1
00:00:01,100 --> 00:00:07,400
Competition and learning experience from one another are common in the field of reverse engineering

2
00:00:07,400 --> 00:00:08,200
frameworks.

3
00:00:08,210 --> 00:00:16,650
For example, Ida Pro recently incorporated the Undo feature which was previously available in Ghidra.

4
00:00:16,670 --> 00:00:23,000
So this demonstrates how frameworks continually evolve and adapt to incorporate useful features from

5
00:00:23,000 --> 00:00:24,230
their competitors.

6
00:00:24,230 --> 00:00:29,570
So now let's take a closer look at some of the current strengths of Ghidra.

7
00:00:32,310 --> 00:00:35,100
It is open source and free.

8
00:00:35,130 --> 00:00:41,280
Ghidra is open source, which means it's freely available for use, including its decompiler.

9
00:00:41,280 --> 00:00:47,130
And this makes it accessible to a wide range of users without any cost barriers.

10
00:00:47,310 --> 00:00:48,360
So.

11
00:00:51,130 --> 00:00:58,180
It has a lot of architecture support, so supports a wide range of architectures, even ones that may

12
00:00:58,180 --> 00:01:01,750
not be supported by other frameworks you are currently using.

13
00:01:01,780 --> 00:01:09,730
This flexibility allows you to work with different types of binaries and explore various platforms.

14
00:01:10,090 --> 00:01:18,490
It has project based approach allows you to work on multiple binaries simultaneously within a project.

15
00:01:18,490 --> 00:01:25,360
This feature is practically useful when dealing with related binaries such as executable and its associated

16
00:01:25,360 --> 00:01:26,200
libraries.

17
00:01:26,230 --> 00:01:32,050
It enables you to apply operations and analysis across multiple files efficiently.

18
00:01:33,940 --> 00:01:37,270
You can do collaborative reverse engineering with Ghidra.

19
00:01:37,450 --> 00:01:41,680
Ghidra is designed to support collaborative reverse engineering efforts.

20
00:01:41,680 --> 00:01:48,280
Multiple users can work on the same project, facilitating teamwork and knowledge sharing with the reverse

21
00:01:48,280 --> 00:01:49,480
engineering team.

22
00:01:50,400 --> 00:01:53,520
You can handle large firmware images.

23
00:01:53,550 --> 00:02:01,350
Ghidra is capable of handling large firmware images that are larger than one gigabyte without performance

24
00:02:01,350 --> 00:02:02,010
uses.

25
00:02:02,040 --> 00:02:08,940
This makes it suitable for analyzing and reverse engineering complex systems with substantial firmware

26
00:02:08,940 --> 00:02:10,020
components.

27
00:02:12,280 --> 00:02:13,930
Extensive documentation.

28
00:02:13,930 --> 00:02:20,980
Ghidra provides a comprehensive documentation, including examples and courses like this one.

29
00:02:21,010 --> 00:02:28,060
This wealth of resources helps users to understand the tools, features and capabilities, making it

30
00:02:28,060 --> 00:02:31,480
easier to learn and utilize effectively.

31
00:02:32,440 --> 00:02:33,010
Version.

32
00:02:33,010 --> 00:02:39,730
Tracking data allows you to track different versions of binaries and compare functions and data between

33
00:02:39,730 --> 00:02:40,120
them.

34
00:02:40,150 --> 00:02:46,630
This functionality is valuable when working with a software that undergoes frequent updates or revisions.

35
00:02:46,660 --> 00:02:52,420
In conclusion, it's beneficial to expand your knowledge by learning and exploring multiple reverse

36
00:02:52,420 --> 00:02:59,800
engineering frameworks and Ghidra stands out as a powerful framework that offers unique features and

37
00:02:59,800 --> 00:03:00,810
advantages.

38
00:03:00,820 --> 00:03:05,140
By familiarizing familiarizing yourself with Ghidra.

39
00:03:05,170 --> 00:03:11,020
You can leverage its capabilities to enhance your reverse engineering endeavors.

40
00:03:11,050 --> 00:03:17,080
Now, let's provide an overview of Jupiter itself to understand its capabilities and why it is more

41
00:03:17,080 --> 00:03:20,290
than just another open source Reverse Engineering framework.

42
00:03:21,160 --> 00:03:28,090
Ghidra is a powerful and versatile reverse engineering tool that offers extensive functionality beyond

43
00:03:28,090 --> 00:03:30,130
being an open source framework.

44
00:03:30,280 --> 00:03:38,350
And in this lecture you will also we will also provide overview of Ghidra and highlight its unique features

45
00:03:38,350 --> 00:03:39,370
and capabilities.

46
00:03:39,370 --> 00:03:49,600
So at the time of creating this course, which is 2023, the latest version of Ghidra is ten .3.1,

47
00:03:50,500 --> 00:03:54,760
which can be downloaded from official website or GitHub here.

48
00:03:54,760 --> 00:04:02,020
So to install ghidra, it's recommended to download the latest version from the official website by

49
00:04:02,020 --> 00:04:08,470
clicking on the just going to download here, you can also google it like ghidra here.

50
00:04:08,470 --> 00:04:09,100
That's it.

51
00:04:10,150 --> 00:04:17,800
And after that click on the first website download from GitHub and here you can download Ghidra from

52
00:04:17,800 --> 00:04:18,220
here.

53
00:04:18,370 --> 00:04:21,670
So now we will select this one here.

54
00:04:21,670 --> 00:04:27,300
It's 351MB just in one click Ghidra can be downloaded.

55
00:04:27,310 --> 00:04:34,510
So now let's explore the what ghidra has inside this files here.

56
00:04:35,950 --> 00:04:37,540
It's already downloaded here.

57
00:04:39,560 --> 00:04:40,550
Downloads.

58
00:04:43,110 --> 00:04:43,560
Geneva.

59
00:04:43,920 --> 00:04:50,240
And here in Ghidra we have several folders and extensions.

60
00:04:50,250 --> 00:04:58,800
So here the docs directory here actually, instead of just here, let's actually.

61
00:05:03,110 --> 00:05:04,310
Extract it.

62
00:05:06,290 --> 00:05:07,940
And look at the files.

63
00:05:07,940 --> 00:05:09,880
What does this have here?

64
00:05:09,890 --> 00:05:10,460
Right.

65
00:05:11,380 --> 00:05:12,850
So here.

66
00:05:14,920 --> 00:05:21,160
And once you have downloaded the Ghidra archive file and decompressed it or extracted it, you will

67
00:05:21,160 --> 00:05:23,010
find this following files.

68
00:05:23,020 --> 00:05:25,140
Here we have docs.

69
00:05:25,150 --> 00:05:32,500
This is the directory that contains the documentation and valuable resources, including learning courses

70
00:05:32,500 --> 00:05:39,040
for all levels, cheat sheets and step by step installation guide here like that.

71
00:05:39,040 --> 00:05:40,540
So let's actually check that.

72
00:05:40,540 --> 00:05:41,500
Here we have.

73
00:05:41,530 --> 00:05:43,870
We also have the change history here.

74
00:05:46,100 --> 00:05:50,130
Which as you hear improvements, parks and so on.

75
00:05:50,150 --> 00:05:52,580
We have the cheat sheet here.

76
00:05:55,210 --> 00:06:02,650
This might especially well be useful when doing practical tests with reverse engineering here and ghidra.

77
00:06:03,270 --> 00:06:05,650
There's a search and so on.

78
00:06:06,160 --> 00:06:08,570
We also have Ghidra Javadoc.

79
00:06:08,590 --> 00:06:10,450
We will learn that later.

80
00:06:11,600 --> 00:06:14,020
Here we have the Java style.

81
00:06:14,030 --> 00:06:14,680
Good.

82
00:06:14,690 --> 00:06:19,550
So the purpose of the code Deuterostome accepted rules for code formatting, naming conventions, code

83
00:06:19,550 --> 00:06:22,190
complexity and other best practices.

84
00:06:22,220 --> 00:06:25,190
As you can see here, we also have the naming conventions here.

85
00:06:25,190 --> 00:06:30,110
So name for classes, interfaces, methods, parameters, instances, variables and long lived.

86
00:06:30,110 --> 00:06:35,360
Local variables should not contain abbreviations and acronyms except for well known ones.

87
00:06:35,780 --> 00:06:38,300
And here we have several.

88
00:06:38,300 --> 00:06:39,800
This is for the developer team.

89
00:06:39,800 --> 00:06:42,890
Mainly we have the installation grid for us.

90
00:06:43,910 --> 00:06:44,570
Here.

91
00:06:45,280 --> 00:06:52,120
This is the minimum requirements hardware for four gigabyte Ram and one gigabyte search for installed

92
00:06:52,390 --> 00:06:52,870
binaries.

93
00:06:52,870 --> 00:06:57,130
And here we have also dual monitors strongly suggested.

94
00:06:57,130 --> 00:07:03,580
But it's not just it's just a it's not a requirements but suggestion here.

95
00:07:03,670 --> 00:07:05,890
You can also use single monitor.

96
00:07:08,340 --> 00:07:09,390
Sort fair here.

97
00:07:09,390 --> 00:07:13,230
We also have the Java we need to install Java development kit also.

98
00:07:14,290 --> 00:07:16,240
And that's it.

99
00:07:16,240 --> 00:07:20,920
So we can run the data with graphical user interface mode, which we will do.

100
00:07:20,920 --> 00:07:24,190
And we also have the user agreement here.

101
00:07:26,700 --> 00:07:30,870
So remember, Jatra is free and open source.

102
00:07:32,310 --> 00:07:34,160
And this is the what's new here.

103
00:07:34,170 --> 00:07:35,130
So.

104
00:07:37,040 --> 00:07:45,980
And you can hear we can as I said, we we have the cheat sheets and step by step installation grid also.

105
00:07:45,980 --> 00:07:49,820
And here we also have the extensions.

106
00:07:50,060 --> 00:07:58,460
This this directory contains optional ghidra extensions that enhance its functionality and allow integration

107
00:07:58,460 --> 00:07:59,630
with other tools.

108
00:07:59,630 --> 00:08:06,320
And you can explore these extensions to customize and expand ghidra according to your specific needs.

109
00:08:07,190 --> 00:08:09,880
And we also have the Ghidra folder.

110
00:08:09,890 --> 00:08:16,670
This is the core directory that houses the program itself, and it contains the necessary files and

111
00:08:16,670 --> 00:08:19,070
components for running Ghidra.

112
00:08:19,340 --> 00:08:22,340
We have the GPL.

113
00:08:22,430 --> 00:08:27,980
This directory contains standalone GPL support programs that accompany ghidra.

114
00:08:28,340 --> 00:08:31,790
We have the licenses.

115
00:08:32,530 --> 00:08:38,440
Here you can find the licenses used by Ghidra and its associated components.

116
00:08:38,620 --> 00:08:40,970
And we have the server here.

117
00:08:40,990 --> 00:08:46,060
This directory includes files related to ghidra server installation and administration.

118
00:08:46,060 --> 00:08:51,610
So Ghidra server enables collaborative reverse engineering capabilities and allows multiple users to

119
00:08:51,610 --> 00:08:55,180
work on the same project simultaneously.

120
00:08:56,380 --> 00:08:57,640
We have support here.

121
00:08:57,640 --> 00:09:04,240
So this directory provides advanced configuration options for running ghidra and controlling its launch

122
00:09:04,240 --> 00:09:05,050
behavior.

123
00:09:06,090 --> 00:09:11,400
It allows you to launch ghidra in different modes, including debugging mode.

124
00:09:11,430 --> 00:09:12,030
Here.

125
00:09:13,730 --> 00:09:14,990
That's it here.

126
00:09:14,990 --> 00:09:20,240
And we have the Ghidra run shell script here.

127
00:09:20,240 --> 00:09:22,670
So Ghidra run and Ghidra run that.

128
00:09:22,670 --> 00:09:30,890
But these scripts are used to launch Ghidra on Linux and Windows respectively, and you will in Linux

129
00:09:30,890 --> 00:09:35,630
you will use Ghidra Run, but in Windows you will use Ghidra run that path here.

130
00:09:35,630 --> 00:09:38,720
So they provide convenient shortcuts for starting Ghidra.

131
00:09:38,720 --> 00:09:42,170
And lastly, we have the license here.

132
00:09:42,170 --> 00:09:48,650
So this file contains the Ghidra license information and in addition to the downloading Precompiled

133
00:09:48,650 --> 00:09:57,110
release versions of Ghidra, it's also possible to compile the program on your own and instruction for

134
00:09:57,110 --> 00:10:04,130
compiling Ghidra can be found in the documentation provided with the tool, but it is not necessary

135
00:10:04,460 --> 00:10:08,570
for because we already downloaded the compiled one here.

136
00:10:08,570 --> 00:10:14,850
So learning Ghidra and familiarizing yourself with its capabilities can greatly expand your reverse

137
00:10:14,850 --> 00:10:16,170
engineering toolkit.

138
00:10:16,200 --> 00:10:23,670
While other frameworks like Ida Binary Ninja or Radare2 may have their own disadvantages, Ghidra offers

139
00:10:23,670 --> 00:10:29,070
unique features, including its open source nature, extensive architecture support, collaborative

140
00:10:29,070 --> 00:10:33,510
capabilities and efficient handling of large firmware images.

141
00:10:33,510 --> 00:10:38,910
And it's important to embrace the idea of learning multiple frameworks to leverage their individual

142
00:10:38,910 --> 00:10:43,140
strengths and benefits from the continuous advancements in the field.

143
00:10:43,170 --> 00:10:48,780
By incorporating Ghidra into your repertoire, you can.

144
00:10:48,870 --> 00:10:55,650
You are gaining access to a powerful and widely used reverse engineering framework that can enhance

145
00:10:55,650 --> 00:10:59,310
your ability to analyze and understand software systems.