How do I install Ghidra — NSA Open-Source Reverse Engineering Framework?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

Ghidra — NSA Open-Source Reverse Engineering Framework

Introduction

Ghidra is a software reverse engineering framework developed by the NSA and released as open source in 2019. It provides a full-featured suite of tools for analyzing compiled code across dozens of processor architectures, making it accessible to security researchers, malware analysts, and software auditors.

What Ghidra Does

Disassembles binaries for x86, ARM, MIPS, PowerPC, and 30+ other architectures
Decompiles machine code into readable C-like pseudocode
Supports collaborative multi-user reverse engineering via shared projects
Provides a scripting API in Java and Python (Jython) for automation
Analyzes firmware, malware, and proprietary file formats

Architecture Overview

Ghidra is built in Java with a modular plugin architecture. The core consists of a processor-specification language (Sleigh) that defines instruction semantics, enabling the same decompiler to work across all supported architectures. Analysis runs in a pipeline of analyzers that annotate the program database with cross-references, data types, and function signatures.

Self-Hosting & Configuration

Download release ZIPs from the official GitHub releases page
Requires JDK 17 or later on Windows, macOS, or Linux
Configure memory allocation in support/launch.properties
Set up a Ghidra Server for team collaboration with shared repositories
Extend with custom analyzer plugins placed in the Extensions directory

Key Features

Built-in decompiler that produces readable pseudocode across architectures
Version tracking to diff two binaries and identify patch changes
Extensible via headless analyzer mode for batch processing
Function ID database for automatic library function recognition
DWARF and PDB debug symbol ingestion

Comparison with Similar Tools

IDA Pro — commercial industry standard with faster UI, but costs thousands per license
Binary Ninja — modern commercial alternative with cleaner API but smaller architecture support
radare2/Cutter — open-source CLI-first framework, steeper learning curve
Hopper — lightweight macOS disassembler for quick triage, less powerful decompiler

FAQ

Q: Is Ghidra truly free for commercial use? A: Yes. Ghidra is released under the Apache 2.0 license and can be used for any purpose including commercial work.

Q: How does the decompiler compare to IDA's Hex-Rays? A: Ghidra's decompiler handles most architectures well. Hex-Rays may produce cleaner output for x86/ARM, but Ghidra covers more platforms out of the box.

Q: Can I automate analysis without the GUI? A: Yes. Ghidra provides a headless analyzer that runs scripts from the command line for batch processing.

Q: Does Ghidra support debugging? A: Ghidra 10.x added a debugger module supporting GDB and WinDbg backends for live debugging sessions.

Ghidra — NSA Open-Source Reverse Engineering Framework

Introduction

What Ghidra Does

Architecture Overview

Self-Hosting & Configuration

Key Features

Comparison with Similar Tools

FAQ

Sources

讨论

相关资产

Pocket ID — Self-Hosted OIDC Provider with Passkey Authentication

Feishin — Modern Self-Hosted Music Player

Romm — Self-Hosted ROM Collection Manager & Player