
KTRW: The Journey to Build a Debuggable iPhone - archimag0
https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html
======
devin
I note that IDA Pro and LLDB are mentioned. How much penetration does NSA’s
Ghidra have at this point, and is it expected to grow over time? I used IDA
briefly in a past life and was really impressed with Ghidra, especially as an
“open” offering.

ETA: I ask because my other comment is about debuggable phone availability.
IDA was always an extra gate for amateurs. I’m wondering how much access mere
mortals have to the edgiest tools and information of this particular trade.

~~~
gen3
I don't know how many people are actually using it, but I've been to more then
one con that has had a talk about using it. The talks focused on showing off
features and/or trying to get people to use it.

From a cost perspective, Ghidra has a decompiler (That works really well), and
is free. I would imagine this will help with adoption. (Most other tools like
Binary Ninja don't have a decompiler, as they are hard. Here is a project that
takes the Ghidra decompiler and puts it into Radare
[https://github.com/radareorg/r2ghidra-
dec](https://github.com/radareorg/r2ghidra-dec) ).

IDA is in a good position with all the existing documentation and tutorials, I
think its just a question of how long it takes for Ghidra to get the same
treatment.

~~~
comex
I've recently been using Ghidra for a personal project, after using IDA
extensively in the past. My impressions so far:

The feature set is solid. I've been frustrated by a few minor things that are
missing from Ghidra, but Ghidra also has several features that are missing
from IDA, and other features are better designed than in IDA.

But the whole thing is crushingly slow, especially the parts written in Java.
(The decompiler is written in C++ but is also slower than Hex-Rays.) That
single difference would probably have been enough to make me give up and go
back to IDA, if I didn't have an ideological commitment to open source. I
can't stand slow programs.

The UI is poorly designed, even compared to IDA's... quirkiness. Lots of paper
cuts.

On the other hand, unlike IDA, it doesn't randomly crash and lose your data!
(It does sometimes throw random NullPointerExceptions, but those are caught
and displayed in a dialog. Since it's Java you don't have to worry about
memory corruption.)

Overall, I agree it's in a good position with respect to adoption, although it
does have to compete with pirated IDA, as well as the other alternatives.

~~~
saagarjha
It's a bit of a gloomy view into the landscape of disassemblers, but I was
_very_ impressed that Ghidra managed to keep one of my temporary unsaved
projects I had been working on (mostly) intact through a kernel panic. Oh, and
there are certain things that Ghidra's UI is better than IDA's at: defining
structures, for example. And I'd like to think it has less malware in it than
pirated IDA…

~~~
tambre
> Ghidra's UI is better than IDA's at: defining structures, for example

IDA 7.4 introduced a new structure editor, arguably better Ghidra's. [1]

[1]: [https://hex-rays.com/products/ida/7.4/index.shtml](https://hex-
rays.com/products/ida/7.4/index.shtml)

~~~
heavenlyblue
IDA still doesn’t support ctrl+z for field renames. Which makes working in it
an absolute nightmare (e.g. accidentally renaming a field at the beginning of
the structure which will remove all mapping after it).

------
devin
Where does one go about obtaining the phones they describe early in the post?
What is the availability and cost for phones of this kind?

More generally, what forums, irc channels, sites, etc. could I go to if I
wanted to get into this community of researchers?

~~~
xuki
Pretty easy to find on twitter

[https://mobile.twitter.com/jin_store](https://mobile.twitter.com/jin_store)

~~~
devin
Thanks! Did you just outgoogle me, or might you have anything interesting to
share about the market?

~~~
saagarjha
He's is well known if you every go down the rabbit hole of Apple internal
devices, but he's by no means the only source of these.

------
tjoff
Found the virtualization is in the cloud connection weird/scary.

Can't imagine running that sort of thing in the cloud. And that's even before
considering the security aspects.

~~~
xmodem
Depends on your use case and threat model, really. The company I work for
maintains a fleet of jailbroken phones. This is a difficult proposition to
scale, so we're always on the lookout for alternatives, but we evaluated a
major cloud emulation player and decided against it for reasons that had
nothing to do with security.

I imagine the thought process is totally different if you're doing security
research, though.

------
musicale
Nice of Google to spend so much time and effort finding security flaws in
their competitors' devices.

~~~
saagarjha
For what it's worth, this isn't a security flaw.

