Overview
Explore the advancements in Ghidra, the NSA's open-source reverse engineering tool, in this Hack In The Box Security Conference talk. Delve into BinCraft, a project aimed at modernizing Ghidra by addressing historical issues, fixing bugs, and integrating cutting-edge techniques like GraalVM. Learn about improvements in decompilation, particularly for C++, and discover solutions to common problems such as analysis failures and default variable naming. Gain insights into the implementation of a modernized UI and future plans for Ghidra's evolution. Benefit from the speaker's expertise as a CTF team leader and StarCross Portal Lab researcher, and understand the key lessons learned in taking Ghidra to the next level.
Syllabus
Intro
What are needed in reversing?
What we have now?
About Ghidra
BinCraft - Dedication (cont.)
BinCraft - what
ghidracraft - what done
About Decompilation
Ghidra Decompiler C++
Problems in Decompilation
Magic Functions
Default Var names
Analysis Failure
Minor Bugs
Pcode Patch
Modernized UI
What to be done
Graal VM impl. stages.
Lessons Learned
Taught by
Hack In The Box Security Conference