59 comments

[ 4.3 ms ] story [ 66.9 ms ] thread
Ghidra is a very impressive piece of software with a deep bench of functionality. The recent couple major releases that move to a more integrated Python experience have been very nice to use.
I always wondered whether they have a much more capable internal version. And I wonder the same thing for AI labs (they have to do a lot of lobotomy for their models to be ready for public use... but internally, they can just skip this perhaps?)
Been awhile since I used this but decided to open the latest version to check my rust binary and was pleasantly surprised how much better it is today wrt rust binaries
is ghidralite dot com a safe link or an official link

when i try to expand their faq, it seem to try an open a (presumabl) malicious link , i wont paste the link here just in case it is really malicious

Works well. I used this tool once to disassemble and understand how key manager works on Vivotek cameras.

They create executables, which contain encrypted binary data. Then, when the executable runs, it decodes the encrypted data and pipes it into "sh".

The security is delusional here - the password is hard coded in the executable. It was something like "VIVOTEK Inc.".

Ghidra was able to create the C code and I was able to extract also the binary data to a file (which is essentially the bash script).

Can anyone provide their opinion of Ghidra vs Ida? Is Ida worth the extra money?
One huge difference is that IDA is much faster and less resource-intensive than Ghidra, on account of the latter being written in Java (not surprisingly) while the former is native code. The Ghidra UI is noticeably laggy to perform basic operations even with tiny binaries, while I haven't noticed anything like that in IDA.
Taking the opportunity to ask: are there nice recommended resources for a beginner to start with reverse engineering (ideally using Ghidra)? Let's say for an experienced developer, but not so experienced in reverse engineering?

I guess one issue I have is that I don't have good ideas of fun projects, and that's probably something I need to actually get the motivation to learn. I can find a "hello world", that's easy, but it won't help me get an idea of what I could reverse engineer in my life.

For instance I have a smartspeaker that I would like to hack (being able to run my own software on it, for fun), but I don't know if it is a good candidate for reverse engineering... I guess I would first need to find a security flaw in order to access the OS? Or flash my own OS (hoping that it's a Linux running there), but then I would probably want to extract binary blobs that work with the buttons and the actual speaker?

I started reverse engineering at 13 with an IDA Pro of questionable provenance - at that time, I found it quite difficult.

One thing which really helped me (and I wholeheartedly recommend) is to write simple programs, run them through the compiler and then in the disassembler. It really helps build a correspondence between program structure and its object code.

Eventually, you can make it even more fun and challenging by stripping debug symbols and turning on compiler optimisations.

Happy reversing!

Finding something with symbols will help a lot. Symbols end up getting left in Linux and macOS builds fairly often.

The reverse engineering I've learned has generally been to fix something that has annoyed me - for example I reverse engineered part of RCT3 to fix mouse input with high poll rates and allow for resizable windows [0]. Certainly easier to approach than trying to get into a closed device since you can attach a debugger.

[0] - https://mastodon.social/@benpye/109261545643008493

Allow me to shamelessly plug my blog, I have been (very slowly!) re-visiting microcorruption and writing up the solutions in a tutorial-esque fashion.

https://lovesexsecretgod.com

See if there is an OTA package available for your speaker that you can extract and figure out what goes where.

Then figure out what SoC your smart speaker is running.

A lot of soc vendors just provide SDKs for IoT applications. Maybe you'll find something like that you can flash.

Also if there's a separate SPI flash chip, you can simply dump it and study the firmware.

While on the topic, I want to highlight two incredible plugins for Ghidra: https://github.com/jtang613/GhidrAssist And https://github.com/jtang613/GhidrAssistMCP

Being able to hook Claude code up to this has made reversing way more productive. Highly recommend!

Hopefully this will help decompilation projects into generating better pseudocode. Some sort of "generate code -> build and execute -> test against existing executable if it behaves like the original -> change code again" loop.
Binary Ninja deserves a mention in these threads: https://binary.ninja

I've used IDA, Ghidra, and Binary Ninja a lot over the years. At this point I much prefer Binary Ninja for the task of building up an understanding of large binaries with many thousands of types and functions. It also doesn't hurt that its UI/UX feel like something out of this century, and it's very easy to automate using Python scripts.

Not sure why you would use Binary Ninja free version, there are so many limitations, like IDA free the platform support is very low.
Is it just me or is the merge style used for the repo very difficult to follow? Am I holding it wrong?
Since we’re talking about decompilers, might as well mention the community around the research area: http://decompilation.wiki/

As well as the research history (slated to be updated in a few days): https://mahaloz.re/dec-progress-2024

Agh I really wish these awesome community wikis would be easier to find when you don't know about them, they usually have such a cool trove of information. The one I love quite I love is the OSDev Forums Wiki, though that one is well known and loved by a lot of people in the space. We really need to protect these projects somehow, more and more stuff and expertise is getting hidden in Discord servers, completely unsearchable and locked away within the minds of the members...
What does it do I don't understand a think can someone explain me
Posting this on Github is a brilliant move by the NSA, and it showing up on HN amplifies it even more.

It's certainly not the first thing they've released (selinux, for one, and then all the other repos in the account), but this repo showing up on HN, with a prominent call-to-action to look at a career with them, is a great way to target the applicants you want ("those who would find this project interesting, because it's just the sort of thing we need them to work on")

Atlassian used to do (maybe still does) this in bitbucket if you open dev tools - a link to their careers page shows up

(comment deleted)