All About Ghidra

Michael Wittner

What is Ghidra?

  • Software Reverse Engineering Tool 
    • Open Source
    • Made by NSA
  • Used to understand how compiled programs work
    • Disassembler - Turn bits into assembly code.
    • Decompiler - Turn assembly code into C-like code

Why did it become popular?

  • Simpler Interface
  • Open Source
    • Other popular products cost hundreds/thousands
  • Excellent decompiler
    • Better than the competition
  • NSA Software
    •  Reputable source

How is it Used in Security? 

  • Security Research
    • Statically analyze how software/malware behave
    • Determine the effectiveness of security implementations
      • Compiler modifications
      • Developer modifications
  • Vulnerability research
    • Discover exploits in a program

Useful Features

  • Scripts 
    • Written in Java or Python
    • Automate need to Reverse Engineer

Useful Features

  • Function Graph
    • Demonstrates control flow of the programs
  • Multiple Search Utilities
    • Built in strings finder
    • Function finder
    • etc

Why use a Competitor?

  • Binary Ninja
    • Better integration into software (not just scripts) 
    • APIs in C/C++, Rust, and Python
    • Innovative
  • IDA/Radare2
    • Better integration with Debuggers

Prerequesites Before Starting

  • Learn assembly for your desired platform
  • Learn C, Memory Management, basics on Operating System and Compilers
  • Learn how to use a debugger
    • Necessary for dynamic analysis
    • A great compliment to Ghidra

Questions?

ENPM686 Ghidra

By Ragnar Security

ENPM686 Ghidra

  • 106