Ngesikhathi somhlangano weRSA I-US National Security Agency imemezele ukuvulwa kokutholakala kwe “Ghidra” Reverse Engineering Toolkit, kufaka phakathi i-disassembler exhumanayo esekelwa ukubola kwekhodi ye-C futhi inikeze amathuluzi anamandla wokuhlaziya okuphumelelayo.
Le phrojekthi Sekuyiminyaka ecishe ibe ngu-20 isathuthukiswa futhi isetshenziswa ngenkuthalo yizikhungo zezobunhloli zase-US.. Ukubona amabhukumaka, hlaziya ikhodi enonya, funda amafayela ahlukahlukene asebenzayo, uphinde uhlaziye ikhodi ehlanganisiwe.
Ngamakhono ayo, umkhiqizo uqhathaniswa nenguqulo enwetshiwe yephakethe lobunikazi le-IDA Pro, kepha yakhelwe kuphela ukuhlaziywa kwekhodi futhi ayifaki i-debugger.
Ngakolunye uhlangothi, IGhidra inokusekelwa kokubola kube yi-pseudocode ebukeka njenge-C (ku-IDA, lesi sici sitholakala ngama-plugins wesithathu), kanye namathuluzi anamandla kakhulu wokuhlaziywa ngokuhlanganyela kwamafayili asebenzayo.
Izici eziyinhloko
Ngaphakathi kwethuluzi lamathuluzi lobunjiniyela beGhidra reverse singathola okulandelayo:
- Ukusekelwa kwamaqoqo ahlukahlukene emiyalo yeprosesa namafomethi wefayela asebenzayo.
- Ukuhlaziywa kokusekelwa kwefayela okwenzekayo kwe-Linux, Windows ne-MacOS.
- Kufaka phakathi i-disassembler, i-assembler, i-decompiler, i-generator enezinhlelo zokusebenzisa igrafu, imodyuli yokwenza imibhalo kanye nesethi enkulu yamathuluzi asizayo.
- Amandla okwenza ngezindlela zokusebenzisana nezenzekelayo.
- Ukuxhaswa kwe-plug-in nokwenziwa kwezinto ezintsha.
- Ukusekelwa kokuzenzakalela kwezenzo nokwelula ukusebenza okukhona ngokuxhuma kwezikripthi ngezilimi zeJava nezePython.
- Ukutholakala kwezimali zokusebenzisana kwamaqembu ocwaningo nokuxhumanisa umsebenzi ngesikhathi sobunjiniyela obubuyela emuva bamaphrojekthi amakhulu kakhulu.
Kuyathakazelisa ukuthi, emahoreni ambalwa ngemuva kokukhishwa kukaGhidra, iphakheji ithole ukuba sengozini ekusetshenzisweni kwemodi yokulungisa iphutha (kukhutshazwe ngokuzenzakalela), okuvula imbobo yenethiwekhi 18001 yokulungisa iphutha lesicelo okukude usebenzisa i-Java Debug Wire Protocol (JDWP).
Ngephutha, ukuxhumeka kwenethiwekhi kwenziwa kuzo zonke izixhumi zenethiwekhi ezitholakalayo, esikhundleni se-127.0.0.1, ini wena ikuvumela ukuthi uxhume ku-Ghidra kusuka kwezinye izinhlelo futhi usebenzise noma iyiphi ikhodi kumongo wohlelo lokusebenza.
Isibonelo, ungaxhuma kwi-debugger bese ukhipha isisu ngokusetha indawo yokuqhekeka bese ufaka ikhodi yakho esikhundleni sokwenza okunye ngokusebenzisa umyalo "wokuphrinta omusha", isibonelo, »
phrinta i-java entsha.lang.Runtime (). exec ('/ bin / mkdir / tmp / dir') ».
Ngaphandle kwalokho, futhiKungenzeka ukubheka ukushicilelwa kohlelo olubukeziwe ngokuphelele lwe-disassembler evulekile yokusebenzisana iREDasm 2.0.
Uhlelo lunesakhiwo esandekayo esikuvumela ukuthi uxhume abashayeli ngamasethi angeziwe emiyalo namafomethi wefayela ngendlela yamamojula. Ikhodi yephrojekthi ibhalwe ku-C ++ (isikhombimsebenzisi esisekwe ku-Qt) futhi yasatshalaliswa ngaphansi kwelayisense le-GPLv3. Umsebenzi usekelwa kuWindows nakuLinux.
Iphakheji eyisisekelo isekela amafomethi we-PE, ELF, DEX firmware (Android Dalvik), i-Sony Playstation, i-XBox, i-GameBoy ne-Nintendo64. Kumaqoqo wokufundisa, i-x86, x86_64, i-MIPS, i-ARMv7, i-Dalvik, ne-CHIP-8 ziyasekelwa.
Phakathi kwezici, singasho ukusekelwa kokubukwa okusebenzisana ngesitayela se-IDA, ukuhlaziywa kwezinhlelo zokusebenza ezinemicu eminingi, ukwakhiwa kweshadi lenqubekela phambili ebonakalayo, injini yokucubungula isiginesha yedijithali (esebenza namafayela e-SDB) namathuluzi okuphathwa kwephrojekthi
Ungayifaka kanjani i-Ghidra?
Okwalabo abanentshisekelo yokukwazi ukufaka i- this Reverse Engineering Toolkit “Ghidra”,, Kufanele bazi ukuthi kufanele okungenani babe:
- I-4 GB RAM
- 1 GB wesitoreji seKit
- Faka i-Java 11 Runtime and Development Kit (JDK) efakiwe.
Ukulanda iGhidra kufanele siye kwiwebhusayithi yayo esemthethweni lapho singalanda khona. Isixhumanisi yilokhu.
Kwenziwe lokhu wedwa Kuzofanele bavule iziphu iphakheji elandiwe futhi ngaphakathi kwenkomba sizothola ifayili elithi "ghidraRun" elizosebenzisa ikhithi.
Uma ufuna ukwazi kabanzi ngalo ungavakashela isixhumanisi esilandelayo.