All About Ghidra
Michael Wittner
What is Ghidra?
- Software Reverse Engineering Tool
- Open Source
- Made by NSA
- Used to understand how compiled programs work
- Disassembler - Turn bits into assembly code.
- Decompiler - Turn assembly code into C-like code
Why did it become popular?
- Simpler Interface
- Open Source
- Other popular products cost hundreds/thousands
- Excellent decompiler
- Better than the competition
- NSA Software
- Reputable source
How is it Used in Security?
- Security Research
- Statically analyze how software/malware behave
- Determine the effectiveness of security implementations
- Compiler modifications
- Developer modifications
- Vulnerability research
- Discover exploits in a program
Useful Features
- Scripts
- Written in Java or Python
- Automate need to Reverse Engineer
Useful Features
- Function Graph
- Demonstrates control flow of the programs
- Multiple Search Utilities
- Built in strings finder
- Function finder
- etc
Why use a Competitor?
- Binary Ninja
- Better integration into software (not just scripts)
- APIs in C/C++, Rust, and Python
- Innovative
- IDA/Radare2
- Better integration with Debuggers
Prerequesites Before Starting
- Learn assembly for your desired platform
- Learn C, Memory Management, basics on Operating System and Compilers
- Learn how to use a debugger
- Necessary for dynamic analysis
- A great compliment to Ghidra