[Update] GHIDRA 10.1.5 Released.
This release includes many new features and capabilities, performance improvements, quite a few bug fixes, and many pull-request contributions. Thanks to all those who have contributed their time, thoughts, and code.
GHIDRA is a Software Free Reverse Engineering (SRE) Framework released by The National Security Agency (NSA).
This framework includes a suite of full-featured, high-end software analysis suits that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux.
Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. It supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
Reverse engineering, in computer programming it is a technique used to analyze software in order to identify and understand the parts it is composed of. The usual reasons for reverse engineering a piece of software are to recreate the program, to build something similar to it, to exploit its weaknesses or strengthen its defenses.
“If you’ve done software reverse engineering what you’ve found out is it’s both art and science, there’s not a hard path from the beginning to the end,” NSA cybersecurity advisor Rob Joyce said.
“Ghidra is a software reverse engineering software built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our work flow.”
In support of NSA’s Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.
In 2017, Wikileaks had been unveiled Ghidra through CIA Vault 7 disclosure.
Install
To install an official pre-built multi-platform release:
- Install JDK 17 64-bit
- Download a Ghidra release file
- Extract the Ghidra release file
- Launch Ghidra: ./ghidraRun (or ghidraRun.bat for Windows)
For additional information and troubleshooting tips about installing and running a release,
please refer to docs/InstallationGuide.html which can be found in your extracted Ghidra release directory.
Build
To create the latest development build for your platform from this source repository:
Install build suits:
- JDK 17 64-bit
- Gradle 7.3+
- make, gcc, and g++ (Linux/macOS-only)
- Microsoft Visual Studio (Windows-only)
Download and extract the source:
- $ unzip ghidra-master
- $ cd ghidra-master
NOTE: Instead of downloading the compressed source, you may instead want to clone the GitHub repository:
git clone https://github.com/NationalSecurityAgency/ghidra.git
Download additional build dependencies into source repository:
$ gradle -I gradle/support/fetchDependencies.gradle init
Create development build:
$ gradle buildGhidra
The compressed development build will be located at build/dist/.
For more detailed information on building Ghidra, please read the Developer Guide.
Develop
User Scripts and Extensions
Installations support users writing custom scripts and extensions via the GhidraDev plugin for Eclipse. The plugin and its corresponding instructions can be found within it release at
Extensions/Eclipse/GhidraDev/.
Advanced Development
To develop the Ghidra software itself, it is highly recommended to use Eclipse, which the development process has been highly customized for.
Install build and development suits:
- Follow the above build instructions so the build completes without errors
- Install Eclipse IDE for Java Developers
Prepare the development environment (Linux-only, see NOTE for Windows/macOS):
$ gradle prepdev eclipse buildNatives_linux64
NOTE: If you are on a Windows or macOS platform, change buildNatives_linux64 to buildNatives_win64 or gradle buildNatives_osx64.
Import Ghidra projects into Eclipse:
- File -> Import…
- General | Existing Projects into Workspace
- Select root directory to be your downloaded or cloned ghidra source repository
- Check Search for nested projects
- Click Finish
When Eclipse finishes building the projects, and can be launched and debugged with the provided Ghidra Eclipse run configuration.
NSA also welcome security researchers and developers to contribute this project through reporting bugs issue on Github.
You can Download from its official website. It’s Cheatsheet also available.
