hngopher.com

       [HN Gopher] Ghidra 9.2
       ___________________________________________________________________
        
       Ghidra 9.2
        
       Author : KindOne
       Score  : 44 points
       Date   : 2020-11-13 19:43 UTC (3 hours ago)
        
 (HTM) web link (ghidra-sre.org)
 (TXT) w3m dump (ghidra-sre.org)
        
       | AsyncAwait wrote:
       | So are we not concerned this is coming from the NSA anymore?
       | Genuinely asking, as imo they wouldn't try to sneak something in
       | the very first time it was released, all eyes were on them, but
       | now?
        
         | saagarjha wrote:
         | Generally, no. Consider that the people who use this tool are
         | probably the best to find malicious things in it.
        
         | unnouinceput wrote:
         | Open source, so no, we're not.
        
       | gautamcgoel wrote:
       | This is named after the three-headed dragon from the Godzilla
       | cinematic universe, right?
        
         | rockdiesel wrote:
         | I don't think it is.
         | 
         | King Ghidorah is the 3 headed monster from the Godzilla
         | universe.
        
           | monkpit wrote:
           | Certainly seems like it is...
        
       | saagarjha wrote:
       | Anyone know if there's a changelog available anywhere?
        
       | dx87 wrote:
       | For anyone looking to learn Ghidra and finding it a little
       | overwhelming, a Ghidra book was recently released. I'm finding it
       | very helpful so far.
       | 
       | https://nostarch.com/GhidraBook
        
         | huntsman wrote:
         | I'd also highly recommend the training course slides that are
         | included in the Ghidra distribution. The "Advanced" course
         | especially covers some cool tricks and ways Ghidra is different
         | from IDA/Binary Ninja.
        
       | 0xquad wrote:
       | Is there a database of already analyzed objects? For example, can
       | I search on the sha256sum of my IoT device's firmware and see if
       | someone else has done the heavy lifting?
        
       | mettamage wrote:
       | Currently, I don't get Ghidra that much. But I appreciate the
       | decompiler. While it isn't perfect, it reverses simple functions
       | to C like pseudo-code a lot faster than I can (not that I'm fast
       | at that anyway). Combining it with the free version of IDA (the
       | disassembler, not the decompiler of IDA) has helped me a lot with
       | hackthebox.eu challenges :)
        
         | jcranmer wrote:
         | I've never tried IDA Pro's decompiler, but my most recent
         | experience with the Ghidra decompiler had me going back to my
         | tried-and-true hand decompilation steps. (Admittedly, the
         | function in question had a switch statement that had sparse and
         | dense cases (with holes in the dense block!), which is
         | definitely going to do a decent job of confusing native
         | decompilers).
        
           | mettamage wrote:
           | Oh dear, yea no switch statement when I needed to use it. A
           | lot of byte/bit flipping.
        
       | KindOne wrote:
       | Previous discussion when it was announced back in 2019, with 400+
       | comments:
       | 
       | https://news.ycombinator.com/item?id=19315273
        
       | zelly wrote:
       | Still waiting for a built-in debugger like IDA has
        
         | 29athrowaway wrote:
         | Not built in, but useful:
         | 
         | - edb
         | 
         | - x64dbg
        
       ___________________________________________________________________
       (page generated 2020-11-13 23:00 UTC)