Original author(s) | NSA |
---|---|
Initial release | March 5, 2019 |
Stable release | 11.1
[1]
/ June 7, 2024 |
Repository |
github |
Written in | Java, C++ |
License | Apache License 2.0 / Public domain [2] |
Website |
ghidra-sre |
Ghidra (pronounced GEE-druh; [3] /ˈɡiːdrə/ [4]) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub. [5] Ghidra is seen by many security researchers as a competitor to IDA Pro. [6] The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form. [7]
Scripts to perform automated analysis with Ghidra can be written in Java or Python (via Jython), [8] [9] though this feature is extensible and support for other programming languages is available via community plugins. [10] Plugins adding new features to Ghidra itself can be developed using a Java-based extension framework. [11]
Ghidra's existence was originally revealed to the public via Vault 7 in March 2017, [12] but the software itself remained unavailable until its declassification and official release two years later. [5] Some comments in its source code indicates that it existed as early as 1999. [13]
Version | Year | Major features |
---|---|---|
1.0 | 2003 | Proof of concept |
2.0 | 2004 | Database, docking windows |
3.0 | 2006 | SLEIGH, decompiler, version control |
4.0 | 2007 | Scripting, version tracking |
5.0 | 2010 | File system browser |
6.0 | 2014 | First unclassified version |
9.0 | 2019 | First public release |
9.2 | 2020 | Graph visualization, new PDB parser |
10.0 | 2021 | Debugger |
11.0 | 2023 | Rust and Go binaries support, BSim |
11.1 | 2024 | Swift and DWARF 5 support, Mach-O improvements |
In June 2019, Coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite. [16]
Ghidra can be used, officially, [17] [18] as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB. [19]
The following architectures or binary formats are supported: [20] [21]
Original author(s) | NSA |
---|---|
Initial release | March 5, 2019 |
Stable release | 11.1
[1]
/ June 7, 2024 |
Repository |
github |
Written in | Java, C++ |
License | Apache License 2.0 / Public domain [2] |
Website |
ghidra-sre |
Ghidra (pronounced GEE-druh; [3] /ˈɡiːdrə/ [4]) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub. [5] Ghidra is seen by many security researchers as a competitor to IDA Pro. [6] The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form. [7]
Scripts to perform automated analysis with Ghidra can be written in Java or Python (via Jython), [8] [9] though this feature is extensible and support for other programming languages is available via community plugins. [10] Plugins adding new features to Ghidra itself can be developed using a Java-based extension framework. [11]
Ghidra's existence was originally revealed to the public via Vault 7 in March 2017, [12] but the software itself remained unavailable until its declassification and official release two years later. [5] Some comments in its source code indicates that it existed as early as 1999. [13]
Version | Year | Major features |
---|---|---|
1.0 | 2003 | Proof of concept |
2.0 | 2004 | Database, docking windows |
3.0 | 2006 | SLEIGH, decompiler, version control |
4.0 | 2007 | Scripting, version tracking |
5.0 | 2010 | File system browser |
6.0 | 2014 | First unclassified version |
9.0 | 2019 | First public release |
9.2 | 2020 | Graph visualization, new PDB parser |
10.0 | 2021 | Debugger |
11.0 | 2023 | Rust and Go binaries support, BSim |
11.1 | 2024 | Swift and DWARF 5 support, Mach-O improvements |
In June 2019, Coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite. [16]
Ghidra can be used, officially, [17] [18] as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB. [19]
The following architectures or binary formats are supported: [20] [21]