Ghidra (pronounced gee-druh; ) is a free and open source reverse engineering tool developed by the

National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collect ...

(NSA) of the United States. The binaries were released at

RSA Conference The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia ...

in March 2019; the sources were published one month later on

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continu ...

. Ghidra is seen by many security researchers as a competitor to

IDA Pro The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. I ...

. The software is written in

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...

using the Swing framework for the

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

. The

decompiler A decompiler is a computer program that translates an executable file to a high-level source file which can be recompiled successfully. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level l ...

component is written in

C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...

, and is therefore usable in a stand-alone form. Ghidra plugins can be developed in Java or in Python (provided via Jython).

History

Ghidra's existence was originally revealed to the public via

WikiLeaks WikiLeaks () is an international non-profit organisation that published news leaks and classified media provided by anonymous sources. Julian Assange, an Australian Internet activist, is generally described as its founder and director and ...

in March 2017, but the software itself remained unavailable until its declassification and official release two years later. In June 2019,

Coreboot coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...

began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite. Ghidra can be used as a

debugger A debugger or debugging tool is a computer program used to test and debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its executi ...

since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via

WinDbg WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft. Debugging is the process of finding and resolving errors in a system; in computing it also includes exploring the internal operation ...

, and Linux programs via

GDB The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Objective-C, Free Pascal, Fortran, Go, and partially others. History GDB was first written by ...

Supported architectures

The following architectures or binary formats are supported: * x86 16, 32 and

64 bit In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit CPUs and ALUs are those that are based on processor registers, address buses, or data buses of that size. A compu ...

ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between th ...

and

AARCH64 AArch64 or ARM64 is the 64-bit extension of the ARM architecture family. It was first introduced with the Armv8-A architecture. Arm releases a new extension every year. ARMv8.x and ARMv9.x extensions and features Announced in October 2011, AR ...

* PowerPC 32/64 and VLE * MIPS 16/32/64 * MicroMIPS * 68xxx *

and DEX bytecode *

PA-RISC PA-RISC is an instruction set architecture (ISA) developed by Hewlett-Packard. As the name implies, it is a reduced instruction set computer (RISC) architecture, where the PA stands for Precision Architecture. The design is also referred to as ...

* PIC 12/16/17/18/24 *

SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system develope ...

32/64 * CR16C *

Z80 The Z80 is an 8-bit microprocessor introduced by Zilog as the startup company's first product. The Z80 was conceived by Federico Faggin in late 1974 and developed by him and his 11 employees starting in early 1975. The first working samples were ...

6502 The MOS Technology 6502 (typically pronounced "sixty-five-oh-two" or "six-five-oh-two") William Mensch and the moderator both pronounce the 6502 microprocessor as ''"sixty-five-oh-two"''. is an 8-bit microprocessor that was designed by a small te ...

8048 The MCS-48 microcontroller series, Intel's first microcontroller, was originally released in 1976. Its first members were 8048, 8035 and 8748. The 8048 is probably the most prominent member of the family. Initially, this family was produced us ...

, 8051 *

MSP430 The MSP430 is a mixed-signal microcontroller family from Texas Instruments, first introduced on 14 February 1992. Built around a CPU, the MSP430 is designed for low cost and, specifically, low power consumption embedded applications. Applic ...

* AVR8, AVR32 *

SuperH SuperH (or SH) is a 32-bit reduced instruction set computing (RISC) instruction set architecture (ISA) developed by Hitachi and currently produced by Renesas. It is implemented by microcontrollers and microprocessors for embedded systems. At the ...

V850 V850 is a 32-bit RISC CPU architecture produced by Renesas Electronics for embedded microcontrollers. It was designed by NEC as a replacement for their earlier NEC V60 family, and was introduced shortly before NEC sold their designs to Renesas ...

References

External links

* * Disassemblers National Security Agency Free software programmed in C++ Free software programmed in Java (programming language) {{Free-software-stub

History

Supported architectures

See also

References

External links