NSA出品的Ghidra

NSA出品的Ghidra
Ghidra by NSA

原始链接: https://github.com/NationalSecurityAgency/ghidra

Ghidra是由美国国家安全局开发的强大、免费且开源的软件逆向工程 (SRE) 框架。它为分析 Windows、macOS 和 Linux 上的编译代码提供了一套全面的工具，包括反汇编、反编译和脚本编写功能。Ghidra 支持多种处理器类型和可执行文件格式，可在交互式和自动化模式下运行。用户可以通过 Java 或 Python 脚本扩展 Ghidra 的功能并开发自定义扩展。Ghidra 最初是为了解决复杂 SRE 任务中的扩展性和协作挑战而创建的，它有助于分析恶意代码并识别漏洞。安装需要 JDK 21，并涉及下载和提取发布文件。也可以通过 GitHub 进行开发构建，需要额外的构建依赖项和工具，如 Gradle 和 Eclipse。有兴趣贡献的用户可以在项目资源中找到开发和贡献指南。**重要提示：**在使用前请注意已知的安全漏洞并查阅 Ghidra 的安全公告。

这次黑客新闻的讨论围绕着Ghidra，这是一款由美国国家安全局开发的软件逆向工程工具，可在GitHub上找到。用户对最近的更新印象深刻，特别是它与Python的集成改进，使其更易于使用。一位评论员指出，在分析Rust二进制文件时有了积极的变化。另一位用户强调了RizinOrg开发的类似工具Cutter。线程中反复出现的一个想法是猜测美国国家安全局是否拥有比公开版本更强大的Ghidra内部版本，这类似于对高级人工智能实验室及其内部能力与公开版本之间的疑问。讨论涉及维护此类复杂工具的保密性的难度。

原文

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.

In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.

If you are a U.S. citizen interested in projects like this, to develop Ghidra and other cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a career with us.

WARNING: There are known security vulnerabilities within certain versions of Ghidra. Before proceeding, please read through Ghidra's Security Advisories for a better understanding of how you might be impacted.

To install an official pre-built multi-platform Ghidra release:

Install JDK 21 64-bit
Download a Ghidra release file
- NOTE: The official multi-platform release file is named ghidra_<version>_<release>_<date>.zip which can be found under the "Assets" drop-down. Downloading either of the files named "Source Code" is not correct for this step.
Extract the Ghidra release file
- NOTE: Do not extract on top of an existing installation
Launch Ghidra: ./ghidraRun (ghidraRun.bat for Windows)
- or launch PyGhidra: ./support/pyGhidraRun (support\pyGhidraRun.bat for Windows)

For additional information and troubleshooting tips about installing and running a Ghidra release, please refer to the Getting Started document which can be found at the root of a Ghidra installation directory.

To create the latest development build for your platform from this source repository:

Download and extract the source:

Download from GitHub

unzip ghidra-master
cd ghidra-master

NOTE: Instead of downloading the compressed source, you may instead want to clone the GitHub repository: git clone https://github.com/NationalSecurityAgency/ghidra.git

Download additional build dependencies into source repository:

NOTE: If an Internet connection is available and you did not install Gradle, the following gradle commands may be replaced with ./gradlew(.bat).

gradle -I gradle/support/fetchDependencies.gradle

Create development build:

The compressed development build will be located at build/dist/.

For more detailed information on building Ghidra, please read the Developer's Guide.

For issues building, please check the Known Issues section for possible solutions.

User Scripts and Extensions

Ghidra installations support users writing custom scripts and extensions via the GhidraDev plugin for Eclipse. The plugin and its corresponding instructions can be found within a Ghidra release at Extensions/Eclipse/GhidraDev/ or at this link. Alternatively, Visual Studio Code may be used to edit scripts by clicking the Visual Studio Code icon in the Script Manager. Fully-featured Visual Studio Code projects can be created from a Ghidra CodeBrowser window at Tools -> Create VSCode Module project.

NOTE: Both the GhidraDev plugin for Eclipse and Visual Studio Code integrations only support developing against fully built Ghidra installations which can be downloaded from the Releases page.

To develop the Ghidra tool itself, it is highly recommended to use Eclipse, which the Ghidra development process has been highly customized for.

Install build and development tools:

Prepare the development environment:

gradle prepdev eclipse buildNatives

Import Ghidra projects into Eclipse:

File -> Import...
General | Existing Projects into Workspace
Select root directory to be your downloaded or cloned ghidra source repository
Check Search for nested projects
Click Finish

When Eclipse finishes building the projects, Ghidra can be launched and debugged with the provided Ghidra Eclipse run configuration.

For more detailed information on developing Ghidra, please read the Developer's Guide.

If you would like to contribute bug fixes, improvements, and new features back to Ghidra, please take a look at our Contributor's Guide to see how you can participate in this open source project.