alt Hacker NewsGhidra by NSA
Comments
Might as well plug in my own extension: https://github.com/boricj/ghidra-delinker-extension
It's a relocatable object file exporter that supports x86/MIPS and ELF/COFF. In other words, it can delink any program selection and you can reuse the bits for various use-cases, including making new programs Mad Max-style.
It carved itself a niche in the Windows decompilation community, used alongside objdiff or decomp.me.
While on the topic, I want to highlight two incredible plugins for Ghidra: https://github.com/jtang613/GhidrAssist And https://github.com/jtang613/GhidrAssistMCP
Being able to hook Claude code up to this has made reversing way more productive. Highly recommend!
I've actually been experimenting with using Ghidra and Opus to create human-consumable, reverse-engineered software. My ultimate dream would be a buildable EverQuest client. Opus does a decent job of pulling out various subsystems and understanding how it works. I was able to get a pretty much working networking layer for instance with less than an hour's work.
Also worth mentioning this great MCP integration https://github.com/cyberkaida/reverse-engineering-assistant
Taking the opportunity to ask: are there nice recommended resources for a beginner to start with reverse engineering (ideally using Ghidra)? Let's say for an experienced developer, but not so experienced in reverse engineering?
I guess one issue I have is that I don't have good ideas of fun projects, and that's probably something I need to actually get the motivation to learn. I can find a "hello world", that's easy, but it won't help me get an idea of what I could reverse engineer in my life.
For instance I have a smartspeaker that I would like to hack (being able to run my own software on it, for fun), but I don't know if it is a good candidate for reverse engineering... I guess I would first need to find a security flaw in order to access the OS? Or flash my own OS (hoping that it's a Linux running there), but then I would probably want to extract binary blobs that work with the buttons and the actual speaker?
Awesome soft!
It works surprisingly nicely with AI agents (I mean, like Cursor or Claude Code, I don't let it run autonomously!).
Here on detecting malware in binaries (https://quesma.com/blog/introducing-binaryaudit/). I am now in process of recompiling and old game Chromatron, from PowerPC binary to Apple Silicon and WASM (https://p.migdal.pl/chromatron-recompiled/, ready to play, might be still rough edges).
Funny thing, AI is not that terrible at using Ghidra. We released a benchmark on that and hopefully models will improve: https://quesma.com/blog/introducing-binaryaudit/
Binary Ninja deserves a mention in these threads: https://binary.ninja
I've used IDA, Ghidra, and Binary Ninja a lot over the years. At this point I much prefer Binary Ninja for the task of building up an understanding of large binaries with many thousands of types and functions. It also doesn't hurt that its UI/UX feel like something out of this century, and it's very easy to automate using Python scripts.
I want to say if somebody makes a tool like that it would be a big winner https://qira.me/
Since we’re talking about decompilers, might as well mention the community around the research area: http://decompilation.wiki/
As well as the research history (slated to be updated in a few days): https://mahaloz.re/dec-progress-2024
Cutter[1] by RizinOrg[2].
Can anyone provide their opinion of Ghidra vs Ida? Is Ida worth the extra money?
I first used Ghidra this weekend as part of this series:
https://www.youtube.com/watch?v=d7qVlf81fKA&list=PL4X0K6ZbXh...
(#3 forward uses Ghidra)
It worked fine in Ubuntu and Windows. The interface takes some getting used to, but paired with Bless Unofficial (using snap to install), it makes reverse engineering smooth.
Ghidra is a very impressive piece of software with a deep bench of functionality. The recent couple major releases that move to a more integrated Python experience have been very nice to use.
How do they incentivize government employees into doing such excellent work without paying them a real tech salary?
Been awhile since I used this but decided to open the latest version to check my rust binary and was pleasantly surprised how much better it is today wrt rust binaries
Posting this on Github is a brilliant move by the NSA, and it showing up on HN amplifies it even more.
It's certainly not the first thing they've released (selinux, for one, and then all the other repos in the account), but this repo showing up on HN, with a prominent call-to-action to look at a career with them, is a great way to target the applicants you want ("those who would find this project interesting, because it's just the sort of thing we need them to work on")
Atlassian used to do (maybe still does) this in bitbucket if you open dev tools - a link to their careers page shows up
There is also Hopper for ObjC/Swift, haven't tried it personally though
Works well. I used this tool once to disassemble and understand how key manager works on Vivotek cameras.
They create executables, which contain encrypted binary data. Then, when the executable runs, it decodes the encrypted data and pipes it into "sh".
The security is delusional here - the password is hard coded in the executable. It was something like "VIVOTEK Inc.".
Ghidra was able to create the C code and I was able to extract also the binary data to a file (which is essentially the bash script).
Here are the main threads (in reverse order) that I found about Ghidra generally. Of course there have been many more threads about specific aspects or related projects: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que....
(Btw, these links are just for anyone curious to read more - reposts are fine after a year or so - https://news.ycombinator.com/newsfaq.html)
NSA Ghidra open-source reverse engineering framework - https://news.ycombinator.com/item?id=40508777 - May 2024 (61 comments)
Ghidra 11.0 Released - https://news.ycombinator.com/item?id=38740793 - Dec 2023 (11 comments)
Ghidra 10.3 has been released - https://news.ycombinator.com/item?id=35908418 - May 2023 (6 comments)
NSA Ghidra software reverse engineering framework - https://news.ycombinator.com/item?id=35324380 - March 2023 (103 comments)
Ghidra: Software reverse engineering suite developed by NSA - https://news.ycombinator.com/item?id=33226050 - Oct 2022 (42 comments)
Ghidra: A software reverse engineering suite of tools developed by the NSA - https://news.ycombinator.com/item?id=27818492 - July 2021 (142 comments)
Ghidra 9.2 - https://news.ycombinator.com/item?id=25086519 - Nov 2020 (78 comments)
The Ghidra Book - https://news.ycombinator.com/item?id=24879314 - Oct 2020 (5 comments)
Ghidra Decompiler Analysis Engine - https://news.ycombinator.com/item?id=19599314 - April 2019 (30 comments)
Ghidra source code officially released - https://news.ycombinator.com/item?id=19572994 - April 2019 (7 comments)
Ghidra Capabilities – Get Your Free NSA Reverse Engineering Tool [pdf] - https://news.ycombinator.com/item?id=19319385 - March 2019 (17 comments)
Ghidra, NSA's reverse-engineering tool - https://news.ycombinator.com/item?id=19315273 - March 2019 (405 comments)
Ghidra - https://news.ycombinator.com/item?id=19239727 - Feb 2019 (59 comments)
NSA to Release Their Reverse Engineering Framework GHIDRA to Public at RSA - https://news.ycombinator.com/item?id=18828083 - Jan 2019 (90 comments)
Awful to use with a tiling window manager.
opus 4.6 can use that from cli, and do RE, make pseudo C, and later decode binaries based on this code into interpretable data.
amazing tool
unflutter supports ghidra :) https://news.ycombinator.com/item?id=47035788
I'm using a tool on Parallels on Mac that says "cannot run in virtual machine". Could I remove that check using Ghidra?
is ghidralite dot com a safe link or an official link
when i try to expand their faq, it seem to try an open a (presumabl) malicious link , i wont paste the link here just in case it is really malicious
OllyDbg inspired: https://github.com/eteran/edb-debugger
Is it just me or is the merge style used for the repo very difficult to follow? Am I holding it wrong?
I always wondered whether they have a much more capable internal version. And I wonder the same thing for AI labs (they have to do a lot of lobotomy for their models to be ready for public use... but internally, they can just skip this perhaps?)
Are these tools useable by OpenClaw yet?
[dead]
What does it do I don't understand a think can someone explain me
Strange to see the NSA using Java, maybe this is really old?
Everyone in the comments is like, "take a look at this AI tool for Ghirda"
This is indicative of two things.
1. While I can't stand the guy, ya'll need to watch Peter Thiel's talk from 10-15 years ago at Stanford about not building the same thing everyone else is, a la, the obvious thing.
2. People are really attracted to using LLMs on deep thinking tasks, off shoring their thinking, to a "Think for me SaaS". This won't end well for you, there's no shortcuts in life that don't come with a (huge) cost.
The person who showed their work and scored A's on math tests instead of just learning how to use a calculator, is better off in their career/endevours than the 80% of others who did the latter. If Laurie Wired makes an MCP for Ghirda and uses it that's one thing, you using it without ever reverse engineering extensively is completely different. I'd bet my bottom dollar that Laurie Wired doesn't prefer the MCP over her own mental processes 8/10 times.