Blogs

Ghidra disassembler / decompiler

Alan ThompsonSeptember 8, 2019

Slightly off the normal embedded topic, embedded reverse engineering.

The NSA (National Security Agency) has released their Ghidra dis-assembler / decompiler as open source. The Malware people have taken to it alongside the established IDA Pro. There’s lots of videos from Malware reverse engineering people available on YouTube, however it supports embedded processors, namely...


6502, 68000, 6805m 80251, 80390, 8051, 8085, AARACH64, ARM, AVR8, AVR32, CR16C, Davilak, dsPIC30F, dsPIC30F, dsPIC33E, dsPIC33F, MIPS, PA-RISC, PIC12, PIC16, PIC17, PIC18, PIC24, MSP430, MSP430X, Z80, Z180.  


More may come available via either NSA or open source community support. 

Example PIC code in Ghidra.

Before I continue, I believe developers should be paid for what they do, but there are some good reasons for reverse engineering, such as legacy products, safety critical, or homeland security.

So, how’s this Ghidra thing differ from a standard disassembly? It tries to identify functions in the code, graphs program flow, allows the naming of memory / variables, amongst many other features.

One notable feature is it tries to turn things into C code.

 

Which could be easier to understand than assembly or the basis for new project / ports to a different processor. 

If you're interested it's free, uses Java and can run on Windows and Linux. There's a tutorial (PC Code) hidden in the Ghidraclass folder. 

I have no financial  interest in this product.



To post reply to a comment, click on the 'reply' button attached to each comment. To post a new comment (not a reply to a comment) check out the 'Write a Comment' tab at the top of the comments.

Registering will allow you to participate to the forums on ALL the related sites and give you access to all pdf downloads.

Sign up

I agree with the terms of use and privacy policy.

Try our occasional but popular newsletter. VERY easy to unsubscribe.
or Sign in