd-0359-4d32-bd60-28f4e78f784b	0BBB4392DAAC7AB89B30A4AC657531B97BFAAB04F90B0DAFE5F9B6EB90A06374
	77fa9abd-0359-4d32-bd60-28f4e78f784b	0C189339762DF336AB3DD006A463DF715A39CFB0F492465C600E6C6BD7BD898C
	77fa9abd-0359-4d32-bd60-28f4e78f784b	0D0DBECA6F29ECA06F331A7D72E4884B12097FB348983A2A14A0D73F4F10140F
	77fa9abd-0359-4d32-bd60-28f4e78f784b	0DC9F3FB99962148C3CA833632758D3ED4FC8D0B0007B95B31E6528F2ACD5BFC
	77fa9abd-0359-4d32-bd60-28f4e78f784b	106FACEACFECFD4E303B74F480A08098E2D0802B936F8EC774CE21F31686689C
	77fa9abd-0359-4d32-bd60-28f4e78f784b	174E3A0B5B43C6A607BBD3404F05341E3DCF396267CE94F8B50E2E23A9DA920C
	77fa9abd-0359-4d32-bd60-28f4e78f784b	18333429FF0562ED9F97033E1148DCEEE52DBE2E496D5410B5CFD6C864D2D10F
	77fa9abd-0359-4d32-bd60-28f4e78f784b	2B99CF26422E92FE365FBF4BC30D27086C9EE14B7A6FFF44FB2F6B9001699939
	77fa9abd-0359-4d32-bd60-28f4e78f784b	2BBF2CA7B8F1D91F27EE52B6FB2A5DD049B85A2B9B529C5D6662068104B055F8
	77fa9abd-0359-4d32-bd60-28f4e78f784b	2C73D93325BA6DCBE589D4A4C63C5B935559EF92FBF050ED50C4E2085206F17D
	77fa9abd-0359-4d32-bd60-28f4e78f784b	2E70916786A6F773511FA7181FAB0F1D70B557C6322EA923B2A8D3B92B51AF7D
	77fa9abd-0359-4d32-bd60-28f4e78f784b	306628FA5477305728BA4A467DE7D0387A54F569D3769FCE5E75EC89D28D1593
	77fa9abd-0359-4d32-bd60-28f4e78f784b	3608EDBAF5AD0F41A414A1777ABF2FAF5E670334675EC3995E6935829E0CAAD2
	77fa9abd-0359-4d32-bd60-28f4e78f784b	3841D221368D1583D75C0A02E62160394D6C4E0A6760B6F607B90362BC855B02
	77fa9abd-0359-4d32-bd60-28f4e78f784b	3FCE9B9FDF3EF09D5452B0F95EE481C2B7F06D743A737971558E70136ACE3E73
	77fa9abd-0359-4d32-bd60-28f4e78f784b	4397DACA839E7F63077CB50C92DF43BC2D2FB2A8F59F26FC7A0E4BD4D9751692
	77fa9abd-0359-4d32-bd60-28f4e78f784b	47CC086127E2069A86E03A6BEF2CD410F8C55A6D6BDB362168C31B2CE32A5ADF
	77fa9abd-0359-4d32-bd60-28f4e78f784b	518831FE7382B514D03E15C621228B8AB65479BD0CBFA3C5C1D0F48D9C306135
	77fa9abd-0359-4d32-bd60-28f4e78f784b	5AE949EA8855EB93E439DBC65BDA2E42852C2FDF6789FA146736E3C3410F2B5C
	77fa9abd-0359-4d32-bd60-28f4e78f784b	6B1D138078E4418AA68DEB7BB35E066092CF479EEB8CE4CD12E7D072CCB42F66
	77fa9abd-0359-4d32-bd60-28f4e78f784b	6C8854478DD559E29351B826C06CB8BFEF2B94AD3538358772D193F82ED1CA11
	77fa9abd-0359-4d32-bd60-28f4e78f784b	6F1428FF71C9DB0ED5AF1F2E7BBFCBAB647CC265DDF5B293CDB626F50A3A785E
	77fa9abd-0359-4d32-bd60-28f4e78f784b	71F2906FD222497E54A34662AB2497FCC81020770FF51368E9E3D9BFCBFD6375
	77fa9abd-0359-4d32-bd60-28f4e78f784b	726B3EB654046A30F3F83D9B96CE03F670E9A806D1708A0371E62DC49D2C23C1
	77fa9abd-0359-4d32-bd60-28f4e78f784b	72E0BD1867CF5D9D56AB158ADF3BDDBC82BF32A8D8AA1D8C5E2F6DF29428D6D8
	77fa9abd-0359-4d32-bd60-28f4e78f784b	7827AF99362CFAF0717DADE4B1BFE0438AD171C15ADDC248B75BF8CAA44BB2C5
	77fa9abd-0359-4d32-bd60-28f4e78f784b	81A8B965BB84D3876B9429A95481CC955318CFAA1412D808C8A33BFD33FFF0E4
	77fa9abd-0359-4d32-bd60-28f4e78f784b	82DB3BCEB4F60843CE9D97C3D187CD9B5941CD3DE8100E586F2BDA5637575F67
	77fa9abd-0359-4d32-bd60-28f4e78f784b	895A9785F617CA1D7ED44FC1A1470B71F3F1223862D9FF9DCC3AE2DF92163DAF
	77fa9abd-0359-4d32-bd60-28f4e78f784b	8AD64859F195B5F58DAFAA940B6A6167ACD67A886E8F469364177221C55945B9
	77fa9abd-0359-4d32-bd60-28f4e78f784b	8BF434B49E00CCF71502A2CD900865CB01EC3B3DA03C35BE505FDF7BD563F521
	77fa9abd-0359-4d32-bd60-28f4e78f784b	8D8EA289CFE70A1C07AB7365CB28EE51EDD33CF2506DE888FBADD60EBF80481C
	77fa9abd-0359-4d32-bd60-28f4e78f784b	9998D363C491BE16BD74BA10B94D9291001611736FDCA643A36664BC0F315A42
	77fa9abd-0359-4d32-bd60-28f4e78f784b	9E4A69173161682E55FDE8FEF560EB88EC1FFEDCAF04001F66C0CAF707B2B734
	77fa9abd-0359-4d32-bd60-28f4e78f784b	A6B5151F3655D3A2AF0D472759796BE4A4200E5495A7D869754C4848857408A7
	77fa9abd-0359-4d32-bd60-28f4e78f784b	A7F32F508D4EB0FEAD9A087EF94ED1BA0AEC5DE6F7EF6FF0A62B93BEDF5D458D
	77fa9abd-0359-4d32-bd60-28f4e78f784b	AD6826E1946D26D3EAF3685C88D97D85DE3B4DCB3D0EE2AE81C70560D13C5720
	77fa9abd-0359-4d32-bd60-28f4e78f784b	AEEBAE3151271273ED95AA2E671139ED31A98567303A332298F83709A9D55AA1
	77fa9abd-0359-4d32-bd60-28f4e78f784b	AFE2030AFB7D2CDA13F9FA333A02E34F6751AFEC11B010DBCD441FDF4C4002B3
	77fa9abd-0359-4d32-bd60-28f4e78f784b	B54F1EE636631FAD68058D3B0937031AC1B90CCB17062A391CCA68AFDBE40D55
	77fa9abd-0359-4d32-bd60-28f4e78f784b	B8F078D983A24AC433216393883514CD932C33AF18E7DD70884C8235F4275736
	77fa9abd-0359-4d32-bd60-28f4e78f784b	B97A0889059C035FF1D54B6DB53B11B9766668D9F955247C028B2837D7A04CD9
	77fa9abd-0359-4d32-bd60-28f4e78f784b	BC87A668E81966489CB508EE805183C19E6ACD24CF17799CA062D2E384DA0EA7
	77fa9abd-0359-4d32-bd60-28f4e78f784b	C409BDAC4775ADD8DB92AA22B5B718FB8C94A1462C1FE9A416B95D8A3388C2FC
	77fa9abd-0359-4d32-bd60-28f4e78f784b	C617C1A8B1EE2A811C28B5A81B4C83D7C98B5B0C27281D610207EBE692C2967F
	77fa9abd-0359-4d32-bd60-28f4e78f784b	C90F336617B8E7F983975413C997F10B73EB267FD8A10CB9E3BDBFC667ABDB8B
	77fa9abd-0359-4d32-bd60-28f4e78f784b	CB6B858B40D3A098765815B592C1514A49604FAFD60819DA88D7A76E9778FEF7
	77fa9abd-0359-4d32-bd60-28f4e78f784b	CE3BFABE59D67CE8AC8DFD4A16F7C43EF9C224513FBC655957D735FA29F540CE
	77fa9abd-0359-4d32-bd60-28f4e78f784b	D8CBEB9735F5672B367E4F96CDC74969615D17074AE96C724D42CE0216F8F3FA
	77fa9abd-0359-4d32-bd60-28f4e78f784b	E92C22EB3B5642D65C1EC2CAF247D2594738EEBB7FB3841A44956F59E2B0D1FA
	77fa9abd-0359-4d32-bd60-28f4e78f784b	FDDD6E3D29EA84C7743DAD4A1BDBC700B5FEC1B391F932409086ACC71DD6DBD8
	77fa9abd-0359-4d32-bd60-28f4e78f784b	FE63A84F782CC9D3FCF2CCF9FC11FBD03760878758D26285ED12669BDC6E6D01
	77fa9abd-0359-4d32-bd60-28f4e78f784b	FECFB232D12E994B6D485D2C7167728AA5525984AD5CA61E7516221F079A1436
	77fa9abd-0359-4d32-bd60-28f4e78f784b	CA171D614A8D7E121C93948CD0FE55D39981F9D11AA96E03450A415227C2C65B
	77fa9abd-0359-4d32-bd60-28f4e78f784b	55B99B0DE53DBCFE485AA9C737CF3FB616EF3D91FAB599AA7CAB19EDA763B5BA
	77fa9abd-0359-4d32-bd60-28f4e78f784b	77DD190FA30D88FF5E3B011A0AE61E6209780C130B535ECB87E6F0888A0B6B2F
	77fa9abd-0359-4d32-bd60-28f4e78f784b	C83CB13922AD99F560744675DD37CC94DCAD5A1FCBA6472FEE341171D939E884
	77fa9abd-0359-4d32-bd60-28f4e78f784b	3B0287533E0CC3D0EC1AA823CBF0A941AAD8721579D1C499802DD1C3A636B8A9
	77fa9abd-0359-4d32-bd60-28f4e78f784b	939AEEF4F5FA51E23340C3F2E49048CE8872526AFDF752C3A7F3A3F2BC9F6049
	77fa9abd-0359-4d32-bd60-28f4e78f784b	64575BD912789A2E14AD56F6341F52AF6BF80CF94400785975E9F04E2D64D745
	77fa9abd-0359-4d32-bd60-28f4e78f784b	45C7C8AE750ACFBB48FC37527D6412DD644DAED8913CCD8A24C94D856967DF8E
	function Get-SecureBootUEFIDBXHash {
	<#
	.SYNOPSIS

	Dumps SHA256 hashes of blacklisted UEFI bootloaders from the 'dbx' UEFI variable.

	.DESCRIPTION

	Author: Matthew Graeber (@mattifestation)
	License: BSD 3-Clause

	.PARAMETER DBXVariable

	Specifies a UEFI variable, an instance of which is returned by calling the Get-SecureBootUEFI cmdlet.

	.PARAMETER DBXBytes

	Specifies a byte array consisting of the 'dbx' UEFI vairable contents.

	.EXAMPLE

	Get-SecureBootUEFI -Name dbx \| Get-SecureBootUEFIDBXHash

	.EXAMPLE

	$DBXBytes = [IO.File]::ReadAllBytes('C:\Temp\dbx.bin')

	Get-SecureBootUEFIDBXHash -DBXBytes $DBXBytes

	.INPUTS

	Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable

	Accepts the output of `Get-SecureBootUEFI -Name dbx` over the pipeline.

	.OUTPUTS

	UEFIDBXHash

	Outputs a custom object consisting of banned SHA256 hashes and the respective "owner" of each hash. "77fa9abd-0359-4d32-bd60-28f4e78f784b" refers to Microsoft as the owner.
	#>

	param (
	[Parameter(Mandatory, ValueFromPipeline, ParameterSetName = 'UEFIVariable')]
	[PSTypeName('Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable')]
	[ValidateScript({ $_.Name -eq 'dbx' })]
	$DBXVariable,

	[Parameter(Mandatory, ParameterSetName = 'ByteArray')]
	[Byte[]]
	[ValidateNotNullOrEmpty()]
	$DBXBytes
	)

	# This obviously needs to be extended to support all possible EFI_SIGNATURE_LIST.SignatureTypes
	# Only supporting EFI_CERT_SHA256_GUID for dbx is sufficient for this PoC though.
	$SignatureTypeMapping = @{
	'c1c41626-504c-4092-aca9-41f936934328' = 'EFI_CERT_SHA256_GUID'
	'A5C059A1-94E4-4AA7-87B5-AB155C2BF072' = 'EFI_CERT_X509_GUID'
	}

	$Bytes = $null

	if ($DBXVariable) {
	$Bytes = $DBXVariable.Bytes
	} else {
	$Bytes = $DBXBytes
	}

	$MemoryStream = New-Object -TypeName IO.MemoryStream -ArgumentList @(,$Bytes)
	$BinaryReader = New-Object -TypeName IO.BinaryReader -ArgumentList $MemoryStream, ([Text.Encoding]::Unicode)

	while ($BinaryReader.PeekChar() -ne -1) {
	$SignatureType = [Guid][Byte[]] $BinaryReader.ReadBytes(16)
	$SignatureName = $SignatureTypeMapping["$SignatureType"]

	switch ($SignatureName) {
	'EFI_CERT_SHA256_GUID' {
	$SignatureListSize = $BinaryReader.ReadUInt32()

	# This should always be zero
	$SignatureHeaderSize = $BinaryReader.ReadUInt32()

	# This should always be 0x30 for EFI_CERT_SHA256_GUID
	# SignatureOwner GUID + 0x20 byte SHA256 hash
	$SignatureSize = $BinaryReader.ReadUInt32()

	# 0x1C is the size of the EFI_SIGNATURE_LIST header
	$EFISignatureDataCount = ($SignatureListSize - 0x1C) / $SignatureSize

	for ($i = 0; $i -lt $EFISignatureDataCount; $i++) {
	$EFISignatureData = $BinaryReader.ReadBytes($SignatureSize)

	$SignatureOwner = [Guid][Byte[]] $EFISignatureData[0..0x0F]
	$Hash = ([Byte[]] $EFISignatureData[0x10..0x2F] \| ForEach-Object { $_.ToString('X2') }) -join ''

	[PSCustomObject] @{
	PSTypeName = 'UEFIDBXHash'
	SignatureOwner = $SignatureOwner
	SHA256Hash = $Hash
	}
	}
	}
	}
	}
	}