WEBVTT

00:01.100 --> 00:07.400
Competition and learning experience from one another are common in the field of reverse engineering

00:07.400 --> 00:08.200
frameworks.

00:08.210 --> 00:16.640
For example, Ida Pro recently incorporated the Undo feature which was previously available in Ghidra.

00:16.670 --> 00:23.000
So this demonstrates how frameworks continually evolve and adapt to incorporate useful features from

00:23.000 --> 00:24.230
their competitors.

00:24.230 --> 00:29.570
So now let's take a closer look at some of the current strengths of Ghidra.

00:32.310 --> 00:35.100
It is open source and free.

00:35.130 --> 00:41.280
Ghidra is open source, which means it's freely available for use, including its decompiler.

00:41.280 --> 00:47.130
And this makes it accessible to a wide range of users without any cost barriers.

00:47.310 --> 00:48.360
So.

00:51.130 --> 00:58.180
It has a lot of architecture support, so supports a wide range of architectures, even ones that may

00:58.180 --> 01:01.750
not be supported by other frameworks you are currently using.

01:01.780 --> 01:09.730
This flexibility allows you to work with different types of binaries and explore various platforms.

01:10.090 --> 01:18.490
It has project based approach allows you to work on multiple binaries simultaneously within a project.

01:18.490 --> 01:25.360
This feature is practically useful when dealing with related binaries such as executable and its associated

01:25.360 --> 01:26.200
libraries.

01:26.230 --> 01:32.050
It enables you to apply operations and analysis across multiple files efficiently.

01:33.940 --> 01:37.270
You can do collaborative reverse engineering with Ghidra.

01:37.450 --> 01:41.680
Ghidra is designed to support collaborative reverse engineering efforts.

01:41.680 --> 01:48.280
Multiple users can work on the same project, facilitating teamwork and knowledge sharing with the reverse

01:48.280 --> 01:49.480
engineering team.

01:50.400 --> 01:53.520
You can handle large firmware images.

01:53.550 --> 02:01.350
Ghidra is capable of handling large firmware images that are larger than one gigabyte without performance

02:01.350 --> 02:02.010
uses.

02:02.040 --> 02:08.940
This makes it suitable for analyzing and reverse engineering complex systems with substantial firmware

02:08.940 --> 02:10.020
components.

02:12.280 --> 02:13.930
Extensive documentation.

02:13.930 --> 02:20.980
Ghidra provides a comprehensive documentation, including examples and courses like this one.

02:21.010 --> 02:28.060
This wealth of resources helps users to understand the tools, features and capabilities, making it

02:28.060 --> 02:31.480
easier to learn and utilize effectively.

02:32.440 --> 02:33.010
Version.

02:33.010 --> 02:39.730
Tracking data allows you to track different versions of binaries and compare functions and data between

02:39.730 --> 02:40.120
them.

02:40.150 --> 02:46.630
This functionality is valuable when working with a software that undergoes frequent updates or revisions.

02:46.660 --> 02:52.420
In conclusion, it's beneficial to expand your knowledge by learning and exploring multiple reverse

02:52.420 --> 02:59.800
engineering frameworks and Ghidra stands out as a powerful framework that offers unique features and

02:59.800 --> 03:00.810
advantages.

03:00.820 --> 03:05.140
By familiarizing familiarizing yourself with Ghidra.

03:05.170 --> 03:11.020
You can leverage its capabilities to enhance your reverse engineering endeavors.

03:11.050 --> 03:17.080
Now, let's provide an overview of Jupiter itself to understand its capabilities and why it is more

03:17.080 --> 03:20.290
than just another open source Reverse Engineering framework.

03:21.160 --> 03:28.090
Ghidra is a powerful and versatile reverse engineering tool that offers extensive functionality beyond

03:28.090 --> 03:30.130
being an open source framework.

03:30.280 --> 03:38.350
And in this lecture you will also we will also provide overview of Ghidra and highlight its unique features

03:38.350 --> 03:39.370
and capabilities.

03:39.370 --> 03:49.600
So at the time of creating this course, which is 2023, the latest version of Ghidra is ten .3.1,

03:50.500 --> 03:54.760
which can be downloaded from official website or GitHub here.

03:54.760 --> 04:02.020
So to install ghidra, it's recommended to download the latest version from the official website by

04:02.020 --> 04:08.470
clicking on the just going to download here, you can also google it like ghidra here.

04:08.470 --> 04:09.100
That's it.

04:10.150 --> 04:17.800
And after that click on the first website download from GitHub and here you can download Ghidra from

04:17.800 --> 04:18.220
here.

04:18.370 --> 04:21.670
So now we will select this one here.

04:21.670 --> 04:27.300
It's 351MB just in one click Ghidra can be downloaded.

04:27.310 --> 04:34.510
So now let's explore the what ghidra has inside this files here.

04:35.950 --> 04:37.540
It's already downloaded here.

04:39.560 --> 04:40.550
Downloads.

04:43.110 --> 04:43.560
Geneva.

04:43.920 --> 04:50.240
And here in Ghidra we have several folders and extensions.

04:50.250 --> 04:58.800
So here the docs directory here actually, instead of just here, let's actually.

05:03.110 --> 05:04.310
Extract it.

05:06.290 --> 05:07.940
And look at the files.

05:07.940 --> 05:09.880
What does this have here?

05:09.890 --> 05:10.460
Right.

05:11.380 --> 05:12.850
So here.

05:14.920 --> 05:21.160
And once you have downloaded the Ghidra archive file and decompressed it or extracted it, you will

05:21.160 --> 05:23.440
find this following files here.

05:23.470 --> 05:25.150
We have docs.

05:25.150 --> 05:32.500
This is the directory that contains the documentation and valuable resources, including learning courses

05:32.500 --> 05:39.040
for all levels, cheat sheets and step by step installation guide here like that.

05:39.040 --> 05:40.540
So let's actually check that.

05:40.540 --> 05:41.500
Here we have.

05:41.530 --> 05:43.870
We also have the change history here.

05:46.100 --> 05:50.130
Which as you hear improvements, parks and so on.

05:50.150 --> 05:52.580
We have the cheat sheet here.

05:55.210 --> 06:02.630
This might especially well be useful when doing practical tests with reverse engineering here and ghidra.

06:03.270 --> 06:05.650
There's a search and so on.

06:06.160 --> 06:08.570
We also have Ghidra Javadoc.

06:08.590 --> 06:10.450
We will learn that later.

06:11.600 --> 06:14.020
Here we have the Java style.

06:14.030 --> 06:14.680
Good.

06:14.690 --> 06:19.550
So the purpose of the code Deuterostome accepted rules for code formatting, naming conventions, code

06:19.550 --> 06:22.190
complexity and other best practices.

06:22.220 --> 06:25.190
As you can see here, we also have the naming conventions here.

06:25.190 --> 06:30.110
So name for classes, interfaces, methods, parameters, instances, variables and long lived.

06:30.110 --> 06:35.360
Local variables should not contain abbreviations and acronyms except for well known ones.

06:35.780 --> 06:38.300
And here we have several.

06:38.300 --> 06:39.800
This is for the developer team.

06:39.800 --> 06:42.890
Mainly we have the installation grid for us.

06:43.910 --> 06:44.570
Here.

06:45.280 --> 06:52.120
This is the minimum requirements hardware for four gigabyte Ram and one gigabyte search for installed

06:52.390 --> 06:52.870
binaries.

06:52.870 --> 06:57.130
And here we have also dual monitors strongly suggested.

06:57.130 --> 07:03.580
But it's not just it's just a it's not a requirements but suggestion here.

07:03.670 --> 07:05.890
You can also use single monitor.

07:08.340 --> 07:09.390
Sort fair here.

07:09.390 --> 07:13.230
We also have the Java we need to install Java development kit also.

07:14.290 --> 07:16.240
And that's it.

07:16.240 --> 07:20.920
So we can run the data with graphical user interface mode, which we will do.

07:20.920 --> 07:24.190
And we also have the user agreement here.

07:26.700 --> 07:30.870
So remember, Jatra is free and open source.

07:32.310 --> 07:34.160
And this is the what's new here.

07:34.170 --> 07:35.130
So.

07:37.040 --> 07:45.980
And you can hear we can as I said, we we have the cheat sheets and step by step installation grid also.

07:45.980 --> 07:49.820
And here we also have the extensions.

07:50.060 --> 07:58.460
This this directory contains optional ghidra extensions that enhance its functionality and allow integration

07:58.460 --> 07:59.630
with other tools.

07:59.630 --> 08:06.320
And you can explore these extensions to customize and expand ghidra according to your specific needs.

08:07.190 --> 08:09.880
And we also have the Ghidra folder.

08:09.890 --> 08:16.670
This is the core directory that houses the program itself, and it contains the necessary files and

08:16.670 --> 08:19.070
components for running Ghidra.

08:19.340 --> 08:22.340
We have the GPL.

08:22.430 --> 08:27.980
This directory contains standalone GPL support programs that accompany ghidra.

08:28.340 --> 08:31.790
We have the licenses.

08:32.530 --> 08:38.440
Here you can find the licenses used by Ghidra and its associated components.

08:38.620 --> 08:40.970
And we have the server here.

08:40.990 --> 08:46.060
This directory includes files related to ghidra server installation and administration.

08:46.060 --> 08:51.610
So Ghidra server enables collaborative reverse engineering capabilities and allows multiple users to

08:51.610 --> 08:55.180
work on the same project simultaneously.

08:56.380 --> 08:57.640
We have support here.

08:57.640 --> 09:04.240
So this directory provides advanced configuration options for running ghidra and controlling its launch

09:04.240 --> 09:05.050
behavior.

09:06.090 --> 09:11.400
It allows you to launch ghidra in different modes, including debugging mode.

09:11.430 --> 09:12.030
Here.

09:13.730 --> 09:14.990
That's it here.

09:14.990 --> 09:20.240
And we have the Ghidra run shell script here.

09:20.240 --> 09:22.670
So Ghidra run and Ghidra run that.

09:22.670 --> 09:30.890
But these scripts are used to launch Ghidra on Linux and Windows respectively, and you will in Linux

09:30.890 --> 09:35.630
you will use Ghidra Run, but in Windows you will use Ghidra run that path here.

09:35.630 --> 09:38.720
So they provide convenient shortcuts for starting Ghidra.

09:38.720 --> 09:42.170
And lastly, we have the license here.

09:42.170 --> 09:48.650
So this file contains the Ghidra license information and in addition to the downloading Precompiled

09:48.650 --> 09:57.110
release versions of Ghidra, it's also possible to compile the program on your own and instruction for

09:57.110 --> 10:04.130
compiling Ghidra can be found in the documentation provided with the tool, but it is not necessary

10:04.460 --> 10:08.570
for because we already downloaded the compiled one here.

10:08.570 --> 10:14.850
So learning Ghidra and familiarizing yourself with its capabilities can greatly expand your reverse

10:14.850 --> 10:16.170
engineering toolkit.

10:16.200 --> 10:23.670
While other frameworks like Ida Binary Ninja or Radare2 may have their own disadvantages, Ghidra offers

10:23.670 --> 10:29.070
unique features, including its open source nature, extensive architecture support, collaborative

10:29.070 --> 10:33.510
capabilities and efficient handling of large firmware images.

10:33.510 --> 10:38.910
And it's important to embrace the idea of learning multiple frameworks to leverage their individual

10:38.910 --> 10:43.140
strengths and benefits from the continuous advancements in the field.

10:43.170 --> 10:48.780
By incorporating Ghidra into your repertoire, you can.

10:48.870 --> 10:55.650
You are gaining access to a powerful and widely used reverse engineering framework that can enhance

10:55.650 --> 10:59.310
your ability to analyze and understand software systems.