tutorial

Hands-On Ghidra - A Tutorial about the Software Reverse Engineering Framework

Author:

Roman RohlederAuthors Info & Claims

SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection

Pages 77 - 78

https://doi.org/10.1145/3338503.3357725

Published: 15 November 2019 Publication History

Get Access

Abstract

In this tutorial, the Ghidra software reverse engineering framework will be presented, its characteristics highlighted and its features to the hitherto industry standard in reverse engineering tools, IDA Pro - the interactive disassembler, compared against. This framework was released on March the 5th 2019, by the National Security Agency under the Apache v2 license and brought with it a powerful decompiler for many different architectures (X86 16/32/64, ARM/AARCH64, Java/DEX bytecode, ...), which will be presented and its underlying intermediate language p-code and the corresponding SLEIGH-format explained. Further, hands-on demonstrations will follow, including the aforementioned SLEIGH-format, the plugin-system and the standalone-mode, showcased on different reverse engineering tasks like binary diffing, code lifting, deobfuscation and patching.

References

[1]

Vector 35. 2019. Binary Ninja: A New Kind of Reversing Platform. Retrieved August 29, 2019 from https://binary.ninja/

Google Scholar

[2]

National Security Agency. 2019. Ghidra - Software Reverse Engineering Framework. Retrieved August 29, 2019 from https://www.nsa.gov/resources/everyone/ghidra/

Google Scholar

[3]

National Security Agency. 2019. Ghidra - Software Reverse Engineering Framework. Retrieved August 29, 2019 from https://github.com/NationalSecurityAgency/ghidra

Google Scholar

[4]

Chris Eagle. 2011. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler. No Starch Press, San Francisco, CA, USA.

Google Scholar

[5]

Hex-Rays. 2019. IDA Pro - The Interactive Disassembler. Retrieved August 29, 2019 from https://www.hex-rays.com/products/ida/

Google Scholar

[6]

pancake aka @trufae. 2019. Unix-like reverse engineering framework and command line tools. Retrieved August 29, 2019 from https://rada.re/r/

Google Scholar

[7]

CEA IT Security. 2019. Miasm - Reverse engineering framework in Python. Retrieved August 29, 2019 from https://github.com/cea-sec/miasm

Google Scholar

Cited By

View all

CHEN CWAN HZHAO X(2024)Log refusion: adversarial attacks against the integrity of application logs and defense methodsSCIENTIA SINICA Informationis10.1360/SSI-2024-004254:9(2157)Online publication date: 10-Sep-2024
https://doi.org/10.1360/SSI-2024-0042
Feng YLi HCao YWang YFeng H(2024)CRABS-former: CRoss-Architecture Binary Code Similarity Detection based on TransformerProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671390(11-20)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671390
Nguyen HPriyadarshan SSekar RChristakis MPradel M(2024)Scalable, Sound, and Accurate Jump Table AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680301(541-552)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680301
Show More Cited By

Index Terms

Hands-On Ghidra - A Tutorial about the Software Reverse Engineering Framework
1. Security and privacy
  1. Software and application security
    1. Software reverse engineering

Recommendations

Reverse Engineering Functional Classes: A Middleware Case Study
ITNG '08: Proceedings of the Fifth International Conference on Information Technology: New Generations

In this paper, we study reverse engineering Functional Classes in Java. As a case study we use a middleware application. Functional Classes is a design style that merges both object-oriented and functional programming paradigms. A functional class is a ...
An Environment for the Reverse Engineering of Executable Programs
APSEC '95: Proceedings of the Second Asia Pacific Software Engineering Conference

Reverse engineering of software systems has traditionally centered upon the generation of high-level abstractions or specifications from high-level code or databases. In this paper we report on a reverse engineering environment for low-level executable ...
Using a Decompiler for Real-World Source Recovery
WCRE '04: Proceedings of the 11th Working Conference on Reverse Engineering

Despite their 40 year history, native executable decompilers have found very limited practical application in commercial projects. The success of Java decompilers is well known, and a few decompilers perform well by recognising patterns from specific ...

Comments

Information & Contributors

Information

Published In

SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection

November 2019

87 pages

ISBN:9781450368353

DOI:10.1145/3338503

General Chair:
Paolo Falcarin
University of East London, UK
,
Program Chair:
Michael 'MiZu' Zunke
Thales Group, Germany

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2019

Check for updates

Author Tags

Qualifiers

Tutorial

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 15, 2019

London, United Kingdom

Acceptance Rates

Overall Acceptance Rate 8 of 14 submissions, 57%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
1,434
Total Downloads

Downloads (Last 12 months)107
Downloads (Last 6 weeks)16

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

CHEN CWAN HZHAO X(2024)Log refusion: adversarial attacks against the integrity of application logs and defense methodsSCIENTIA SINICA Informationis10.1360/SSI-2024-004254:9(2157)Online publication date: 10-Sep-2024
https://doi.org/10.1360/SSI-2024-0042
Feng YLi HCao YWang YFeng H(2024)CRABS-former: CRoss-Architecture Binary Code Similarity Detection based on TransformerProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671390(11-20)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671390
Nguyen HPriyadarshan SSekar RChristakis MPradel M(2024)Scalable, Sound, and Accurate Jump Table AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680301(541-552)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680301
Kim YCho KKim S(2024)Challenges in Dynamic Analysis of Drone Firmware and Its SolutionsIEEE Access10.1109/ACCESS.2024.342560412(106593-106604)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3425604
Park YChoi SChoi UJin HNor NPark Y(2024)A practical approach for finding anti-debugging routines in the Arm-Linux using hardware tracingScientific Reports10.1038/s41598-024-65374-w14:1Online publication date: 26-Jun-2024
https://doi.org/10.1038/s41598-024-65374-w
Priyadarshan SNguyen HChouhan RSekar RCalandrino JTroncoso C(2023)SAFERProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620319(1451-1468)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620319
Chen STan YQiu KZhang ZLi YZhang Q(2023)Delving Deep into Reverse Engineering of UEFI Firmwares via Human Interface InfrastructureElectronics10.3390/electronics1222460112:22(4601)Online publication date: 10-Nov-2023
https://doi.org/10.3390/electronics12224601
Priyadarshan SNguyen HSekar RAamodt TSwift MJerger N(2023)Accurate Disassembly of Complex Binaries Without Use of Compiler MetadataProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624766(1-18)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624766
Yu JKim JYun YYun JMeng WJensen CCremers CKirda E(2023)Poster: Combining Fuzzing with Concolic Execution for IoT Firmware TestingProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3624373(3564-3566)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3624373
Alkhateeb EGhorbani AHabibi Lashkari A(2023)A survey on run-time packers and mitigation techniquesInternational Journal of Information Security10.1007/s10207-023-00759-y23:2(887-913)Online publication date: 1-Nov-2023
https://doi.org/10.1007/s10207-023-00759-y
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Reverse Engineering Functional Classes: A Middleware Case Study

An Environment for the Reverse Engineering of Executable Programs

Using a Decompiler for Real-World Source Recovery

Comments

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Reverse Engineering Functional Classes: A Middleware Case Study

An Environment for the Reverse Engineering of Executable Programs

Using a Decompiler for Real-World Source Recovery

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations