Mr.Trunk · @mrtrunk
10 followers · 17826 posts · Server dromedary.seedoubleyou.me
Giovanni Crisalfi · @gicrisf
87 followers · 323 posts · Server fosstodon.org

I never wrote Assembly in my life, but tonight (for some reason) I thought of disassembling simple C code snippets with Ghidra. So, I started with a hello world and was very surprised to find a much more extensive and complex result compared to my original assembly (obtained with GCC).

I mean, it's a Hello World!

#ghidra #gcc #clang #assembly #asm

Last updated 1 year ago

Milos Constantin · @Tinolle
68 followers · 158 posts · Server hachyderm.io

Comprehensive toolkit for headless github.com/20urc3/Sekiryu?s=09

#ghidra

Last updated 1 year ago

The Last Psion | Alex · @thelastpsion
363 followers · 900 posts · Server bitbang.social

Is anyone using to DOS apps to C? Have you had much success?

Yes, my brain is trying to find distractions again, but this is my last gasp of dopamine-hunting before the day job gets busy again.

#retrocomputing #decompile #ghidra

Last updated 1 year ago

mcneb10 · @mcneb10
4 followers · 45 posts · Server mstdn.social

Hello users! How do you keep track of your progress reverse-engineering something? I’m working on a game engine with ~1.6K functions and it’s hard to visualize how much work I still have to do. Any suggestions?

#ghidra

Last updated 1 year ago

Lup Yuen Lee 李立源 · @lupyuen
1670 followers · 17600 posts · Server qoto.org
Adam ♿ · @voltagex
396 followers · 1088 posts · Server aus.social

Looks like libtiqiaadev.so is the way to go.

nm -D tells me there's functions exported like:
Java_com_icontrol_dev_TiqiaaCIRDevice_x
Java_com_icontrol_dev_TQUartDevice_x

(just strange function names, not actually using JNI or anything?)

Time to go pretend I know how to use

#ghidra

Last updated 2 years ago

So between versions 10.1.5 and 10.2.3 has gotten better at removing dead/junk code when I write payloads.

Basically, without returning the values of junk calculations (gcc/g++ 11.3.0), your junk code that you may be using for say… sandbox evasion (faking a computation loop) would disappear in the decompilation section.

So what do you do? Set all integers to volatile, and RETURN them without even using them. As you can see, they reappear in the decompilation.

#ghidra #malware #pentesting

Last updated 2 years ago

Gus · @projectgus
671 followers · 732 posts · Server aus.social

I have a silly newbie question: if you have some binary data in an executable and you want to export those data bytes to a binary file as-is, can you do this?

The best options I've found are:

- "Export and Import", which is a cool feature but means importing the file it just wrote out back into the Ghidra project, which isn't always useful.

- "Copy Python Byte String" then paste the byte string into a Python REPL, and use a one-liner to write that to a file. Works fine, seems roundabout...

Surely there's something obvious I'm missing here?

#ghidra #reverseengineering

Last updated 2 years ago

Sidney Borne :donor: · @Sidneys1
47 followers · 257 posts · Server infosec.exchange
Sébastie[N] Kirche :debian: · @sebkirche
56 followers · 879 posts · Server framapiaf.org

TIL about the existence of an / like decompiling and reversing tool. Unfortunately for me it is made with .Net 6.0 and won't run on my main Linux workstation. github.com/uxmal/reko

#ghidra #ida #reko

Last updated 2 years ago

We got libfrida-core building for Ghidra and loaded into the Debugger extension during the stream today! With a bit of work we’ll have the Frida 15 to 16 port done and a script to automatically build the Frida Ghidra extension! 🥳

#ghidra #frida #debugger #reverseengineering #vtuber

Last updated 2 years ago

0xor0ne · @0xor0ne
593 followers · 120 posts · Server infosec.exchange

Cool blog post for learning Ghidra a little bit more in depth by adding a new ISA (credits Tracy Mosley)

trenchant.io/expanding-the-dra

#ghidra #reverseengineering #infosec #cybersecurity

Last updated 2 years ago

Renaud Lifchitz :verified: · @nono2357
257 followers · 2020 posts · Server infosec.exchange

Just added a script to Ghidra to build the lldb bindings from a brew install. Hopefully this will make it a little easier to use lldb and Ghidra together! 🐉👩‍💻

github.com/NationalSecurityAge

#ghidra #debugger #lldb

Last updated 2 years ago

Michael Oland · @uthanda
16 followers · 56 posts · Server musician.social

Trying my hand at reverse engineering using . It's fun but mind bending for sure.

#ghidra

Last updated 2 years ago

GeekProjects News · @news
2 followers · 2317 posts · Server geekprojects.com
IT News · @itnewsbot
2956 followers · 251380 posts · Server schleuss.online

Making Ghidra Play Nice With RP2040 - Developing firmware for RP2040 is undeniably fun, what’s with all these PIOs. Howe... - hackaday.com/2023/03/01/making

#rp2040 #ghidra #svdfile #raspberrypi #reverseengineering

Last updated 2 years ago

Sidney Borne :donor: · @Sidneys1
45 followers · 237 posts · Server infosec.exchange

Anyone have experience Win32 applications and identifying variables within thread-local storage? doesn't seem to know anything about them.

#reverseengineering #ghidra #askfedi

Last updated 2 years ago

Hexorg · @hexorg
47 followers · 242 posts · Server techhub.social

Pretty excited - in preparation to my talk I have found and fixed a bug in on my own… it’s a small regression bug but it took some digging to figure it out. github.com/NationalSecurityAge
Someone elsewhere pointed out that RSP = RSP +8 - RAX is the correct solution.
… I should submit a pull request

#ghidra

Last updated 2 years ago