Has anyone messed around with Ghidra?

#1

National Security Agency (NSA) advisor Rob Joyce demonstrated at the RSA conference, Ghidra, an internal NSA software reverse engineering (SRE) suite of tools that it has chosen to open source.

Ghidra is designed to take “compiled,” deployed software and “decompile” it, namely turning binary code into human-readable structure.

Reverse engineering is an important tool for security and malware researchers because it allows them to work backward from software they discover in the wild.

Joyce said that the NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind.

The tool was already known to the security community via WikiLeaks’ March 2017 “Vault 7” disclosure, but Joyce’s release of Ghidra is the first time the code became public.

NSA has made the Ghidra toolkit available to researchers in a free download.

https://ghidra-sre.org/

2 Likes
(Matt) #2

Not yet, but will do once they actually release the source. I’m sure as hell not installing anything written by the NSA before review.

Nevertheless it looks like a useful and interesting tool.

2 Likes
(Lorenzo "Palinuro" Faletra) #3

i’m on the “i don’t trust NSA” team, and waiting for other people to try it for me and give opinions :slight_smile:

2 Likes
(gigino) #4

sorry for the spam but LiveOverflow made a video on it
https://www.youtube.com/watch?v=qtoS3CG6ht0

1 Like
#5

Ghidra opens up JDWP in debug mode listening on port 18001. If I remember correctly you have to fix line 150 of support/launch.sh from * to 127.0.0.1. But that is hearsay, haven’t tried myself.

#6

This is of course a perfect example of what should only be run on a Virtual machine…I’m not fool enough to run on my host machine… are you? grinning::grinning:

(dmknght) #7

i ran it in my host machine LoL. It has not out-sourced yet so there could be some malware in it. I was stupid enough because I should use firejail with “jail profile”.

#8

not to worry, there is always fdisk to fix most problems :upside_down_face:

(dmknght) #9

a little news about ghidra
https://twitter.com/JohnLaTwC/status/1104436549641416705/photo/1

(Lorenzo "Palinuro" Faletra) #10

while we evaluate if packaging and including ghidra in parrot would be a good idea, have fun with the (old) new cutter tool (radare2 GUI) which is now integrated in parrot 4.6

1 Like
(Jessica) #11

That cracked me up :smile::smile: