How to Install and Run Ghidra on Linux

[ad_1]

Kick-start your journey to be a master reverser with the tools and analytical prowess of Ghidra SRE. Here’s a guide on how to install and set up Ghidra on your Linux machine.

What Is Ghidra?

Created by the NSA, Ghidra is an open-source, cross-platform, sophisticated software reverse engineering framework that offers military-grade tools for analyzing and reversing software binaries. With Ghidra, you can reverse engineer or, decompile a software binary and study the source code underneath.

It is often the go-to framework in the trade of malware analysis and reverse engineering, closely competing with IDA, a software reverse engineering framework of similar stature.

Step 1: Installing JDK 11

Before exploring the Ghidra installation process, you have to make sure your system has JDK 11 installed and set up. Without Java installed on your system, Ghidra will refuse to even start up.

You can either manually install JDK 11 by downloading the tarball or install it through the package manager of your Linux distro. Ideally, installing via package managers is the way to go since it’s much quicker and hassle-free than the former hands-on method.

To install JDK 11 on your Linux desktop, fire up the terminal and run the following commands depending on your distro’s package manager:

On Debian/Ubuntu-based systems:

sudo apt-get install openjdk-11-jdk

MAKEUSEOF VIDEO OF THE DAY

On Arch-based systems:

sudo pacman -S jdk11-openjdk

On Fedora/CentOS/RHEL systems:

sudo dnf install java-latest-openjdk

Step 2: Installing Ghidra

Ghidra SRE isn’t typically installed into a system, and there isn’t a traditional installer included with the Ghidra release file. You just have to download the binaries, make them executable using the chmod command, and run them from the terminal on the go.

Downloading Ghidra

To begin with, download the latest Ghidra release ZIP file from the official repository and extract it into a directory. After you’ve extracted the files, move into the directory using the cd command.

Note that downloading an older release can be risky business as Ghidra, being a Java application, was prey to the log4shell vulnerability. This security flaw was fixed in the 10.1.1 update. So as a safety measure, try to avoid using versions prior to the latest release.

Download: Ghidra (Free)

Running Ghidra

Among the extracted files, you will find a file named ghidraRun. It is a Bash script to launch Ghidra. Pop up a shell in the directory, make the file executable using the chmod command, and run it from the command line using the following commands:

chmod +x ghidraRun
./ghidraRun

That should fire up Ghidra SRE. Click on I agree, and you’ll be greeted with the Ghidra splash screen.

Step 3: Creating a Desktop Shortcut to Ghidra

As previously mentioned, Ghidra isn’t shipped with an installer. So you won’t find Ghidra in the applications menu or by searching in the app drawer on your Linux desktop.

If you find yourself frequently using Ghidra, it can be a hassle to manually locate the directory and fire it up from the terminal each time.

A simple solution to streamline this process is to create a desktop shortcut to Ghidra. Here’s how to create a desktop shortcut to Ghidra SRE:

Create a desktop entry file and fill it with the data below:

[Desktop Entry]
Version=10.0
Type=Application
Terminal=false
Icon=/home/artemix/ghidra/support
Exec=sh /home/artemix/ghidra/ghidraRun.sh
Name=Ghidra

Replace the data in the Icon and Exec fields with the location of the Ghidra icon and the launch script in your machine.
Save the file as “Ghidra.desktop” in the Desktop directory.
Right-click on the file and set it to Allow Launching or fire up a terminal and use the chmod command to make it executable for all users.
```
chmod a+x Ghidra.desktop
```

Now, you can launch Ghidra directly from the desktop shortcut you just created. Saves you a lot of time and effort each time you need to work with Ghidra.

Reverse engineering is the process of decompiling a software binary to study and modify its source code. It is a sophisticated technique used by security professionals to analyze and neutralize malware.

Although Ghidra’s modularity, portability, and extensive feature set have made it a fan favorite among professionals and amateurs alike, there are plenty of security-based alternatives for you to choose from.