Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Ghidra Capabilities – Get Your Free NSA Reverse Engineering Tool [pdf] (rsaconference.com)
69 points by Errorcod3 3 months ago | hide | past | web | favorite | 17 comments




Has anyone created a discord or IRC for this yet? I'm keen on learning a tool like this, and would love to be able to discuss it with others. If anyone wants, I will, but if that's a bad idea then let me know and I won't. Just looking to learn from others more experienced than myself!


I would join in if something like this existed. I'm still a beginner though, so I wouldn't be able to provide a lot of guidance on how to use anything.


Do you think I should put one up?


Perhaps a freenode channel? ##ghidra seems to be available.


I set up the discord!

https://discord.gg/RcSBc6


A slight offtopic question but related to this release: if you were the CEO of Hex-Rays/Hopper/Binary Ninja etc, what would you do about the release of Ghidra? It will clearly impact your business and it even might be better than your current product.

So how do you respond to Ghidra? Is there a way to leverage it?


Looks like that thanks to Sleigh, adding support for decompiling additional IAs will be rather easy. I can barely believe how straightforward it looks, just looking at the code in the Processors directory. Some IAs there don't even need the Java code, to be supported.


I love how it integrates a built-in binary diff tool. Version Control basically lets you watch a binary as it evolves over time. This can be used to check if bugs have been patched, to inspect new code for bugs (which are often less well-tested than existing code), and to try to work out what recent patches have fixed (so you can target older versions with new exploits). IDA doesn't ship with such a feature, and plugins which do implement it are kinda clunky, so I'm excited to see what the version control feature will bring.

I am also curious as to what was left out of the public release. It's clear that not everything was included (even though there's a lot here).


Reviews of it seem alright. Still have yet to see the source code added to the repo :)


For anyone else curious: https://github.com/NationalSecurityAgency/ghidra/wiki/Freque...

> This repository is a placeholder for the full open source release. Be assured efforts are under way to make the software available here. In the meantime, enjoy using Ghidra on your SRE efforts, developing your own scripts and plugins, and perusing the over a million lines of Java and Sleigh code released within the initial public release. The release can be downloaded from our project homepage at www.ghidra-sre.org. Please consider taking a look at our contributor guide to see how you can participate in this open source project when it becomes available.


There's enough source code provided that I was able to patch the Java code to fix a bug: https://github.com/NationalSecurityAgency/ghidra/issues/2#is...

While there's no source for the decompiler, the decompiler binaries themselves are unstripped and C++, meaning they're actually fairly straightforward to reverse. Plus, you get all the Java code that drives the decompiler binaries.


Isn't the source code zipped up alongside the binaries?


For Java, not for native code. Fortunately we have Ghidra to look at itself?


> Fortunately we have Ghidra to look at itself?

The all-time classic “Reflections on Trusting Trust”[1] seems relevant again here.

[1] https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p7...


You're welcome to use Hopper/IDA Pro/Radare/Binary Ninja…


That's the joke




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: