Ghidra: Open-source software reverse engineering framework

Ghidra, a cutting-edge open-source software reverse engineering (SRE) framework, is a product of the National Security Agency (NSA) Research Directorate.

Ghidra

The framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and Linux. Ghidra’s extensive capabilities include disassembly, assembly, decompilation, graphing, scripting, and a host of other functions. It supports a wide range of processor instruction sets and executable formats and can operate in user-interactive and automated modes. Moreover, users have the flexibility to develop their own Ghidra extension components or scripts using Java or Python.

Ghidra addresses scaling and collaboration challenges in complex SRE tasks, offering a customizable and extensible research platform. The NSA has leveraged Ghidra’s SRE capabilities to tackle diverse problems, such as analyzing malicious code and generating detailed insights for SRE analysts to understand potential vulnerabilities in networks and systems better.

Download and install

To install an official pre-built multi-platform Ghidra release:

  • Install JDK 17 64-bit
  • Download a Ghidra release file. The official multi-platform release file is named ghidra___.zip which can be found under the “Assets” drop-down. Downloading either of the files named “Source Code” is not correct for this step.
  • Extract the Ghidra release file
  • Launch Ghidra: ./ghidraRun (or ghidraRun.bat for Windows)

Supported processors: X86 16/32/64, ARM/AARCH64, PowerPC 32/64/VLE, MIPS 16/32/64/micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, and variants of these processors.

Ghidra is available for free on GitHub.

Must read:

OPIS OPIS


Don't miss