The Ghidra Disassembler (Open-Source Tool)

This was talked about here in early 2019 and I’m sure those who are into disassembly/debugging are already aware of it, but I ran across the NSA’s Ghidra recently and it looks competitive to IDA Pro.


Binaries for Linux and Windows here (requires Java/OpenJDK 11): https://ghidra-sre.org/ghidra_9.2.2_PUBLIC_20201229.zip

It’s a tool the NSA has been using, the disassembler is now open-source, the source code available here:

We have the idea of adding Ghidra last year but Debian never upgraded the gradle version so we can’t build from source to make package
And use prebuild binary is not very good way
Also making a deb package with no copyright is very bad. copyright here doesn’t mean the license but the debian/copyright file which is a little complex to tell. If you check radare2’s copyright file you can understand what i’m talking about :smiley:

1 Like

Ah. I did download the source and gradle told me my installed version 4.x was older than the 5.x+ required.

I figured the downloadable binary files (which run well in Windows 10 and in Parrot) were probably an issue for Parrot users as the NSA “may” have stuck something in it. But as far as including it in a future release of Parrot, I figured there would be issues. Thanks for explaining it further.

It’s a cool disassembler/debugger though.

1 Like

Cutter (The GUI for Radare2, well Rizin which is a recent fork of Radare2) has Ghidra as the decompiler if you wanted the power of Ghidra but not necessarily directly from the NSA.

Also, Cutter has a dark mode :wink: rizinorg/cutter: Free and Open Source Reverse Engineering Platform powered by rizin (github.com)

Rizin Fork: Rizin

1 Like

Nice! I tried out the cutter that comes with Parrot first. I liked it. I spent time wondering where to add Ghidra as a decompliler. But then I ran the AppImage and was able to decompile a small program, and looking through the settings I see that it has a Ghidra plugin. Thanks!

1 Like

Yeah! Ghidra is the default decompiler plugin, it’s so cool to be able to use it right there in Cutter :smiley:

1 Like

+1 Cutter. It has more friendly UI than ghidra. But ghida has better decompiler and binary analysis sometimes (the analysis depends on binary). Cutter’s ghidra plugin doesn’t have full features as ghidra (variable name problem, no array pseudo for variable, system’s api call detection). On user’s point of view, create project of ghidra is very very good thing.

I packaged rizin and it is fine. It has a installation conflict with current radare2 (same file location of doc file) and anything else is good. The only problem is Debian standard of copyright (which i mentioned above) is a big issue so Parrot can’t have rizin and Cutter with rizin backend for now.

1 Like

I’ve been able to use the Ghidra deb file without issue, but have found it exceptionally challenging getting the Intezer and Sentinel One plugins to work. Specifically, it appears I need to install requests for the Jython version packaged with Ghidra – something I have yet to figure out! I am seeing the same issue trying to get the VTGhidra plugin to recognise osslsigncode.

hi let’s create an account on Discord and talk about Linux parrot applications … when you answer me I will send you the Discord link