Start your journey to becoming a master inverter with the tools and analytical prowess of Ghidra SRE. Here is a guide on how to install and configure Ghidra on your Linux machine.

What is Ghidra?

Created by the NSA, Ghidra is an open-source, cross-platform, and sophisticated software reverse engineering framework that offers military-grade tools for analyzing and reversing software binaries. With Ghidra, you can reverse engineer or decompile binary software and study the source code underneath.

It is often the go-to framework in the malware analysis and reverse engineering business, in close competition with IDA, a software reverse engineering framework of similar stature.

Step 1: Installing JDK 11

Before exploring the Ghidra installation process, you should ensure that JDK 11 is installed and configured on your system. Without Java installed on your system, Ghidra will even refuse to start.

You can either manually install JDK 11 by downloading the tarball or install it through your Linux distribution’s package manager. Ideally, installing via package managers is the way to go because it’s much faster and hassle-free than the old convenience method.

To install JDK 11 on your Linux desktop, launch the terminal and run the following commands depending on your distro’s package manager:

On Debian/Ubuntu based systems:

sudo apt-get install openjdk-11-jdk

On Arch-based systems:

sudo pacman -S jdk11-openjdk

On Fedora/CentOS/RHEL systems:

sudo dnf install java-latest-openjdk

Step 2: Installing Ghidra

Ghidra SRE is usually not installed in a system and no traditional installer is included in the Ghidra release file. All you need to do is download the binaries, make them executable using the chmod command, and run them from the terminal on the go.

Download Ghidra

To get started, download the latest Ghidra version ZIP file from the official repository and extract it to a directory. After extracting the files, move into the directory using the cd command.

Note that downloading an older version can be risky because Ghidra, being a Java application, fell prey to the log4shell vulnerability. This security flaw has been fixed in the 10.1.1 update. So, to be on the safe side, try to avoid using versions older than the latest version.

To download: Ghidra (Free)

Running Ghidra

Among the extracted files, you will find a file named ghidrarun. This is a Bash script to launch Ghidra. Open a shell in the directory, make the file executable using the chmod command, and run it from the command line using the following commands:

chmod +x ghidraRun
./ghidraRun

This should trigger Ghidra SRE. Click on I am okayand you will be greeted with the Ghidra splash screen.

Step 3: Creating a desktop shortcut to Ghidra

As mentioned earlier, Ghidra does not come with an installer. So you won’t find Ghidra in the apps menu or by looking in the apps drawer on your Linux desktop.

If you use Ghidra frequently, it can be tedious to manually locate the directory and launch it each time from the terminal.

A simple solution to streamline this process is to create a desktop shortcut to Ghidra. Here is how to create a desktop shortcut to Ghidra SRE:

1. Create a desktop input file and populate it with the data below:

   [Desktop Entry]
   Version=10.0
   Type=Application
   Terminal=false
   Icon=/home/artemix/ghidra/support
   Exec=sh /home/artemix/ghidra/ghidraRun.sh
   Name=Ghidra
   

2. Replace the data in the Icon and Executive fields with the location of the Ghidra icon and the launch script in your machine.
3. Save the file as “Ghidra.desktop” in the Desktop directory.
4. Right click on the file and set it to Allow launch or launch a terminal and use the chmod command to make it executable for all users.

   chmod a+x Ghidra.desktop

Now you can launch Ghidra directly from the desktop shortcut you just created. Saves you a lot of time and effort whenever you have to work with Ghidra.

Reverse engineering is the process of decompiling a software binary to study and modify its source code. This is a sophisticated technique used by security professionals to analyze and neutralize malware.

While Ghidra’s modularity, portability, and vast feature set have made it a fan favorite among professionals and enthusiasts alike, there are plenty of security-based alternatives you can choose from.

Read more

About the Author