How to build and maintain Ghidra on Linux
Ever since Ghidra was released in 2019, it became a popular open-source alternative to commercial reverse-engineering tools. In this article, I will show that install Ghrida on Linux is easier than on Windows
Ghidra was a tool developed by the United States National Security Agency (NSA) in 2019. Since then it became a popular open-source alternative to commercial reverse-engineering tools such as IDA Pro. While anyone can download it off the Internet, regardless of your operating system, we are going to build our virtual reverse-engineering rig.
Motivation for building
My reasons for going DIY and building it from scratch isn’t simply because I want to understand its internals or how it works. But because such tools are themselves in active development and new code is pushed out on its Github repository very regularly, you get to use the latest right from the source.
Ghidra was built to be compatible with many platforms like Windows, Mac and Linux, just to name a few.
Why I choose *Nix?
Being a natural Windows user, I downloaded the latest releases in binary format to run it. However I realized it got outdated very fast and I had to download a future release if I wanted the new features and fixed bugs. So, I decided that enough, I’m going to build it from scratch. There is just got to be a more elegant way to do it! Fear not, its surprisingly easy to build and run Ghidra on Linux. And virtualization has made setting up Linux on your PC possible without altering your system
Looking at the build requirements shocked me! No, you can’t use GCC / G++ (Mingw) to build the windows version. You need to use Visual Studio. No, surrender to Microsoft. Arruuggg! Not really. Actually, Visual Studio isn’t bad, in fact its free! BUT, I had not been successful cloning it from Github and building it with Visual Studio. Think may have improved as of this writing, but heck, I’ve decided to go with Linux as its neater. You are going to be surprise how easy it would be as compared to Windows!
Getting started
You will need a *nix based system if you haven't got one. In our tutorial, we are using Ubuntu Linux. If you dont have a Linux environment, please follow the instructions to set up a Linux Virtual Machine on your PC.
Okay, Let’s GO!
So with VirtualBox install and a copy of virtualized Ubuntu Linux, we are ready to roll. Keeping in line with the requirements (as of this writing), there is a good chance we already have all the tools, as we shall see.
- JDK 11 64-bit
- Gradle 6.8+ or 7.x
- make, gcc, and g++
In my development experience with Linux, about 70–80 % of the time Linux comes with the necessary tools like JDK, Make, Git, Gradle, GCC/G++, Python and even Perl. This means you wont need to download and install the software yourself, saving time. With that I’ll give it a try, but if we didn’t meet the system requirements, not to worry. You will be told to upgrade most of the time.
Some conventions
This is optional but I recommend creating two folders to keep things organized.
ghidra_src — The source code folder for Ghidra, which will receive code from Github code repository
ghidra_dist — The folder for the compiled code output. There will be a runGhidra script to start the program
1.So we start by executing this command:
$ mkdir ghidra_src2. And dist:
$ mkdir ghidra_dist3. Then switch into the src directory:
$ cd ghidra_src4. We are going to modify the command a bit. Note the . This tells it to clone into our custom ghidra_src directory instead of creating a ghidra folder to follow the project name (feel free to copy the entire line)
$ git clone https://github.com/NationalSecurityAgency/ghidra.git .Wait for the clone to complete.
Now, follow as per instructions at https://github.com/NationalSecurityAgency/ghidra#build
5. Now we download the dependencies
$ gradle -I gradle/support/fetchDependencies.gradle init6. If all goes well, we can now create a development build
$ gradle buildGhidraThis will take some time too.
7. When build completes successfully, the binary version will be found in ghidra_src/build/dist folder. We can confirm this either by opening up the folder in the Graphic User Interface (GUI) or typing cd build/dist followed byls command
mobile@ubuntu:~/ghidra$ cd build/dist
mobile@ubuntu:~/ghidra/build/dist$ ls
ghidra_10.2_DEV_20220619_linux_x86_64.zip
mobile@ubuntu:~/ghidra/build/dist$
It will be in a zip file.
In this case it is ghidra_10.2_DEV_20220619_linux_x86_64.zip
8. Now, since we can’t directly run the program from the zip file, we are going to unzip this file to the ghidra_dist folder we created earlier. There are 2 ways we can do it, by GUI or command. We are going with the command way. To do that we run:
$ unzip build/dist/ghidra_10.2_DEV_20220619_linux_x86_64.zip -d /home/mobile/ghidra_distOr, if you have used the cd + ls route
$ unzip ghidra_10.2_DEV_20220619_linux_x86_64.zip -d /home/mobile/ghidra_dist9. Now, the software is ready to be run. Make sure you are in the ghidra_dist/ghidra_10.2_DEV directory. Now, type ./ghidraRun command to start Ghidra.
$ cd ghidra_dist/ghidra_10.2_DEV
$ ./ghidraRun
10. When running Ghidra for the very first time, you will see the user agreement. Click on the I Agree button
Congratulations! You have successfully installed Ghidra on Linux. I couldn't stress how easy this was.
Updating Ghidra
This article would not be complete if I left this section out! Okay, So a few weeks or months have passed and good news — a new version of Ghidra comes out. So how to I update Ghidra? Simple. First, we need to make sure we are in the Ghidra working directory (or source code directory) We use
$ cd ghidra_srcThen issue command
$ git pullthis refreshes the code repository with new source code. Then follow the instructions from Step 6 in the previous section to build and extract an update version of Ghidra. That’s all.
Useful links
- A useful guide for building Ghidra from source https://www.0x90.se/build-ghidra-10-from-source/
- There is a lot more configurations of Ghidra you could build. This YouTube video tutorial shows you how to build different features branches
Conclusion
Virtualization technologies allow you to easily run Linux and Linux software without changing your existing Operating System (OS). Best of all the software is all free and Open Source.
Virtualization opens the door to Cloud computing and newer technologies that allow you to run a PC from just about anywhere!
Clap along if you feel this article has helped you. Don’t forget to follow me. Any issues, questions or suggestions to make this article less lengthy? Let me know in the comments below. Thanks for reading and Happy Reverse Engineering!
