DESOSA 2022

Ghidra

Ghidra is a free and open-source reverse engineering tool created and maintained by the National Security Agency (NSA). A big plus of Ghidra when you compare it to its competitors such as IDA (Pro) and Binay Ninja is that Ghidra is free and open source, whereas its competitors (ranging from configuration to configuration) cost between 200 and 10000 euros.

Ghidra is mainly written in Java, but the decompiler component is written in C++. With Ghidra one can analyze code on a variety of platforms such as Windows, macOS and Linux. Ghidra supports a wide variety of processor instruction sets and executable formats, meaning that it is able to decompile almost everything ranging from simple applications to decompiling the firmware loaded onto an Arduino board.

Project Site | Project Source

Authors

Hakan Ilbas

I am Hakan and I am currently in the second year of my Computer Science Master. I am interested in Cyber Security

Yingkai Song

I'm Yingkai, a first year Computer Science Master Student, Software Technology track. I'm interested in Software Engineering, Computer Graphics and Cyber Security.

Lola Dekhuijzen

I am a first year Computer Science Master student and my interests lie in Software Engineering and Cyber Security.

Johannes Ijpma

I'm Johannes, a master student Computer Science at the TU Delft with an interest Software Engineering, 3D modeling and game development.

Essay 4

Identification of the system’s key scalability challenges under a plausible scenario. Ghidra’s time performance Ghidra is a Software Reverse Engineering (SRE) framework, which includes a suite of full-featured, high-end software analysis tools that enables users to analyze compiled code on a variety of platforms, including Windows, macOS and Linux as described here. Therefore it is not really designed to be used on systems like tablets/phones. Even if these devices were capable of running Ghidra, it would not have been very useful, since analyzing code on small screens is not very user friendly.
Ghidra
March 23, 2022

Essay 3

The degree to key quality attributes satisfied Key quality attributes that make Ghidra unique are extensions (such as plugins), Ghidra server for multi-user collaboration and the GUI. Extensions: Ghidra is currently highly extensible, and a large portion of it is composed of plugins. One large portion of changes are related to development and fixes of extensions. By supporting the option to extend Ghidra according to one’s personal needs, Ghidra becomes a multifunctional platform that can be used in many different contexts.
Ghidra
March 20, 2022

Essay 2

Architectural style used in Ghidra Ghidra is a very large project with a lot of different features. Therefore we will focus on one of the many features of Ghidra, the Function graph. The function graph displays the functions that are decompiled from the binaries as code blocks in the GUI. The main architectural style used in the function graph feature of Ghidra is the model-view-controller architecture. This architectural style is commonly used for developing user interfaces that divide the related program logic into three interconnected elements, namely the view, the controller and the model.
Ghidra
March 10, 2022

Essay 1

Ghidra’s goal Ghidra is a free and open-source software reverse engineering suite developed by the National Security Agency (NSA). Ghidra has a suite of full-featured, high-end software analysis tools which enable users to analyze compiled code (since compiled code is not readable by humans). It works by decompiling the binaries such that they become human-readable. Ghidra can disassemble, assemble, decompile among hundreds of other things. It has support for a wide variety of processor instruction sets and executable formats, from ransomware running on Windows to fully inspecting the firmware that is dumped from an Arduino board.
Ghidra
February 3, 2022

Contributions

Add documentation to GraphPath.java

Ghidra

We looked around in the repository and noticed that the GraphPath class was lacking some documentation. Therefore we decided to add some meaningful documentation to this class.

open
Open PR

Adding tests for GraphPath.java

Ghidra

This contribution was meant to add tests to GraphPath.java, the class that lacked documentation, and that we added documentation to earlier, since it did not have any (unit) tests. Our tests achieve full branch coverage for every function except for toString().

open
Open PR

ArrayUtilities Tests

organisation/project

This PR adds new unit tests to ArrayUtilities.java, which did not have any tests written for it before. The tests achieve full branch coverage for every function in the class.

open
Open PR

JavaDoc Convention Fix

Ghidra

Usually with JavaDoc, you start with /**, go to the next line and write your documentation after the *. However in the OSFileNotFoundException class, the first line of documentation was already right after the /**. This PR fixed that. This automatically also fixed syntax highlighting for this comment.

merged
Open PR

Replace error-prone '==' with 'equals()'

Ghidra

This contribution was meant to fix an error prone usage of string comparison. In Java == produces a true in certain circumstances. Therefore we changed == to .equals().

open
Open PR