Installing Ghidra - Take 1
July 04, 2019
This is my first 4th of July in the States. I’m an Aussie living here. What better way to proclaim independence than compiling software from source!
Also, sorry there are no screenshots, Wayland seems to fall short in this regard.
So, the aim of this post is simple, get Ghidra installed so that it is useful. Sounds easy enough, right? Yes it is pretty easy. Rather than just downloading and installing we’ll be getting prepped for development and keeping up with the tip of development.
Anyway, by the end of this you’ll have a running Ghidra install with the ability to edit scripts within Eclipse.
The install process of Ghidra is a moving target, so I’ll update the instructions as time goes on.
Plan of attack
The idea is to build Ghidra from source, build the GhidraDev Eclipse plugin.
It is recommended to use a fresh user for these steps, then the resulting artifacts can be installed on any other user.
Since I’m a Linux fan boy this is done on Linux, Fedora 30 to be precise. But it shouldn’t be too hard to get working on other distros. Not sure about Mac and Windows though.
- Install openjdk for java 11, left as exercise for the reader
Run the following script in the home directory of the freshly minted user. Note: This does run a script from the web, feel free to modify and check the script first.
#!/bin/bash curl -s "https://get.sdkman.io" | bash source ~/.sdkman/bin/sdkman-init.sh sdk install gradle 5.0 git clone https://github.com/NationalSecurityAgency/ghidra.git cd ghidra git checkout 633049d83bf6b21d72fde747cf79ff524b8044c1 git checkout -b re-ffs-0.0.1 gradle --init-script gradle/support/fetchDependencies.gradle init gradle buildGhidra gradle eclipse gradle buildNatives_linux64 gradle sleighCompile gradle eclipse -PeclipsePDE gradle prepDev cd unzip ghidra/build/dist/ghidra_9.1_DEV_*_linux64.zip
Hey presto, now you have a Ghidra install zip and Ghidra installed in
Building the GhidraDev Eclipse plugin
So, Ghidra has some nifty Eclipse integration. This is handy if you want to edit or create scripts for Ghidra. Honestly RE without scripting is just painful, so this is important. Unlike some SRE tools you get full access to the source, you can see how everything works, and extend from the wonderful abstract model that Ghidra provides.
Install Eclipse (instructions not provided)
- Install the base Java oriented Eclipse
- Install CDT, PyDev and Plugin Development Environment
Import the GhidraDevFeature and GhidraDevPlugin projects
- File -> Import
- General -> Existing Projects into Workspace
- Browse and add
Export the plugin
- File -> Export
- Plug-in Development -> Deployable features
- Select ‘ghidra.ghidradev’
- Set Destination to
Huzzah, now you have a GhidraDev plugin for Eclipse. Exciting times.
To package Ghidra up nice you can tar/zip up the
This can be unzipped and run in any other user (or an air-gapped computer.)
Installing the GhidraDev plugin
Getting close now. But the GhidraDev plugin still needs to be installed and setup.
In your target Eclipse instance (this could be a different user than earlier) do:
- Help -> Install New Software…
- Add -> Archive
- Navigate to the GhidraDev-2.1.0.zip
- Name it something, GhidraDev seems appropriate
- Deselect ‘Group items by category’
- Select GhidraDev
- Finish, agree to license, restart Eclipse
Allow the open port
- Ghidra communicates to Eclipse via a port, enable it
Getting it setup
- Create a project (an empty project is fine)
- Open the code browser
- Window -> Script Manager
- Ensure Eclipse is running
- Select a script and click the Eclipse button
- Click ok on adding the Ghidra Scripting project
- Link the directories (the buttons may be buggy)
- Add the Ghidra installation
- Enable Python
- Clicking on the add button will find the Ghidra Jython
Now you can create and edit scripts. You can use normal Eclipse code navigation to see what Ghidra is actually doing.
In the future
The Ghidra peeps seem to be making this process easier and easier. I will keep track of it and update as necessary.
Written by Dan Farrell who lives and works in Seattle tinkering away on firmware. To subscribe send an email to email@example.com.