oxeo0/hacking-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/hacking-blogposts.git synced 2025-05-16 20:37:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hacking-blogposts/0/ghidra.md

168 lines
5.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
search:
exclude: true
---
# Ghidra
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
## Installation
To install Ghidra, we will follow the instructions listed [here](https://www.ghidra-sre.org/InstallationGuide.html)
First install java:
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
→ sudo apt update -y ; sudo apt upgrade -y ; sudo apt install default-jdk -y
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~]
→ java -version
openjdk version "11.0.10" 2021-01-19
OpenJDK Runtime Environment (build 11.0.10+9-post-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.10+9-post-Debian-1, mixed mode, sharing)
From here, just go to ghidra's main website to download the zip file:
![](4.png)
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
→ wget https://www.ghidra-sre.org/ghidra_9.2.2_PUBLIC_20201229.zip
--2021-02-21 23:10:29-- https://www.ghidra-sre.org/ghidra_9.2.2_PUBLIC_20201229.zip
Resolving www.ghidra-sre.org (www.ghidra-sre.org)... 13.249.9.44, 13.249.9.83, 13.249.9.20, ...
Connecting to www.ghidra-sre.org (www.ghidra-sre.org)|13.249.9.44|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 317805407 (303M) [application/zip]
Saving to: ghidra_9.2.2_PUBLIC_20201229.zip
ghidra_9.2.2_PUBLIC_20201229.zip 100%[=======================================================================================================================================================================================================>] 303.08M 10.9MB/s in 29s
2021-02-21 23:10:58 (10.5 MB/s) - ghidra_9.2.2_PUBLIC_20201229.zip saved [317805407/317805407]
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
→ unzip ghidra_9.2.2_PUBLIC_20201229.zip
Now from here, we need the ghidraRun binary to launch ghidra:
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
→ ls -l
total 310368
drwxr-xr-x 9 nothing nothing 4096 Dec 29 17:22 ghidra_9.2.2_PUBLIC
-rw-r--r-- 1 nothing nothing 317805407 Jan 19 17:53 ghidra_9.2.2_PUBLIC_20201229.zip
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
→ cd ghidra_9.2.2_PUBLIC
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
→ ls
docs Extensions Ghidra ghidraRun ghidraRun.bat GPL LICENSE licenses server support
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
→ file ghidraRun
ghidraRun: Bourne-Again shell script, ASCII text executable
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
→ cat ghidraRun
#!/usr/bin/env bash
#----------------------------------------
# Ghidra launch
#----------------------------------------
# Maximum heap memory may be changed if default is inadequate. This will generally be up to 1/4 of
# the physical memory available to the OS. Uncomment MAXMEM setting if non-default value is needed.
#MAXMEM=2G
# Resolve symbolic link if present and get the directory this script lives in.
# NOTE: "readlink -f" is best but works on Linux only, "readlink" will only work if your PWD
# contains the link you are calling (which is the best we can do on macOS), and the "echo" is the
# fallback, which doesn't attempt to do anything with links.
SCRIPT_FILE="$(readlink -f "$0" 2>/dev/null || readlink "$0" 2>/dev/null || echo "$0")"
SCRIPT_DIR="${SCRIPT_FILE%/*}"
# Launch Ghidra
"${SCRIPT_DIR}"/support/launch.sh bg Ghidra "${MAXMEM}" "" ghidra.GhidraRun "$@"
To make it more convenient, i make a symlink to a folder in PATH:
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
→ echo $PATH
/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
→ sudo ln -s $(pwd)/ghidraRun /usr/bin/ghidra
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
→ ls -lash /usr/bin/ghidra
0 lrwxrwxrwx 1 root root 56 Feb 21 23:19 /usr/bin/ghidra -> /home/nothing/Tools/ghidra/ghidra_9.2.2_PUBLIC/ghidraRun
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
→ which ghidra
/usr/bin/ghidra
From here you can just type ghidra in your terminal or in dmenu or rofi or whatever you want, it will open up ghidra for you:
![](5.png)
Here you get a nice tutorial to let you know about ghidra's functionnalities, but you will want to create a new project and giving it a directory location:
![](6.png)
Just to test, we're going to copy a random binary locally and import it
![](7.png)
[ 192.168.100.126/24 ] [ /dev/pts/3 ] [~/binexp]
→ cp /bin/lspci .
[ 192.168.100.126/24 ] [ /dev/pts/3 ] [~/binexp]
→ ls -lash lspci
92K -rwxr-xr-x 1 nothing nothing 92K Feb 21 23:27 lspci
` ![](8.png) ![](9.png) ![](10.png)
And there you have it! You now have an imported a binary file to disassemble.
![](11.png) ![]()
## Title
text
` ![]()
## Title
text
` ![]()
## Title
text
` ![]()
Reference in a new issue View git blame Copy permalink