Firmware reverse engineering with Ghidra

Learn how to reverse engineer firmware efficiently with Ghidra, from ARM over MIPS to x86!

May 04 – May 05, 2020
9:00 AM – 4:30 PM
Europe (CET)
Live Training
Purchase TicketsCan't attend?

Pricing (Prices exclude 19% VAT for Germany)

€1,400.00

until April 30

€1,750.00

after April 30

Availability

Tickets Available

Capacity

16

Language

English

Live Training

This training will be offered live using Advanced Security’s custom classroom solution. You will recieve a unique link with the login details for our classroom enviornment prior to the event.

Dates

May 04 – May 05, 2020

Duration

9:00 AM - 4:30 PM
Europe (CET)

The release of Ghidra changed the reverse engineering landscape: A free and open-source reverse engineering suite with a state-of-the art decompiler with support for a ton of architectures. In this training you will learn how to use Ghidra efficiently to reverse engineer firmware and other binaries from ARM to x86. At the end of the training you will be proficient enough in Ghidra to use it as your main, day-to-day reverse engineering tool.

What you will learn

  • Introduction to Ghidra
  • Reversing (x86 & ARM) ELF binaries using Ghidra
  • Introduction to the ARM architecture & instructions
  • Reversing ARM binaries using Ghidra
  • Thumb & ARM32 in Ghidra
  • Optimizing the decompiler output
  • Working with types and structures
  • Decompiling C++ using OOAnalyzer
  • Loading bare-metal code using SVD-Loader
  • Identifying chips using chipfinder
  • Using the graph view
  • Using different scripts supplied with Ghidra
  • Writing basic scripts in Python
  • Using advanced Ghidra functionality

Schedule

Day 1

Day 1 is all about getting started with Ghidra: A general introduction into the user-interface, focusing on the project manager and the code browser. We will look at the different automated analysis options, and start with reverse engineering some ELF binaries for different architectures.

Aftwarewards, we start exploring how we can optimize the decompiler output: Creating custom types, loading C headers, overriding function signatures, and so on.

We also look at how to make our life in Ghidra much easier by using Function ID: Generating function signatures for different standard libraries, and also for different embedded libraries.

At the end of day 1 you will be able to do basic reverse engineering in Ghidra.

Day 2

On day 2 we will start looking at the more advanced features of Ghidra and its plugins & scripts: Creating custom memory maps, working with some of the built-in scripts, and writing our own scripts in Python.

A big focus is also on learning how to work with flat binaries: Especially bare metal firmware often lacks any structured format, making reverse engineering a bit more challening.

We will start looking at datasheets of processors and how to use them during reverse engineering, and how to identify different ARM chips using chipfinder. Afterwards we look at loading the firmware of different devices and how to annotate all the different peripherals etc.

We will also look at using Yara signatures in Ghidra, a tool for pattern matching that makes finding cryptographic functions & co very easy.

At the end of day 2 you will be able to efficiently reverse a wide range of binaries using Ghidra, for most of the supported architectures.

Class requirements

  • Good understanding of the C language, especially pointers
  • Basic assembly skills (No matter which architecture)

What you need to bring

A computer with running Ghidra 9.1.2, alternatively you can also download our VM that has everything pre-installed.

Training by Thomas Roth

Thomas is best known for his attacks on embedded devices. His research focuses on mobile and embedded systems with published research on TrustZone, payment terminals, and embedded security.

Companies paying
Online by Credit Card

Individuals, Wire Transfers,
or Group Discounts

Can't attend? Would you like this training at your location? We'll be in touch.

Courses are offered multiple times a year at locations worldwide.
All of our courses are also available as private trainings.