Ghidra is a reverse engineering tool, written in Java, that was recently open-sourced by the National Security Agency (NSA). You can find the Github page here and the download link here.
Once downloaded you will need to depackage (dpkg) the Debian file. We have installed it on our Kali Linux box to complement the tools we already have.
The documentation that comes with the tools is very detailed and let’s you know how to install and use the tool. This is our first impression.
When we installed the software we are presented with a small GUI. We will need to upload a file to the platform for inspection so we wrote a simple “Hello World” Python program to test.
To upload a file is simple, choose File> Import File.
We can see our file has uploaded successfully. So now we just click on the dragon icon over the file for inspection. Next we need to run a Ghidra script against our file. To choose a script we just need to click on the green play button on the software. There is a lot of scripts to choose from (237 to be exact).
To use of the the scripts we just need to check the box beside the file and right click to run it.
As we can see from the image above we can modify the code if we like in either Eclipse or a built in basic editor.
When we run a script we inspect the results in the console below the Listing pane.
As we can see, the toll has been well developed and all scripts are nicely put into handy folders for us and named appropriately, which can be helpful if you don’t have much time.
The Listing pane also gives us a lot of information on the addresses in RAM where the bits reside.
We did not have much time to do much more testing but more posts will follow so like, share and follow and stay tuned for more blogs about the tool in the near future.
Thank for reading and I hope the article was informative. Enjoy the tool guys!!
QuBits 2019-03-13
Linux Security Blog 