Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge. Learn more →
Ghidra Alternatives
Similar projects and alternatives to ghidra
-
-
-
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
-
-
-
ret-sync
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
-
Ghidra-Cpp-Class-Analyzer
Ghidra C++ Class and Run Time Type Information Analyzer
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
-
-
-
-
ghidra-scripts
A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.
-
pecoff4j
PE/COFF 4J is a java engineering library for portable executables, the format used by Windows
-
-
FordACP-AUX
Ford CD changer emulator with AUX playback control using Arduino UNO
-
-
-
notebooks
Just various notebooks I sometimes write to help me, no unifying theme (by afiodorov)
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
ghidra reviews and mentions
-
Show HN: Ghidra Plays Mario
> I’m not clear on if the bugs you are finding are in Ghidra’s processor model or in the emulator? (Though I think it’s the latter?)
The project README includes a link to a commit fixing bugs in Ghidra's processor model, here is the author's PR submitting those fixes upstream: https://github.com/NationalSecurityAgency/ghidra/pull/5740
Nice, I'll give it a closer look. My only concern so far is memory hooking (still needed for hardware registers), which on Java side was called by FilteredMemoryState [1]. In memstate.cc it looks like just the simpler MemoryState is implemented [2], and there's no equivalent to MemoryAccessFilter. But it might not be that complicated to add...
[1]: https://github.com/NationalSecurityAgency/ghidra/blob/4561e8...
[2]: https://github.com/NationalSecurityAgency/ghidra/blob/4561e8...
- Debugger Ghidra Class
- Ask HN: What's the best open source alternative to IDA Pro?
- Ghidra 10.3 released (with Dark Mode).
-
Ask HN: Most interesting tech you built for just yourself?
I tried to upstream some of my refactorings/modifications to support this, but it was rejected by upstream [1]. I don't blame the Ghidra project for this decision ; my modifications are fairly intrusive (modifying the relocation table after the initial load, extensive refactoring of the ELF support code...) and my workflow is essentially unproved in public.
By that I mean I have no documentation, no series of technical articles describing this process and no public, non-trivial project to demonstrate it in real life. I do have a currently private decompilation project that uses this successfully [2], but it's not currently public and it's nowhere near finished.
Also, I only wrote a relocation synthesizer for statically-linked, 32-bit, little endian MIPS ELF. That's a fairly obscure platform, I'd expect most people care about mainstream instruction sets like x86_64 or ARM64.
If you can suggest a forum where people would be interested in this, I can drop a message there and answer more in-depth questions if you want. So far I've worked on this all on my own and I'm kinda out of the loop from the rest of the reverse-engineering community.
[1] https://github.com/NationalSecurityAgency/ghidra/pull/5010#i...
-
NSA Ghidra software reverse engineering framework
https://github.com/NationalSecurityAgency/ghidra/issues/382
3. Airgaps may be broken by ultrasound side channels; communication to compromised devices like smartphones is possible (see: speaker-to-gyroscope communication https://ieeexplore.ieee.org/abstract/document/9647842/ ; speaker-to-speaker communication https://arxiv.org/pdf/1803.03422.pdf)
4. Low bitrate data leaks, like "ghidra is running in this org, decompiling files named....." may be accumulated by the NSA
This is just zero-day warehousing and passive signals collection with embedded zerodays. It would be hard for security researchers to detect this. I'd happily change my mind if you showed me an audit that looks for beacons and other side channels.
II. The audits
Here is the one audit I could find
https://github.com/NationalSecurityAgency/ghidra/issues/382
This audit tells us that the code is janky, but doesn't tell us if it's secure. It's just a dump of thousands upon thousands of static analysis errors.
There's no threat anaylsis in this audit. All it suggests is that the code has so many defects that a serious security audit will very expensive to perform.
III. Change my mind with evidence
Please link me to the "heavy audits" of the code that you think should exist. I couldn't find them. Surely you were not bullshitting me. Surely not?!
tldr;; I think this code is less heavily audited than you can support.
> RE'd ghidra
What, like, read the source code [1] or reverse engineered a binary? Would be easy(ish) to tell if the code in the binary was different from the source, probably.
-
Riscv Ghidra Instruction Manual
For example MIPS: https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Processors/MIPS/data/manuals/mipsMic.idx
-
A note from our sponsor - InfluxDB
www.influxdata.com | 28 Nov 2023
Stats
NationalSecurityAgency/ghidra is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of ghidra is Java.