Rainbow is a bootkit like HWID spoofer for Windows. It abuses several hooks in EFI runtime services and uses clever DKOM to hide hardware serials before any boot-time drivers are even started.
In order to use rainbow spoofer, you need to load it. First, obtain a copy of rainbow.efi and a copy of EDK2 efi shell. Now follow these steps:
- Extract downloaded efi shell and rename file Shell.efi (should be in folder UefiShell/X64) to bootx64.efi
- Format some USB drive to FAT32
- Create following folder structure:
USB:. │ rainbow.efi │ └───EFI └───Boot bootx64.efi
- Boot from the USB drive
- An UEFI shell should start, change directory to your USB (FS0 should be the USB since we are booting from it) and list files:
- You should see file rainbow.efi, if you do, load it:
- Now you should see output from rainbow. If it was successful, exit and boot into Windows (change to Windows boot media - usually FS1 - and run \EFI\Boot\bootx64.efi)
See VisualEfi. Please note that I've made some changes to the EDK2 directory.