Author Topic: Ghidra  (Read 1886 times)

0 Members and 1 Guest are viewing this topic.

Offline Sherlock HolmesTopic starter

  • Frequent Contributor
  • **
  • !
  • Posts: 570
  • Country: us
Ghidra
« on: January 31, 2023, 12:36:47 am »
I've been using a rather powerful, feature laden new tool for exploring and analyzing ELF/COFF files (as generated by most MCU development tools and languages).

It's named Ghidra and I wondered if others here have used this for anything? It's written and maintained by the National Security Agency FYI.

It can disassemble, and analyze these files for a huge number of things.




It's able to disassemble a large variety of CPU types, brands, models.
« Last Edit: January 31, 2023, 12:40:50 am by Sherlock Holmes »
“When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.” ~ Arthur Conan Doyle, The Case-Book of Sherlock Holmes
 

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 6923
  • Country: ca
Re: Ghidra
« Reply #1 on: January 31, 2023, 02:08:32 am »
Ghidra did not work at all for me, seems to be malware now.
It seems to be orphaned, after the NSA gave it as public domain, I see it has tons of issues and nobody looking after it.
Disassembler output was a few opcodes and then nothing.
Thankfully I used it on a junk PC and sure enough running the disassembler the snek logo shows up and a white flash on the screen, and found it corrupted most Notepad++ documents and that cache.
Would not use or recommend at all.
 

Offline KaneTW

  • Frequent Contributor
  • **
  • Posts: 805
  • Country: de
Re: Ghidra
« Reply #2 on: January 31, 2023, 02:09:44 am »
Ghidra works fine for me? It's no IDA but it's good enough.
 

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 6923
  • Country: ca
Re: Ghidra
« Reply #3 on: January 31, 2023, 02:16:29 am »
1,204 open issues, 2,378 closed https://github.com/NationalSecurityAgency/ghidra/issues
8-bit clunkers are in the bug/issues list for long times? so I give it a FAIL
 

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 21606
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: Ghidra
« Reply #4 on: January 31, 2023, 02:31:06 am »
Am aware of it; haven't had need to use it yet.

Tim
Seven Transistor Labs, LLC
Electronic design, from concept to prototype.
Bringing a project to life?  Send me a message!
 

Online Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: Ghidra
« Reply #5 on: January 31, 2023, 03:14:58 am »
It's named Ghidra and I wondered if others here have used this for anything? It's written and maintained by the National Security Agency FYI.

Yep. I used it at University along with IDA Pro for reverse engineering malware.
 

Offline KaneTW

  • Frequent Contributor
  • **
  • Posts: 805
  • Country: de
Re: Ghidra
« Reply #6 on: January 31, 2023, 03:36:25 am »
1,204 open issues, 2,378 closed https://github.com/NationalSecurityAgency/ghidra/issues
8-bit clunkers are in the bug/issues list for long times? so I give it a FAIL

You're welcome to pay the 4-5 digits required for an IDA+HexRays license instead.
 
The following users thanked this post: TomS_

Offline DavidAlfa

  • Super Contributor
  • ***
  • Posts: 5836
  • Country: es
Re: Ghidra
« Reply #7 on: January 31, 2023, 05:11:05 am »
I've used it a lot for mcu decompiling and reverse-engineering linux binaries.
Pretty capable, 100% free, what else do you what?
Hantek DSO2x1x            Drive        FAQ          DON'T BUY HANTEK! (Aka HALF-MADE)
Stm32 Soldering FW      Forum      Github      Donate
 

Offline TomS_

  • Frequent Contributor
  • **
  • Posts: 834
  • Country: gb
Re: Ghidra
« Reply #8 on: February 09, 2023, 08:41:48 pm »
I have used it a lot with some Cisco router reverse engineering projects (68k CPUs).

I use it for little bits here and there. It's not perfect, but for something you get for free it's not too bad I think.
 

Offline MarginallyStable

  • Regular Contributor
  • *
  • Posts: 65
  • Country: us
Re: Ghidra
« Reply #9 on: February 09, 2023, 11:30:11 pm »
Quote
It seems to be orphaned

I new release came out today
 

Offline Whales

  • Super Contributor
  • ***
  • Posts: 1899
  • Country: au
    • Halestrom
Re: Ghidra
« Reply #10 on: February 10, 2023, 03:45:09 am »
I used it to reverse engineer my laptop's BIOS to permit replacement of the wifi card:

https://halestrom.net/darksleep/blog/047_x131e_repair/

A few rough edges that I complain about (eg not always automatically detecting registers to be function arguments) but it worked fine.

Quote
Thankfully I used it on a junk PC and sure enough running the disassembler the snek logo shows up and a white flash on the screen, and found it corrupted most Notepad++ documents and that cache.

Perhaps you clicked on a Google sponsored link (*shudder*) and got something that is actually legitimately malware?  Lots of popular software gets targeted with lookalike sites.

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 6923
  • Country: ca
Re: Ghidra
« Reply #11 on: February 10, 2023, 06:35:42 am »
[...] Perhaps you clicked on a Google sponsored link (*shudder*) and got something that is actually legitimately malware?  Lots of popular software gets targeted with lookalike sites.

"...created and maintained by the National Security Agency Research Directorate."
I started at the software's website https://ghidra-sre.org/ and downloaded from the github repo as I recall.

I had Notepad++ documents erased and a few reverted to empty with size of 1KB, and others went back months as if retrieved from some old cache. It was weird enough and scuttled a lot of work, so I will not touch NSA S/W. The strobing Cobra snake got me. Another (peer) engineer tried Ghidra for another project and he said it didn't work for him.
There are other disassemblers that work for me.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf