Ghidra 10 has now been released. I’ve been reloading the Ghidra Github almost every day now in order to get my hands on the release. However, since a few weeks I’ve been playing around with the source and the Beta 10, building Ghidra from scratch gaining insight into the build process and thought I’d share them with you guys as I know there are a lot of beginners out there that really want to level-up their skills.
Do note that this guide is Fedora centric. However these packages are usually available in Debian/Ubuntu using the same or similar package names. Use
apt search to find the packages needed. Prepping and building Ghidra for Eclipse development is also out of scope of this guide.
I also know that you may have some, perhaps most or even all packages below installed. Even if so, they are needed in the various steps in this guide.
sudo dnf install java-11-openjdk git wget unzip
Ghidra does not agree entirely with the latest Java release, so we need to ensure that we use Java 11.
java -version openjdk version "11.0.11" 2021-04-20 OpenJDK Runtime Environment 18.9 (build 11.0.11+9) OpenJDK 64-Bit Server VM 18.9 (build 11.0.11+9, mixed mode, sharing)
Should your version differ, switch it by using command:
sudo alternatives --config java
Output similar to the below is expected:
[sudo] password for someuser: There are 2 programs which provide 'java'. Selection Command ----------------------------------------------- *+ 1 java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-188.8.131.52.9-4.fc34.x86_64/bin/java) 2 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-184.108.40.2062.b10-4.fc34.x86_64/jre/bin/java) Enter to keep the current selection[+], or type selection number:
Make your choice
java-11-openjdk.x86_64 and re-run
java -version to verify your settings. This also goes for
javac. Should it differ, repeat the above steps but for command
javac and verify:
sudo alternatives --config javac [sudo] password for someuser: There are 2 programs which provide 'javac'. Selection Command ----------------------------------------------- *+ 1 java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-220.127.116.11.9-4.fc34.x86_64/bin/javac) 2 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-18.104.22.1682.b10-4.fc34.x86_64/bin/javac) Enter to keep the current selection[+], or type selection number:
Since the Early 10.0 code base, Ghidra has been supporting Gradle v7.x, which we will focus on using in this case.
wget https://services.gradle.org/distributions/gradle-7.1-bin.zip unzip gradle-7.1-bin.zip
copy the whole directory to a suitable path and add Gradle to your path:
sudo cp -R gradle-7.1 /usr/local/gradle sudo echo "export PATH=/usr/local/gradle/bin:$PATH" > /etc/profile.d/gradle.sh
This time only, run (By next reboot/login, Gradle will be added to your path):
Now try running Gradle by getting its version. Something similar to the below output is expected.
gradle -version ------------------------------------------------------------ Gradle 7.1 ------------------------------------------------------------ Build time: 2021-06-14 14:47:26 UTC Revision: 989ccc9952b140ee6ab88870e8a12f1b2998369e Kotlin: 1.4.31 Groovy: 3.0.7 Ant: Apache Ant(TM) version 1.10.9 compiled on September 27 2020 JVM: 11.0.11 (Red Hat, Inc. 11.0.11+9) OS: Linux 5.12.12-300.fc34.x86_64 amd64
Building Ghidra is very straight forward and I have not encountered any snags along the way this far, having built a number of releases.
First, get Ghidra from Github:
git clone https://github.com/NationalSecurityAgency/ghidra.git cd ghidra
From here you can list all releases and checkout the one you want:
git tag Ghidra_10.0_build Ghidra_9.0.1_build Ghidra_9.0.2_build Ghidra_9.0.3_build Ghidra_9.0.4_build Ghidra_9.1.1_build Ghidra_9.1.2_build Ghidra_9.1_build Ghidra_9.2.1_build Ghidra_9.2.2_build Ghidra_9.2.3_build Ghidra_9.2.4_build Ghidra_9.2_build
Lets checkout the latest one
Ghidra_10.0_build as we want the Ghidra Debugger and build it.
git checkout Ghidra_10.0_build Note: switching to 'Ghidra_10.0_build'. ... HEAD is now at 51254872b Updated ChangeHistory and WhatsNew for 10.0
Now lets prepare Ghidra for building. The gradle script
fetchDependencies.gradle does all the work and satisfies all other dependencies for us.
gradle -I gradle/support/fetchDependencies.gradle init
Output similar to the below is expected:
Starting a Gradle Daemon (subsequent builds will be faster) Processing dex-tools-2.0.zip Copying AXMLPrinter2.jar to /home/someuser/Downloads/git-repos/ghidra/dependencies/flatRepo Copying yajsw-stable-12.12.zip to /home/someuser/Downloads/git-repos/ghidra/dependencies/GhidraServer Copying PyDev 6.3.1.zip to /home/someuser/Downloads/git-repos/ghidra/dependencies/GhidraDev Copying cdt-8.6.0.zip to /home/someuser/Downloads/git-repos/ghidra/dependencies/GhidraDev Copying vs2012_x64.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vs2012_x86.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vs2015_x64.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vs2015_x86.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vs2017_x64.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vs2017_x86.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vs2019_x64.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vs2019_x86.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vsOlder_x64.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb Copying vsOlder_x86.fidb to /home/someuser/Downloads/git-repos/ghidra/dependencies/fidb > Task :init SKIPPED The build file 'build.gradle' already exists. Skipping build initialization. Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0. You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins. See https://docs.gradle.org/7.1/userguide/command_line_interface.html#sec:command_line_warnings BUILD SUCCESSFUL in 51s
Now we can build Ghidra
The process takes around 6 minutes on a modern machine. Output similar to the one below is expected when done:
... > Task :createInstallationZip updateSlaFilesTimestamp: Updated timestamps to 98 .sla files. Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0. You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins. See https://docs.gradle.org/7.1/userguide/command_line_interface.html#sec:command_line_warnings BUILD SUCCESSFUL in 5m 47s 464 actionable tasks: 464 executed
You will find the finished package in:
-rw-rw-r--. 1 someuser someuser 371742990 Jul 6 12:00 ghidra/build/dist/ghidra_10.0_DEV_20210706_linux64.zip
Now you can install Ghidra the way you use to do when downloading the package from the official sites. Most of the above and more can also be found in Ghidra Developers Guide.
As seen, its quite easy and fast to build Ghidra which is nice when you want to try that new announced feature not yet released but present in the code base. No need to scrap your old version of Ghidra either since they ar self contained and can co-exist on your Linux system.
Important: Ghidra version 10 is backward compatible, but not the other way around. Old projects will be converted when opened in Ghidra version 10. Make sure to make a backup of your old projects if you need to be able to open them in older versions of Ghidra.