Our great sponsors
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
The IDA decompiler is just generally more complete and more polished than Ghidra for the architectures it targets.
One issue with Ghidra's that I keep hitting is its poor support for amd64 SIMD. There's a good example at https://github.com/NationalSecurityAgency/ghidra/issues/249 :
0000000000000000 :
It's also really quite easy to add at least basic support to Ghidra for extra targets. I for example got quite far writing a TMS7000 [0] target for Ghidra [1] to reverse engineer the firmware for a TI teletype... though I still haven't dumped the ROMs to actually get further with it.
[0] - http://www.bitsavers.org/components/ti/TMS7000/TMS7000_Famil...
[1] - https://github.com/benpye/tms7000
There's an open source Lumina server, writing a plugin for Ghidra wouldn't be too difficult, here's some details on how they hash functions:
https://github.com/naim94a/lumen/issues/2
> I'd like to be able to do very basic audits of how programs work and precisely what they're doing, and also modify their behavior in simple ways (change hardcoded servers, change program execution flow, disable or enable certain functionality). Reverse engineering with basic modifications.
The listed books should help with that! I think Practical Malware Analysis really is a good start, even for that. When looking at malware you also try to find important functionality and the book teaches you how to get there quickly.
> I'd also like to have a go at modifying firmware of embedded devices, eg a car head unit with a stupid splash screen on startup that I'd like to disable.
There are probably forums for that, where you can find some info. There's also a nostarch book on car hacking (https://nostarch.com/carhacking) and for embedded (https://nostarch.com/hardwarehacking). I haven't read either, but it might be worth to check out some reviews for it. Maybe they're good and can help you achieve your goals.
The difficulty probably depends on how new the car is. In case you need to actually find a vulnerability in the infotainment system to get proper access, something like Hacking: The Art of Exploitation (https://nostarch.com/hacking2.htm), which I heard many good things about, is probably a good read. But if it's too new it might be too time consuming (see e.g. https://www.youtube.com/watch?v=k_F4wHc4h6k)
> For example I have a camera with wifi functionality, and you can control it from a phone app. It would be cool if I could somehow control that from the command line, or create my own basic app for the PC to control it. On top of that it would be good if I could modify the firmware to make it automatically start up in that remote control mode.
I think getting at least a CLI client could be relatively easy. For that you probably don't even need to reverse a binary using IDA/Ghidra/Binary Ninja. You can try to get the .apk file of the app and decompile it using something like jadx (https://github.com/skylot/jadx/). You'll receive mostly readable Java code. It can try to deobfuscate names, if they're obfuscated. The code you're interested in is probably somewhere under "com.manufacturer...".
How easy it is to modify the firmware once again likely depends on how old or new the camera is. They could, for example, have some integrity checks that keep you from doing that. But I have absolutely zero experience here, so it might as well be really easy. I think there could be forums for this, too.
Also be warned that modifying the firmware of your car or camera can break (parts of) them if things go wrong. E.g. I accidentally (soft) bricked a device because I tried to flash it from within a VM. I don't know how big the risk in your cases is, maybe there isn't any. But it's a good idea to read lots before accidentally breaking something expensive!
Happy I could help you :)