As a free and open-source reverse engineering tool including a decompiler for many architectures, Ghidra has become a prevalent tool in the computer industry. In this training you will learn how to use Ghidra from reversing simple executable to being able to look at a full embedded firmware. After following this training, you will be able to use Ghidra as your main reverse engineering tool.
- Using Ghidra disassembler and decompiler
- Introduction to ARM architecture
- Reversing ELF files for different architectures
- Reversing Thumb and ARM32 mode with Ghidra
- Improving decompiler output with types and structures
- Reversing C++ binary
- Using Ghidra for signatures & libraries
- Extending Ghidra by writing your own scripts
- Identifying an unknown firmware architecture
- Common code patterns present in RTOS and bare-metal firmware
- Loading and analyzing bare-metal firmware
This first day is all about learning how to make reverse engineering with Ghidra.
We will first make an introduction for Ghidra and see how it can be used for reversing small challenges. The ARM architecture and its particularity will be explained and you will be challenged to do small crack-me.
Then we will practice with more advanced functionalities of Ghidra: how to support structures and to handle C++ binaries. We will then use Ghidra functionalities for handling libraries and creating function signatures.
At the end of this first day, you will be able to tackle basic reverse engineering tasks.
The second day is focus on reverse engineering real firmware and using advanced Ghidra functionalities for making it easier.
We will study real firmware during this day, and in particular see how to handle bare-metal firmware where the common Unix format is not present.
An important focus will be on the different architectures which are common in embedded software. We will see the differences with ARM, how we can handle them as well as how it will be possible to identify the architectures in case where it is unknown.
We will also look at the different ways we can enhance Ghidra and automate tasks by using the scripts provided with Ghidra and how to write our own.
At the end of this training, you will be able to use Ghidra efficiently for reverse engineering firmware of embedded devices.
- Good understanding of the C language, especially pointers
- Basic assembly skills (No matter which architecture)
- A computer which can run VMWare, our VM has everything preinstalled.