NSA ç±³å›½å›½å®¶å®‰å…¨ä¿éšœå±€ ãƒªãƒãƒ¼ã‚¹ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãƒªãƒ³ã‚°ãƒ„ãƒ¼ãƒ« Ghidraã‚’ä½¿ã†

æ ªå¼ä¼šç¤¾Ninjastarsã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã®ä¸€ç€¬å¥äºŒéƒŽã§ã™ã€‚
2019å¹´3æœˆ6æ—¥ã«å…¬é–‹ã•ã‚ŒãŸNSAè£½ã®ãƒªãƒãƒ¼ã‚¹ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãƒªãƒ³ã‚°ãƒ„ãƒ¼ãƒ«ã§ã‚ã‚‹ã€ŒGhidraã€ã«ã¤ã„ã¦ã®ãƒšãƒ¼ã‚¸ã¨ãªã‚Šã¾ã™ã€‚
æƒ…å ±ã¯é©æ™‚æ›´æ–°ã—ã¦ã„ãã¾ã™ã€‚

ghidra-sre.org

å¯¾è±¡OS

Windows,Mac,Linuxã§å‹•ä½œã—ã¾ã™ã€‚

Tips

ç™ºéŸ³
Frequently asked questions · NationalSecurityAgency/ghidra Wiki · GitHub
Gee-druh. The G sounds like the G in goto, great, good, graph, and GitHub. The emphasis goes on the first syllable.

é–‹ç™ºè¨€èªž
Javaç‰ã§ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã€‚

ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰
github.com

ãƒ‡ãƒãƒƒã‚¬æ©Ÿèƒ½ã¯ã‚ã‚‹ã‹
Ghidraã«ã¯å˜åœ¨ã—ãªã„ã€‚æœ‰æ–™ç‰ˆã®IDA Proã«ã¯å˜åœ¨ã™ã‚‹ã€‚

å¯¾è±¡ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£
NSAå½¹å“¡ã«ã‚ˆã‚‹æƒ…å ±

Ghidra processor modules: X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64,micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, Others+ variants as well. Power users can expand by defining new ones
— Rob Joyce (@RGB_Lights) 2019å¹´3æœˆ5æ—¥

åˆ©ç”¨æ–¹æ³•(Windows)

Ghidraã®ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰
Ghidra

1)ä¸‹è¨˜ã‹ã‚‰JDK11.02ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã€‚
Java SE Development Kit 11- - Downloads

2)jdkã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãŸå ´æ‰€ã®Pathã‚’é€šã™ã€‚
ä¾‹ C:\Program Files\Java\jdk-11.0.2\bin

3)Ghidraã‚’è§£å‡ã—ãŸãƒ•ã‚©ãƒ«ãƒ€ã®ghidraRun.batã‚’ãƒ€ãƒ–ãƒ«ã‚¯ãƒªãƒƒã‚¯

4)åŒæ„ç”»é¢ãŒå‡ºã‚‹ã®ã§I Agree

5)GhidraãŒèµ·å‹•ã—ã¾ã™!

f:id:Ninjastars:20190307033814p:plain — ã¯ã˜ã‚ã¦ã®GHIDRA

åŸºæœ¬çš„ãªä½¿ã„æ–¹

1)CodeBrowserã®èµ·å‹•ã€‚
File->New Project->Next->Project Nameã‚’å…¥åŠ›->ãƒ‰ãƒ©ã‚´ãƒ³ã®ã‚¢ã‚¤ã‚³ãƒ³ã‚’ã‚¯ãƒªãƒƒã‚¯ã§CodeBrowserãŒèµ·å‹•ã—ã¾ã™ã€‚

2)ãƒ•ã‚¡ã‚¤ãƒ«ã®è§£æžã€‚
è§£æžå¯¾è±¡ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’CodeBrowserç”»é¢ã«ãƒ‰ãƒ©ãƒƒã‚°ï¼†ãƒ‰ãƒãƒƒãƒ—ã§è§£æžã§ãã¾ã™ã€‚

æ©Ÿèƒ½èª¬æ˜Ž

1)æ–‡å—åˆ—æ¤œç´¢
Window->Defined String

2)å‚ç…§å…ƒã®æ¤œç´¢
ã‚·ãƒ³ãƒœãƒ«ä¸Šã§å³ã‚¯ãƒªãƒƒã‚¯->ä¸€ç•ªä¸‹ã®References->ä¸‹ã‹ã‚‰3ç•ªç›®ã¾ã§ã®Show ...ã§å‚ç…§å…ƒãŒæ¤œç´¢ã§ãã‚‹ã€‚

3)ãƒ•ãƒãƒ¼ãƒãƒ£ãƒ¼ãƒˆã‚’è¡¨ç¤º
è¡¨ç¤ºã—ãŸã„ã‚ªãƒšã‚³ãƒ¼ãƒ‰ç¾¤ã«ã‚«ãƒ¼ã‚½ãƒ«ä½ç½®ã‚’åˆã‚ã›ã‚‹->ä¸Šéƒ¨ãƒ„ãƒ¼ãƒ«ã‚¢ã‚¤ã‚³ãƒ³ã®"Display Function Graph"ã‚’ã‚¯ãƒªãƒƒã‚¯

f:id:Ninjastars:20190307142221p:plain — æ¡ä»¶åˆ†å²ãªã©ã‚’è¦‹ã‚„ã™ãè¡¨ç¤ºã—ã¦ãã‚Œã‚‹ã€‚

4)ãƒ•ãƒãƒ¼ãƒãƒ£ãƒ¼ãƒˆã®è¡¨ç¤ºãƒ¬ã‚¤ã‚¢ã‚¦ãƒˆã‚’å¤‰æ›´
Edit Code Block FIelds->ã‚¿ãƒ–ã‚’èª¿æ•´ã€‚

f:id:Ninjastars:20190308154451p:plain — ãƒ¬ã‚¤ã‚¢ã‚¦ãƒˆã‚’è‡ªç”±ã«èª¿æ•´ã§ãã‚‹ã€‚

5)ãƒã‚¤ãƒŠãƒªã®é–²è¦§ãƒ»ç·¨é›†
Window->Bytes:ãƒ—ãƒã‚°ãƒ©ãƒ åã‚’ã‚¯ãƒªãƒƒã‚¯ã§ãƒã‚¤ãƒŠãƒªã‚’è¡¨ç¤ºã—ã¾ã™ã€‚
ä¸‹ã®ç”»åƒã§èµ¤ãå›²ã¾ã‚Œã¦ã„ã‚‹å ´æ‰€ã§é–²è¦§ãƒ»ç·¨é›†ãƒ¢ãƒ¼ãƒ‰ã‚’å¤‰æ›´ã§ãã¾ã™ã€‚

f:id:Ninjastars:20190311154616p:plain — é–²è¦§ãƒ»ç·¨é›†ãƒ¢ãƒ¼ãƒ‰å¤‰æ›´ãƒœã‚¿ãƒ³

â€»Ghidraã®ä»•æ§˜ã§ãƒã‚¤ãƒŠãƒªç·¨é›†ã§ã‚ªãƒšã‚³ãƒ¼ãƒ‰ã‚’ç·¨é›†ã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“ã€‚
ã“ã‚Œã‚’å›žé¿ã™ã‚‹æ–¹æ³•ã¨ã—ã¦ã€6)ã®æ©Ÿèƒ½ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚

6)ã‚ªãƒšã‚³ãƒ¼ãƒ‰ã‚’æ›¸ãæ›ãˆã‚‹
ã‚ªãƒšã‚³ãƒ¼ãƒ‰ä¸Šã§å³ã‚¯ãƒªãƒƒã‚¯->Patch Instruction
ã‚ªãƒšã‚³ãƒ¼ãƒ‰ã€ã‚ªãƒšãƒ©ãƒ³ãƒ‰ã‚’æ–‡å—ã¨ã—ã¦ç›´æŽ¥å¤‰æ›´ã§ãã¾ã™ã€‚

7)ãƒ‡ã‚³ãƒ³ãƒ‘ã‚¤ãƒ©ã®ä½¿ç”¨
CodeBrowserä¸Šéƒ¨ã®Window->Decompilerã‚’ã‚¯ãƒªãƒƒã‚¯ã™ã‚‹ã¨åˆ¥Windowã«ã¦ãƒ‡ã‚³ãƒ³ãƒ‘ã‚¤ãƒ©ãŒèµ·å‹•ã—ã¾ã™ã€‚