ghidra2frida is a Ghidra Extension that, working as a bridge between Ghidra and Frida, lets you create powerful Ghidra scripts that take advantage of Frida's dynamic analysis engine to improve Ghidra statical analysis features. It supports all platforms supported by Frida (Windows, macOS, Linux, iOS, Android, and QNX).
The plugin is based on Brida idea (and code). ghidra2frida itself is a extension that adds to Ghidra a control panel with all the instruments necessary to create the bridge between Ghidra and Frida. When the bridge is up, a service is offered to Ghidra scripts and extensions that with a couple of lines of code can use dynamical instrumentation powerful features of Frida for everything you need.
- Demangle SWIFT function names while analyzing iOS binaries (supplied as example)
- Write a Ghidra analyzer that analyze a binary using also dynamic information obtained through Frida during one or more run of the binary itself
- Decrypt encrypted portion of a binary (strings, etc.) calling the decryption function used by the target binary runing on target platform
A tutorial of the tool can be found in our company blog.
In order to be able to use ghidra2frida, you need:
- Frida client
- An application to analyze! :D
Installation from GitHub
- Install Python 2.7 or Python 3, Pyro4 (pip install pyro4) and frida (pip install frida). python virtual environments are fully supported.
- Download Ghidra: https://github.com/NationalSecurityAgency/ghidra/releases
- Download the last release of ghidra2frida: https://github.com/federicodotta/ghidra2frida/releases
- Open Ghidra -> File -> Install Extensions -> Click the "Add extension" button -> Choose ghidra2fridaXX.zip file
- Restart Ghidra
You can import the project in Eclipse using GhidraDev Eclipse plugin or you can manually build the plugin with gradle (I used gradle 7.1.1) as follows:
- enter the project folder
- export GHIDRA_INSTALL_DIR=<PATH_GHIDRA_DIRECTORY>
- The compiled plugin is in the dist forlder