Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ghidra 11.0 Released (github.com/nationalsecurityagency)
81 points by voxadam on Dec 23, 2023 | hide | past | favorite | 11 comments


It has BSIM that can fuzzy-find what libraries are statically compiled, so you know what version of a library that might be compiled in and if there are changes to it. Interesting that it is not only local but you can use an elastic search for that, I am guessing NSA has a pretty big elastic cluster with just binaries of libraries.


Github has a huge index of binaries of libraries too.


Pointer to that index? Quick google couldn't find it


> A new Golang String Analyzer which finds and marks up Golang strings so they display correctly in the decompiler

Finally! Thanks!


What's the best course on getting started with Ghidra?


Try “The Ghidra Book” [0]

I’m still going through it myself

https://www.ghidrabook.com


I'm glad they added LoongArch support in this one. Please add more Asian chips support please.

Would also be great to add support for most filesystems used by contemporary phones, such as F2FS - and some other embedded ones such as QNX4 FS.

Would be great to integrate Ghidra with ROM dumping tools as well, so that people can actually do research on what is shipped to their own devices.


Given Ghidra's sponsor, I would expect particularly strong support for mainline platforms used in the US (eg, Qualcomm, apple silicon, intel, ARM)...and curiously, but perhaps not talked about much, strong support for Chinese hardware, based on their leadership wanting to look at US' potential adversaries?


Yeah, well - They should be looking at the hardware supported by the Linux kernels and our present day compilers, so they can look at software running on present day devices.

Another way, like you said, is to focus on adversarial interoperability, so paying attention to formats which do not have a meaningful way to disassemble / patch today and could use this treatment - for ensuring that critical systems always have a fallback. This especially means figuring out the supply chain of chips and firmware and having ways to ensure all of them are auditable.


"Ghidra is a software reverse engineering (SRE) framework". Interesting attempt at using a fairly well known acronym for a different purpose.


Acronyms have different meanings in different domains.

Within the domain of vulnerability research, SRE commonly refers to software reverse engineering.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: