This week, evil forces (multinationals and government) all of a sudden made a gift to humanity. Microsoft had opened source code of windows calculator, while the NSA (National Security Agency) opened sources of their software reverse engineering framework. This event divided security community into two groups. The first one start doing static analysis and fuzzing of the windows calculator. Second one start playing with the new toy from the NSA. According to the feedback, it’s really amazing tool, able to compete with existing solutions, such as IDA Pro, R2 and JEB. The tool is called Ghidra and professional resources are full of impressions from security researcher. Actually, they all have a reason: not every day government organizations provide access to their internal tools. Myself as a professional reverse engineer and malware analyst couldn’t pass by as well. I decided to spend a weekend to get a first impression of the tool. I had played a bit with disassembly and decided to check extensibility. In this series of articles, I'll explain the development of Ghidra add-on, which loads custom format, used to solve CTF task. As it’s a large framework and I've chosen quite complicated task, I’ll break the article into several parts.
By the end of this part I hope to setup development environment and build minimal module, which will be able to recognize format of the WebAssembly file and will suggest the right disassembler to process it.
Читать полностью »
