How to get started using Ghidra, the free reverse engineering tool

Move over IDA Pro, there's a free alternative available. (Some assembly required.)

The National Security Agency (NSA), the same agency that brought you blockbuster malware Stuxnet, has now released Ghidra, an open-source reverse engineering framework, to grow the number of reverse engineers studying malware. The move disrupts the reverse engineering market, which top dog IDA Pro has long dominated, and enables more people to learn how to reverse engineer without having to pay for an IDA Pro license, which can be prohibitively expensive for most newcomers to the field.

Existing IDA Pro users are not rushing to make the switch, however, as the time and effort required to port their existing workflow and customizations into Ghidra are not worth it for most, at least not in the immediate future. That said, as the Ghidra ecosystem continues to develop it is likely the open-source tool will cannibalize IDA Pro's market share and hasten the decline of the also-rans in the market.

Released under the Apache License at RSA in March, Ghidra — pronounced "ghee-dra" with a hard 'g' — can also be easily modified to suit your needs, and security researchers were quick to start hacking on the Ghidra source code. No need to keep track of how many computers have a licensed copy installed; deploy Ghidra on as many workstations (or servers) as you need.

Ghidra has been available for a few short months, but in that time has become widely viewed as a worthy alternative to IDA Pro. Here's what you need to know to get started.

What is Ghidra?

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!