base on Ghidra is a software reverse engineering (SRE) framework <img src="Ghidra/Features/Base/src/main/resources/images/GHIDRA_3.png" width="400"> # Ghidra Software Reverse Engineering Framework Ghidra is a software reverse engineering (SRE) framework created and maintained by the [National Security Agency][nsa] Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python. In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems. If you are a U.S. citizen interested in projects like this, to develop Ghidra and other cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a [career with us][career]. ## Security Warning **WARNING:** There are known security vulnerabilities within certain versions of Ghidra. Before proceeding, please read through Ghidra's [Security Advisories][security] for a better understanding of how you might be impacted. ## Install To install an official pre-built multi-platform Ghidra release: * Install [JDK 21 64-bit][jdk] * Download a Ghidra [release file][releases] - **NOTE:** The official multi-platform release file is named `ghidra_<version>_<release>_<date>.zip` which can be found under the "Assets" drop-down. Downloading either of the files named "Source Code" is not correct for this step. * Extract the Ghidra release file * Launch Ghidra: `./ghidraRun` (or `ghidraRun.bat` for Windows) For additional information and troubleshooting tips about installing and running a Ghidra release, please refer to the [Installation Guide][installationguide] which can be found in a Ghidra release at `docs/InstallationGuide.html`. ## Build To create the latest development build for your platform from this source repository: ##### Install build tools: * [JDK 21 64-bit][jdk] * [Gradle 8.5+][gradle] (or provided Gradle wrapper if Internet connection is available) * [Python3][python3] (version 3.9 to 3.12) with bundled pip * make, gcc, and g++ (Linux/macOS-only) * [Microsoft Visual Studio][vs] 2017+ or [Microsoft C++ Build Tools][vcbuildtools] with the following components installed (Windows-only): - MSVC - Windows SDK - C++ ATL ##### Download and extract the source: [Download from GitHub][master] ``` unzip ghidra-master cd ghidra-master ``` **NOTE:** Instead of downloading the compressed source, you may instead want to clone the GitHub repository: `git clone https://github.com/NationalSecurityAgency/ghidra.git` ##### Download additional build dependencies into source repository: **NOTE:** If an Internet connection is available and you did not install Gradle, the following `gradle` commands may be replaced with `./gradle(.bat)`. ``` gradle -I gradle/support/fetchDependencies.gradle ``` ##### Create development build: ``` gradle buildGhidra ``` The compressed development build will be located at `build/dist/`. For more detailed information on building Ghidra, please read the [Developer Guide][devguide]. For issues building, please check the [Known Issues][known-issues] section for possible solutions. ## Develop ### User Scripts and Extensions Ghidra installations support users writing custom scripts and extensions via the *GhidraDev* plugin for Eclipse. The plugin and its corresponding instructions can be found within a Ghidra release at `Extensions/Eclipse/GhidraDev/` or at [this link][ghidradev]. **NOTE:** The *GhidraDev* plugin for Eclipse only supports developing against fully built Ghidra installations which can be downloaded from the [Releases][releases] page. ### Advanced Development To develop the Ghidra tool itself, it is highly recommended to use Eclipse, which the Ghidra development process has been highly customized for. ##### Install build and development tools: * Follow the above [build instructions](#build) so the build completes without errors * Install [Eclipse IDE for Java Developers][eclipse] ##### Prepare the development environment: ``` gradle prepdev eclipse buildNatives ``` ##### Import Ghidra projects into Eclipse: * *File* -> *Import...* * *General* | *Existing Projects into Workspace* * Select root directory to be your downloaded or cloned ghidra source repository * Check *Search for nested projects* * Click *Finish* When Eclipse finishes building the projects, Ghidra can be launched and debugged with the provided **Ghidra** Eclipse *run configuration*. For more detailed information on developing Ghidra, please read the [Developer Guide][devguide]. ## Contribute If you would like to contribute bug fixes, improvements, and new features back to Ghidra, please take a look at our [Contributor Guide][contrib] to see how you can participate in this open source project. [nsa]: https://www.nsa.gov [contrib]: CONTRIBUTING.md [devguide]: DevGuide.md [installationguide]: GhidraDocs/InstallationGuide.md [known-issues]: DevGuide.md#known-issues [career]: https://www.intelligencecareers.gov/nsa [releases]: https://github.com/NationalSecurityAgency/ghidra/releases [jdk]: https://adoptium.net/temurin/releases [gradle]: https://gradle.org/releases/ [python3]: https://www.python.org/downloads/ [vs]: https://visualstudio.microsoft.com/vs/community/ [vcbuildtools]: https://visualstudio.microsoft.com/visual-cpp-build-tools/ [eclipse]: https://www.eclipse.org/downloads/packages/ [master]: https://github.com/NationalSecurityAgency/ghidra/archive/refs/heads/master.zip [security]: https://github.com/NationalSecurityAgency/ghidra/security/advisories [ghidradev]: GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/README.md ", Assign "at most 3 tags" to the expected json: {"id":"1740","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"