These instructions were tested with macOS Catalina version 10.15.3.
- Download Ghidra from the NSA’s website. Extract the contents.
- Give the decompiler permissions to run. If you were to run Ghidra now, upon analyzing the binary, you’ll receive a message that indicates you are prevented from opening an app from an unidentified developer. To do this, in Finder, open
<YOUR_DOWNLOAD_PATH>/ghidra_9.1.2_PUBLIC/Ghidra/Features/Decompiler/os/osx64/decompile. Note you'll have to change Ghidra's version in the path. Right-click, select open, confirm. - Add Ghidra to your
$PATH. - Install the Java Runtime Environment or Java Development Kit. Install version 11.
- Start Ghidra with
ghidraRun. - Make a new project (not shared). After you create the project, launch the SRE tool (dragon symbol), and import the binary you want to analyze. That’s it!
Ghidra Review
Some additional thoughts!
There’s something satisfying about using free and open source software; you know that you have all of the features at your finger tips and it’s just up to you to learn them. And that’s the case with Ghidra. With IDA Free, you run into the paywall every so often and it’s incredibly frustrating to not be able to afford the entire program.
Ghidra was the most user friendly of the popular reversing tools I’ve dabbled with (IDA Free, Cutter, command line Radare2). The menus are intuitive and the shortcuts are easy to discover by hovering over UI elements. Aside from a few hiccups with the setup (see above), using the tool was smooth sailing. There’s even an undo feature to undo annotations! (IDA is missing such a feature.)
Ghidra’s decompiler performed eons better on the test binary I was reversing compared to IDA. IDA Free silently failed to produce any decompiled output while Ghidra started up with the decompiled result ready on launch — it didn’t require digging to bring up.
There’s also something friendly and inviting about Ghidra; the launcher program greets you with a cute message from the creator. I love it because it’s reminiscent of a Pokemon Center for some reason.
Thank you. Come again!
-- Dr. Apu NahasapeemapetilonOverall, really positive first impressions with using this tool. Try it out on your next reversing excursion!
