DO NOT USE abl_original.efi It is just intermediate result from patcher which contains the official abl efi program which will boot efisp causing bootloop
gbl_root_canoe is built on EDK2 and includes an exploit lab path for GBL/UEFI secure boot chain manipulation.
- Demonstrates how a vulnerable Qualcomm UEFI chain can be abused by replacing/patching image components.
- Supports automated extract/modify/rebuild for GBL blobs and ABL payloads.
- Provides tests for reproducible exploit validation and safe researcher workflows.
- Xiaomi 17 series && RedMi K90 ProMax
- Oneplus 15 && ace 6t
- Redmagic 11 series
- Nubia Z80 ultra
*** None Of the Scamsung Phones r influenced ***
edk2/: EDK2 source + Qualcomm platform packages, build scripts.tools/: exploit utilities (extractfv.py,patch_abl.c), patch generator, binary helpers.images/: staging inputs/outputs for raw firmware images.tests/: validation use cases, end-to-end patch+build checks.Conf/: build target rules and patch configuration definitions.
- setup environment:
cd edk2
source edksetup.sh- install dependencies:
- clang/llvm, lld
- Python 3
- make/ninja
- build baseline firmware:
cd edk2
build -p ArmPlatformPkg/ArmPlatformPkg.dsc -a AARCH64 -b RELEASE- run features/tests:
cd ../tests
./runall.sh- Extract components from a GBL/UEFI image (
tools/extractfv.py). - Locate vulnerable module (e.g., ABL path, boot policy handler).
- Apply patch model from
tools/patch_abl.corConf/rule script. - Repack the image in
images/and re-sign if needed. - Deploy to lab board and observe root escalation path.
gbl_root_canoeis for security research: responsible disclosure and lab-only operations.- Keep a clean copy of original image to avoid bricking hardware.
See LICENSE and edk2/License.txt for terms. Qualcomm exploit code examples are for research and may require compliance with local law.