Ghidra (pronounced GEE-druh;[3] /ˈɡiːdrə/[4]) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub.[5] Ghidra is seen by many security researchers as a competitor to IDA Pro.[6] The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.[7]
Original author(s) | NSA |
---|---|
Initial release | March 5, 2019 |
Stable release | 11.2.1[1]
/ November 6, 2024 |
Repository | github |
Written in | Java, C++ |
License | Apache License 2.0 / Public domain[2] |
Website | ghidra-sre |
Scripts to perform automated analysis with Ghidra can be written in Java or Python (via Jython),[8][9] though this feature is extensible and support for other programming languages is available via community plugins.[10] Plugins adding new features to Ghidra itself can be developed using a Java-based extension framework.[11]
History
editGhidra's existence was originally revealed to the public via Vault 7 in March 2017,[12] but the software itself remained unavailable until its declassification and official release two years later.[5] Some comments in its source code indicates that it existed as early as 1999.[13]
Version | Year | Major features |
---|---|---|
1.0 | 2003 | Proof of concept |
2.0 | 2004 | Database, docking windows |
3.0 | 2006 | SLEIGH, decompiler, version control |
4.0 | 2007 | Scripting, version tracking |
5.0 | 2010 | File system browser |
6.0 | 2014 | First unclassified version |
9.0 | 2019 | First public release |
9.2 | 2020 | Graph visualization, new PDB parser |
10.0 | 2021 | Debugger |
11.0 | 2023 | Rust and Go binaries support, BSim |
11.1 | 2024 | Swift and DWARF 5 support, Mach-O improvements |
In June 2019, coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite.[16]
Ghidra can be used, officially,[17][18] as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB.[19]
Supported architectures
editThe following architectures or binary formats are supported:[20] [21]
See also
editReferences
edit- ^ "Releases · NationalSecurityAgency/ghidra". GitHub. Archived from the original on June 8, 2024. Retrieved October 11, 2024.
- ^ "ghidra/NOTICE". GitHub.com. Archived from the original on October 27, 2022. Retrieved April 13, 2019.
- ^ "Frequently asked questions". GitHub.com. Archived from the original on March 5, 2019. Retrieved March 7, 2019.
- ^ "Come Get Your Free NSA Reverse Engineering Tool!". YouTube.com. May 16, 2019. Archived from the original on December 15, 2021. Retrieved May 17, 2019.
- ^ a b Newman, Lily Hay. "The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source". Wired. Archived from the original on March 6, 2019. Retrieved March 6, 2019.
- ^ Cimpanu, Catalin. "NSA releases Ghidra, a free software reverse engineering toolkit". ZDNet. Archived from the original on March 6, 2019. Retrieved March 7, 2019.
- ^ e. g. as Plugin Archived 2022-10-14 at the Wayback Machine for Radare2 oder Rizin.
- ^ "Ghidra Scripting Class". GitHub. Archived from the original on February 20, 2023. Retrieved February 19, 2023.
- ^ "Three Heads are Better Than One: Mastering NSA's Ghidra Reverse Engineering Tool" (PDF). GitHub. Archived (PDF) from the original on March 1, 2020. Retrieved September 30, 2019.
- ^ "Ghidraal". GitHub. Archived from the original on February 20, 2023. Retrieved February 19, 2023.
- ^ "Ghidra Advanced Development Class". GitHub. Archived from the original on February 20, 2023. Retrieved February 19, 2023.
- ^ "NSA to release a free reverse engineering tool". ZDNET. Archived from the original on February 22, 2024. Retrieved February 22, 2024.
- ^ "Build software better, together". GitHub. Archived from the original on February 22, 2024. Retrieved February 22, 2024.
- ^ "ghidra/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html at master · NationalSecurityAgency/ghidra". GitHub. Archived from the original on May 8, 2024. Retrieved May 8, 2024.
- ^ Ghidra - Journey from Classified NSA Tool to Open Source. Archived from the original on May 8, 2024. Retrieved May 8, 2024 – via www.youtube.com.
- ^ "Coreboot Project Is Leveraging NSA Software To Help With Firmware Reverse Engineering". Archived from the original on June 4, 2019. Retrieved June 5, 2019.
- ^ "Compiled/built Ghidra 9.3 for Windows with Debugger feature by Galician R&D Center in Advanced Telecommunications employees". Archived from the original on November 25, 2022. Retrieved November 25, 2022.
- ^ "Analizando el depurador de Ghidra". March 11, 2021. Archived from the original on December 14, 2022. Retrieved December 14, 2022.
- ^ "What's new in Ghidra 10.0". Archived from the original on June 19, 2023. Retrieved June 24, 2021.
- ^ Joyce, Rob [@RGB_Lights] (March 5, 2019). "Ghidra processor modules: X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64,micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, Others+ variants as well. Power users can expand by defining new ones" (Tweet). Archived from the original on March 7, 2019. Retrieved March 6, 2019 – via Twitter.
- ^ "List of Processors Supported by Ghidra". Github.com. Archived from the original on October 12, 2023. Retrieved September 29, 2023.
External links
edit