Ghidra

This article is about the reverse-engineering tool. For the fictional monster, see King Ghidorah.

Ghidra

Disassembly of a file in Ghidra
Original author(s)	NSA
Initial release	March 5, 2019; 3 years ago (2019-03-05)
Stable release	10.2.2[1] / November 15, 2022; 18 days ago (2022-11-15)
Repository	github.com/NationalSecurityAgency/ghidra
Written in	Java, C++
License	Apache License 2.0 / Public domain[2]
Website	ghidra-sre.org

Ghidra (pronounced gee-druh;^[3] /ˈɡiːdrə/^[4]) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub.^[5] Ghidra is seen by many security researchers as a competitor to IDA Pro.^[6] The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.^[7] Ghidra plugins can be developed in Java or in Python (provided via Jython).^[8]

History

Ghidra's existence was originally revealed to the public via WikiLeaks in March 2017,^[9] but the software itself remained unavailable until its declassification and official release two years later.^[5]

In June 2019, Coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite.^[10]

Ghidra can be used, officially,^[11] as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB.^[12]

Supported architectures

The following architectures or binary formats are supported:^[13]

• x86 16, 32 and 64 bit
• ARM and AARCH64
• PowerPC 32/64 and VLE
• MIPS 16/32/64
• MicroMIPS
• 68xxx
• Java and DEX bytecode
• PA-RISC
• PIC 12/16/17/18/24
• SPARC 32/64
• CR16C
• Z80
• 6502
• 8048, 8051
• MSP430
• AVR8, AVR32
• SuperH
• V850

See also

• IDA Pro
• JEB decompiler
• radare2
• Binary Ninja

References

1. Ghidra 10.2.2
2. "ghidra/NOTICE". GitHub.com. Retrieved 13 April 2019.
3. "Frequently asked questions". GitHub.com. Retrieved 7 March 2019.
4. "Come Get Your Free NSA Reverse Engineering Tool!". YouTube.com. Archived from the original on 2021-12-15. Retrieved 17 May 2019.
5. "The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source". Wired.com. Retrieved 6 March 2019.
6. Cimpanu, Catalin. "NSA releases Ghidra, a free software reverse engineering toolkit". ZDNet. Retrieved 2019-03-07.
7. e. g. as Plugin for Radare2 oder Rizin.
8. "Three Heads are Better Than One: Mastering NSA's Ghidra Reverse Engineering Tool" (PDF). Retrieved 2019-09-30.
9. "Ghidra". WikiLeaks. National Security Agency. Retrieved 22 March 2019.
10. "Coreboot Project Is Leveraging NSA Software To Help With Firmware Reverse Engineering".
11. "Compiled/built Ghidra 9.3 for Windows with Debugger feature by Galician R&D Center in Advanced Telecommunications employees".
12. "What's new in Ghidra 10.0".
13. "Rob Joyce on Twitter". Twitter.com. Retrieved 6 March 2019.

External links

• Official website
• ghidra on GitHub