reverse engineering: for fun's sake

Installing Ghidra - Take 1

July 04, 2019

Foreword

This is my first 4th of July in the States. I’m an Aussie living here. What better way to proclaim independence than compiling software from source!

Also, sorry there are no screenshots, Wayland seems to fall short in this regard.

Aim

So, the aim of this post is simple, get Ghidra installed so that it is useful. Sounds easy enough, right? Yes it is pretty easy. Rather than just downloading and installing we’ll be getting prepped for development and keeping up with the tip of development.

Anyway, by the end of this you’ll have a running Ghidra install with the ability to edit scripts within Eclipse.

The install process of Ghidra is a moving target, so I’ll update the instructions as time goes on.

Plan of attack

The idea is to build Ghidra from source, build the GhidraDev Eclipse plugin.

It is recommended to use a fresh user for these steps, then the resulting artifacts can be installed on any other user.

Since I’m a Linux fan boy this is done on Linux, Fedora 30 to be precise. But it shouldn’t be too hard to get working on other distros. Not sure about Mac and Windows though.

Building Ghidra

Pre-requisites:

  • Install openjdk for java 11, left as exercise for the reader

Run the following script in the home directory of the freshly minted user. Note: This does run a script from the web, feel free to modify and check the script first.

#!/bin/bash

curl -s "https://get.sdkman.io" | bash
source ~/.sdkman/bin/sdkman-init.sh
sdk install gradle 5.0
git clone https://github.com/NationalSecurityAgency/ghidra.git
cd ghidra
git checkout 633049d83bf6b21d72fde747cf79ff524b8044c1
git checkout -b re-ffs-0.0.1
gradle --init-script gradle/support/fetchDependencies.gradle init
gradle buildGhidra
gradle eclipse
gradle buildNatives_linux64
gradle sleighCompile
gradle eclipse -PeclipsePDE
gradle prepDev
cd
unzip ghidra/build/dist/ghidra_9.1_DEV_*_linux64.zip

Hey presto, now you have a Ghidra install zip and Ghidra installed in ~/ghidra_9.1_DEV/.

Building the GhidraDev Eclipse plugin

So, Ghidra has some nifty Eclipse integration. This is handy if you want to edit or create scripts for Ghidra. Honestly RE without scripting is just painful, so this is important. Unlike some SRE tools you get full access to the source, you can see how everything works, and extend from the wonderful abstract model that Ghidra provides.

Steps:

  • Install Eclipse (instructions not provided)

    • Install the base Java oriented Eclipse
    • Install CDT, PyDev and Plugin Development Environment
  • Import the GhidraDevFeature and GhidraDevPlugin projects

    • File -> Import
    • General -> Existing Projects into Workspace
    • Browse and add ~/ghidra/GhidraBuild/EclipsePlugins/GhidraDev/{GhidraDevFeature,GhidraDevPlugin}
  • Export the plugin

    • File -> Export
    • Plug-in Development -> Deployable features
    • Select ‘ghidra.ghidradev’
    • Set Destination to /home/<user>/ghidra_9.1_DEV/Extensions/Eclipse/GhidraDev-2.1.0.zip
    • Finish

Huzzah, now you have a GhidraDev plugin for Eclipse. Exciting times.

To package Ghidra up nice you can tar/zip up the ghidra_9.1_DEV/ directory. This can be unzipped and run in any other user (or an air-gapped computer.)

Installing the GhidraDev plugin

Getting close now. But the GhidraDev plugin still needs to be installed and setup.

In your target Eclipse instance (this could be a different user than earlier) do:

  • Help -> Install New Software…
  • Add -> Archive
  • Navigate to the GhidraDev-2.1.0.zip
  • Name it something, GhidraDev seems appropriate
  • Add
  • Deselect ‘Group items by category’
  • Select GhidraDev
  • Finish, agree to license, restart Eclipse
  • Allow the open port

    • Ghidra communicates to Eclipse via a port, enable it

Getting it setup

Start Ghidra, ~/ghidra_9.1_DEV/ghidraRun, then.

  • Create a project (an empty project is fine)
  • Open the code browser
  • Window -> Script Manager
  • Ensure Eclipse is running
  • Select a script and click the Eclipse button
  • Click ok on adding the Ghidra Scripting project
  • Next
  • Link the directories (the buttons may be buggy)
  • Add the Ghidra installation
  • Enable Python
  • Clicking on the add button will find the Ghidra Jython
  • Finish

Have fun!

Now you can create and edit scripts. You can use normal Eclipse code navigation to see what Ghidra is actually doing.

In the future

The Ghidra peeps seem to be making this process easier and easier. I will keep track of it and update as necessary.


Dan Farrell

Written by Dan Farrell who lives and works in Seattle tinkering away on firmware. To subscribe send an email to subscribe@re-ffs.com.