Getting Started with SRE using Ghidra

Ghidra

Brief Introduction to SRE

What is Ghidra?

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.

Installing Ghidra

Installation is easy. Unlike other programs that use a traditional installer, the Ghidra distribution file is simply extracted in-place on the filesystem. This simply means that administrative privilege is not required to install Ghidra for personal use, hence there are no updates to the OS Configuration. A downside of the same is that Ghidra will not automatically create a shortcut on the desktop or appear in application start menus.

  1. Open Environment Variables Window by right-clicking on the Windows start button, and then click “System”. Then select “Advanced System Settings”, followed by “Environment Variables”.
  2. Add the JDK bin directory to the PATH variable by highlighting “Path” under System Variables. Simply at the end of the Variable value field, add a semicolon followed by <path of extracted JDK dir>\bin. You’re all set.
  3. Restart any open Command Prompt windows for changes to take effect.
tar xvf <JDK distribution .tar.gz>vi ~/.bashrcexport PATH=<path of extracted JDK dir>/bin:$PATH

Getting Started with SRE using Ghidra

Now that installation is complete, let’s reverse engineer a Portable Executable file for starters! Download the PE File here.

  1. Select Non-Shared Project and choose a Directory as well as Name for your project.
  2. Once done, click on Import File and choose the Executable file shared above. As you’re through with this, your screen should resemble the one given below.
_Code = FUN_00401000()

Ending Notes

The Portable Executable File that we are using is actually a CTF Prompt so feel free to crack it!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aaishika S Bhattacharya

Aaishika S Bhattacharya

Jr. Developer Advocate @ DigitalOcean | GitHub Campus Expert & Stream Team | GDSC ‘22 & Hack Club Lead | Alexa Student Influencer | Ex- MLH Coach