On July 24, our doors opened to a total of 47 guests looking to learn about the NSA’s reverse engineering tool Ghidra from an expert who spent 8 years on its development team. That expert was our very own Mike J. Bell and he took us on quite the “whirlwind tour” (his words) through the ins and outs of the tool, demonstrating its various functions, filters and correlators to sharpen our skills for applying current program knowledge to new binaries. Interested in some of the highlights from his talk?
See Mike’s quick FAQ below, including what he’ll cover at the Jailbreak Security Summit. For a more thorough “deep dive” (again, his words…), take a look at his presentation deck here, or reach out to him directly with questions.
Q: What’s the main difference between IDA Pro and Ghidra?
A: There are quite a few, but probably the number one difference is that Ghidra is free and open source, which is clearly a big win over proprietary systems. There are numerous other advantages besides that though, including multi-user binary version control, free decompiler for every processor supported, built-in version tracking and a wealthy set of options for extending Ghidra.
Q: What are some of the pros and cons of Ghidra?
A: In addition to what’s stated above, it bears mentioning that one distinct tally in the win column is the NSA is shepherding Ghidra and continuing to make improvements for the good of security researchers everywhere. As far as cons, I would say that since Ghidra historically “grew up” as a GUI application, its headless (batch) operation is still pretty awkward. It’s very heavyweight and is difficult to bring to bear as a framework, unlike the myriad libraries available for reverse engineering in Python for example.
Q: Where can I download Ghidra?
A: Check https://ghidra-sre.org for release information, and visit the source repo at https://github.com/NationalSecurityAgency/ghidra.
Q: What will your talk be about at Jailbreak Security Summit?
A: I’m going to talk about extending Ghidra with scripts and plugins, and demonstrate interaction between Eclipse and Ghidra. The Python extension will be covered, and I will also show how ExtensionPoint works. Finally I will go over Loaders and the steps required to publish official Ghidra Extensions.