I'm curious as to what prevented them from doing that on day one. Any legal issues presumably would have been worked out prior to the announcement. I guess timelines didn't line up :)
I originally thought it was because they were waiting for the official announcement at the RSA conference before they released the source code but I guess that wasn't it considering it still took them some time.
How is the experience with Ghidra so far? Does anyone think a true free IDA Pro replacement finally come? I did some reverse engineering for ARM devices last year, and IDA Pro seemed like the only option but it costs around $1000.
It is hearsay (person from a security firm told me, don't remember which one). I'm very curious about the update mechanism. Either way, as a Java app it should not be too difficult to decompile it.
I regularly look at ARM software and firmware. There are certain things that IDA does better, like FLIRT analysis, which I’ve missed since switching to Ghidra.
Ghidra also currently lacks support for certain ARM instruction decodings so you can get odd looking disassembly. That isn’t to say you can’t add it.
Ghidra has been very nice for reversing C++ code. After filling in most of the members for an object field it makes reversing other subroutines that use the defined type simpler, IMO.
Thx for your opinion. What about automatic ARM-Thumb swap on jump instructions? I tried Radare 2 before and it was so hard to work with ARM firmware. If Ghidra supports a proper ARM-Thumb switch, it sounds like a greate alternative to IDA for me.
In my experience, find something you want to find out about a software, and then do that. For example I wanted to write an autosplitter (used for speedrunning) for the witcher 3. So I first had to figure out a plan. I found out that witcher3 is heavily based on facts, and fact-changes. If you progress a quest, thats an entry to the fact-database. I went looking for the method which adds facts to the db, and after a while I found it. Then I hooked it (redirected it to a custom function, which calls the original after my custom code executed), and wrote the rest of the autosplitter.
The sources documented in the original post here (Decompiler Analysis Engine, written in C++) weren't openly published before just 3-4 days ago. The post that was about that event, 3 days ago, got only 7 comments. So HN mostly missed that event until now.
The sources published earlier were the Java sources, and the engine documented here was only in the binary form.
https://github.com/NationalSecurityAgency/ghidra
I'm curious as to what prevented them from doing that on day one. Any legal issues presumably would have been worked out prior to the announcement. I guess timelines didn't line up :)