Automated VR with Ghidra
This course teaches students methods to automate Ghidra in support of large-scale vulnerability analysis and general reverse engineering tasks. Students will develop scripts in Python, Kotlin, and Java to automate the extraction of data (e.g., strings, mnemonic frequency, function signatures, block sizes, cyclomatic complexity) from an arbitrary number of binaries across different architectures. After completing this course, students will have the practical skills to automate and extend Ghidra with scripts and modules.
Course Topics
Introduction:
- Ghidra overview
- Reversing refresher
- Development environment
Automation Interfaces:
- Python prompt
- Script Manager
- Remote Ghidra+Python+Jupyter console
- Remote Ghidra+Kotlin+Jupyter console
- Eclipse GhidraDev Extension
- Headless mode
Automation Granularity:
- currentProgram object
- FlatAPI
- Modules
- Tools
- Extensions
Special Topics:
- Data extraction (e.g., strings, mnemonic frequency, function signatures, block sizes, cyclomatic complexity)
- Batch analysis
- Cross-architecture analysis
- Binary Similarity analysis
- Analysis and graphing of large datasets
Prerequisites
Students are expected to have experience with Ghidra and be proficient in navigating and manipulating code in the disassembly and decompiled views.
Software requirements
Students are expected to have their own computers which can run a 30GB virtual machine. A recommended hardware configuration is the following:
- 50 GB of free hard disk space
- 16 GB of RAM
- 4 Processor cores
- VMWare or Virtual Box to import an ova file