Brilliant "in a nutshell" tutorial of getting to know the program quickly. Could you please do a follow-up of the very same crack me, but with showing how you "crack" the crackme by patching the binary inside Ghidra so that it always jumps to the success condition regardless of the input given?
Many thanks for suggesting this software ... I wanted to look into reverse engineering for years, but had not yet come across such an handy tool. AIDA wasn't really affordable for experimenting ... Again thank you very much!
This helped so much, the main thing I needed was just the fact that you can click on named functions in the decompile window to go to them. Seems obvious but I just didn't know!
I remember solving that very same Crack me with Hopper. thanks for the video, I have not given GHIDRA a try yet. I'm still learning how to pronounce it correctly :)
Its like the perfect purity of a man page was compiled into a perfect video. Instructions so clear I accidentally cracked the travelling knapsack problem.
33 likes
Rob Craig2019-04-21 00:49:55 (edited 2019-04-21 00:56:17 )
Could you do a little tutorial using a MSDOS 16bit binary file? Maybe something that's not packed?
Is there a way to find what part(s) of the program are referencing a data-text string? I've tried doing a global search of the address, but where can I find the functions that use it? I've looked at the tutorial 'Z0FCourse_ReverseEngineering' from stryker2k2/ wolfshirtzlabs but don't see that covered!
Very new to this, would OllyDbg or IdaPro be more beginner friendly?
Would be interesting to see how file analysis programs are built from scratch, as well as what language they would have to use to build a file analysis tool like ghidra or IDA
Ghidra is kind of esoteric, IDA all the normies like me will recognize
There should be a list of "X-REFS" on the far right of the listing (you might need to scroll horizontally). There should also be a right-click option to show/list references.
Could you please make a tutorial on how to skirt the Mac OX Catalina 10.15.8 and download Ghidra? I really want to start using Ghidra but my mac will not allow the Javascript updates ...
Hello Ninja. I wonder how you secure your MacOS environment from the malware you analyzing? Seems like you are not running a virtual machine, then how do you isolated your machine?
Songchen Han In this case he’s analyzing a Linux binary, so it physically cannot run on macOS so there is no concern there. Same if you’re analyzing Windows malware on macOS or Linux (yes it may run under Wine, but you’d have to do that manually and it most likely wouldn’t work anyway). Also even if it was Mac malware, or if you were running Linux or Windows and analyzing Linux or Windows malware respectively, as long as you don’t execute the file it can’t do anything to your machine.
Now with that said, if you’re analyzing malware at all, I agree it’s probably best to always do it inside a VM with networking and file sharing disabled just to be safe. Of course if your just reversing some normal software you don’t need to worry about any of that.
@Ben Baron OMG you are so sweet! That is a very good detailed explanation I could ever expected, that is very kind of you.
I see, we can still reverse software/malware without of running environment. Huh, I ask because the only reverse engineer I do is the buffer overflow attack with requires the application to run and interact while monitor the registers and such in Immunity Debugger. I guess this is different from just purely "Reverse engineering".
I am so happy I learned something today, thanks Ben!
Yes exactly, when reversing with Ghidra, it's doing a disassembly and decompilation which is a static analysis. It never actually runs the binary. That's why he's able to analyze a linux elf on macOS, as it doesn't need to be compiled for that OS or even for that CPU architecture. He could just as easily be reverse engineering some ARM linux firmware or something.
It's basically the same as looking at the file in a hex editor, except it's doing the extra work of converting the machine code into assembly and then a step further into C code which you can then annotate and comment to better understand the code flow.
If you were to want to then use the information you learned from Ghidra to modify the binary for example to change a command and control server address or something like that so you could do some dynamic analysis by running it and viewing it's network traffic in Wireshark for example, then you would definitely want to do that in an isolated VM. But all Ghidra is doing is just looking at the bytes, it's not executing anything (unless it has some dynamic analysis features I'm unaware of).
@Songchen Han To clarify, I'm not a security researcher or anything, though I have been a professional software engineer for a decade now and have been tinkering with computers since I was a kid. At work I do everything from managing and securing servers, building custom Android ROMs (including a bit of kernel hacking), and writing software in various languages on various platforms. However, as a hobby I like to work on embedded hardware and game console hacking/homebrew, so I've been interested in learning Ghidra to reverse engineer console homebrew, software, and firmware, especially Dreamcast at the moment as I'm most heavily working on that console right now and there is an SH4 CPU plugin for Ghidra.
With that said, just based on my software development background, for dynamic analysis, something like GDB, LLDB, or whatever debugger is common on Windows (I don't use it much) and Wireshark for network monitoring is a good place to start. Keep in mind that if the binary was stripped and not exported with debug symbols (which if they know what they're doing is likely the case) it will be more difficult to use any debugger. Though once you know the addresses of the functions you're interested in from Ghidra disassembly, you should be able to at least set breakpoints on them and do some inspection of memory and registers, etc, but the normal debugging functionality will be more limited than usual and many commands will likely not work or not work correctly.
I wish I could give you more information, but I'm still learning myself and am very new to reverse engineering which is why I've been watching this channel and LiveOverflow a lot lately.
I'm @benbaron on Twitter, but I rarely use it. I'm on Discord a lot as @einsteinx2#2342, mostly in the Simulant Discord server, which is a Dreamcast hacking and homebrew development server.
@Ben Baron Still, you taught me something I never think of, bring me the concept of dynamic analysis, i use to think dynamic analysis is more like static code comparison by software with less human involved. but good to learn that.
nice but can u show the next step to us like if i have to modify the exe and have to change password from @ to something else how am going to do that . i know there are tons of tuts there but all of them go through asm analysis and not teach exe modification , so will be thankful if u can make detail video on exe modifications
@let's player the LARP groups are showing people how to use this shit lmao, hire me LARP people, I don't second guess stuff when I know what the shot is
hi i have a problem: i the analyse just does not start! and if i want to select it from the menu it is gray. can someone help me please? note: im using windows 10
Because Ghidra unfortunately does not support [] in the function signature - so instead of saying 'this is a pointer to an array' we say 'this is a pointer to a pointer', which gives us the result we want :) (Simplified: Working with an array in C is basically just pointer-arithmetic in the background)
It's Ghidra!!! It's not a J. It's a soft G as in gear (not G as in generous or gentle or genius). Then it's followed by hard E, as in easy and finally dra (soft), as in dram.
Is Ghidra really safe to use? I do not trust the NSA at all.
1 like
Replies (1)
Gabriel Williams2019-04-15 16:34:14 (edited 2019-04-15 16:35:58 )
@killmoo, true, but I believe there were several vulnerabilities found and fixed in Ghidra upon its release.
Now seeing as it was an in-house tool for the NSA, then they should have been able to patch these up (or at least some of them, and acknowledge that these vulnerabilities exist).
I find it hard to believe that those vulnerabilities are not, in fact, deliberately placed backdoors.
I really want to get into reverse engineering, and I only use free software, so I guess I'll have to use radare2 for the time being.
(I'm not saying radare2 is bad, it's just notoriously difficult to learn and virtually impossible to master, from what I've heard and read at this point in time.)
PS of course vulnerabilities exist in virtually every program, and it is entirely possible that these vulnerabilities slipped through, but seeing as we are talking about the NSA and their infamous reputation, I can't help but be dubious and sceptical.
@EchoXIII...GO! I do recall about 10 years ago, a very prominent software vendor had an Easter egg in the terms and conditions. something about giving away your first born and pledging elegance to satan. It took about 5 or more years for someone to finally read it and mention it. (Mickyj Whitehat)
@benzo I highly doubt an opensource project would send data to the NSA, I feel like people are very aware of their role in the world, especially floss peeps.
@benzo people with the skill & knowledge to use Ghidra are exactly the people with the skill & knowledge to find out if you've hidden something shady in it, especially since it's open source. It's the last group of people you'd want to attempt to fool.
I come here only to see what the heck ghidra is. I know nothing about reversing, executables and stuff, and I never use Mac in my lifetime, so please forgive me if my question is so stupid. 0:26 Can you really run linux elf binary on Mac?? Or have you done some "hack" before to make it possible?
@stacksmashing sorry that is exactly what i meant cool thank you for the info do you recomend running this in a VM enviroment or on my regular linux machine
The crackme was a stupid crack me totally unrealistic no body codes that way in real life ........just saying it would take me no less than 30 seconds to NOP the jumps NO KEY NEEDED .
Uh, like can you play Space Invaders on this? Didn't understand a thing you were talking about. Looking for old games like Pac-Man? my homie? Do you have Pac-WoMan? Dude, nomesayin
Please create a series of Reverse Engineering Basics! Love this!
221 likesBrilliant "in a nutshell" tutorial of getting to know the program quickly.
123 likesCould you please do a follow-up of the very same crack me, but with showing how you "crack" the crackme by patching the binary inside Ghidra so that it always jumps to the success condition regardless of the input given?
Replies (3)
Wow is that even possible with ghidra?
8 likesGil Bytepatching should be simple, worst case you just use like a Hex Editor and jump to the offset and manually patch ig
5 likes@Gil its possible i. Gdb, i would hope so! :)
0 likesExcellent explanation. Clear, concise and a great pace, wasn't confusingly fast or laboriously slow. I hope you continue to make videos on Ghidra.
1 likeCrystal-clear, methodical and systematic walkthrough! Thank you!
11 likeswow this tutorial is just perfect, the pace the explanations, everything ! Thank you
4 likesBeat tutorial I’ve ever seen. Clear, concise and simple.
2 likesThank you for a great overview. I'm getting started quite easily because of this 👍
0 likesMany thanks for suggesting this software ... I wanted to look into reverse engineering for years, but had not yet come across such an handy tool. AIDA wasn't really affordable for experimenting ... Again thank you very much!
0 likesFor future listeners, Ghidra is pronounced, "Gee-druh"; [3] /ˈɡiːdrə/[4]).
29 likesSource:
https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions#how-do-you-pronounce-ghidra
Great video, and well-explained usage. Keep up the great work.
Replies (1)
(Thank you classic Godzilla movies.)
0 likesThis helped so much, the main thing I needed was just the fact that you can click on named functions in the decompile window to go to them. Seems obvious but I just didn't know!
0 likesGreat tutorial, kudos! Can you elaborate why is there an issue requiring the usage of a pointer to a pointer for argv ?
0 likesI had a quick look at Ghidra a few weeks ago and it seemed rather complex.... It certainly seems a lot less complex now! Thanks.
0 likesawesome video man,keep doing more basic malware analyasis and reversing.Thanks:)
2 likesFantastic. Hopefully looking forward to more of the same.
10 likesYour videos are awesome! Please keep making content like this!
0 likesExcelent. We want more!! Really good tutorials
0 likesThis is great, a nice simple introduction to ghidra. How'd you setup the VM? did you use Virtualbox? or something else?
0 likesGreat job explaining - thank you!
2 likesLiked your explaination, easy and clear. Keep going please.
2 likesThanks ninja! A very well prepared video. Hopefully more will come :)
6 likesNice video! Do you plan on making more? Id love to see more videos on Ghidra :)
2 likesLove this. Keep up the great content man
0 likesInteresting. When I put the C function prototype for a main() function in, Ghidra wouldn’t even accept “[]”, and I had to use an extra “*” anyway.
3 likesReplies (1)
thank you
1 like"Let's maximize the window"
277 likes> Actually makes windows smaller
Replies (4)
And that's Mac OS for you
26 likes@ytxstream *Java's half-assed implementation of
7 likesHe actually just moved it to the right.
5 likes^^ effing owned dude... 😅
0 likesBy a Polock Frank... sick digs
Thanks for wonderful tutorial. Subscribed.
1 likeThis was a great video. Amazing explanation but if you could speak a little louder and also put in some energy into your voice it would be even better
0 likeswow, nice introduction man. looking forward for more videos from you!
1 likeGreat video. But could you make a video comparing Ghidra to IDA or some other RE tools?
1 likenice intro! of course, there's any number of possible solutions given that the only criterion is an @ in 5th position
0 likesare you planning on doing a course series for this? I would buy it
0 likesThe video was very helpful, keep it up bro👍👍
1 likeGreat video. I learned a lot from it.
2 likesThank you, very instructive.
1 likeawesome tutorial - keep them coming man!
1 likeI hope that you create a beginner series in reverse engineering embedded firmware
5 likesNice, I was looking for samples with known outcomes so I could follow the technique ! Awesome . (Mickyj Whitehat)
5 likesReplies (1)
you've literally got a black hat on. don't lie
0 likesI remember solving that very same Crack me with Hopper.
4 likesthanks for the video, I have not given GHIDRA a try yet. I'm still learning how to pronounce it correctly :)
Replies (1)
It is pronounced "Gee-druh" (https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions#how-do-you-pronounce-ghidra), but that's okay.
4 likesThis video was a very nice introduction, by the way!
Jesus you make it look so easy !! Love it ! Keep em coming my friend.
10 likesMan, saw this and your wannacry videos, they are insanely high quality. I really hope you still plan on making more videos at some point!
2 likesawesome tutorial - keep them coming man!
1 likeHello, loved your tutorial! Do you know if Ghidra has the ability to view embedded image files?
0 likesReplies (3)
Thanks! Yes it does, and they’ll be marked as a bookmark
0 likes@stacksmashing Thanks!! Yep I see them all in bookmarks, now I need to figure out how to view them!
0 likesJust double click on the bookmark, and the picture should be in the disassembly view
1 likeIts like the perfect purity of a man page was compiled into a perfect video. Instructions so clear I accidentally cracked the travelling knapsack problem.
33 likesCould you do a little tutorial using a MSDOS 16bit binary file? Maybe something that's not packed?
0 likesThat's a great tutorial man ,thx!
0 likes4:07 "a small popup will show up."
91 likespopup occupies most of screen.
Is there a way to find what part(s) of the program are referencing a data-text string? I've tried doing a global search of the address, but where can I find the functions that use it? I've looked at the tutorial 'Z0FCourse_ReverseEngineering' from stryker2k2/ wolfshirtzlabs but don't see that covered!
0 likesVery new to this, would OllyDbg or IdaPro be more beginner friendly?
Replies (2)
I'm a normie, no govlarp here,
0 likesIDA is the only one I've heard of,
Would be interesting to see how file analysis programs are built from scratch, as well as what language they would have to use to build a file analysis tool like ghidra or IDA
Ghidra is kind of esoteric,
IDA all the normies like me will recognize
I know the govlarp people like using python
There should be a list of "X-REFS" on the far right of the listing (you might need to scroll horizontally). There should also be a right-click option to show/list references.
0 likesThanks for sharing! What do you use to show your keyboard input?
0 likesReplies (2)
It's a tool called Keycastr
0 likes@stacksmashing
0 likeswhy am i getting this error ?
/ghidraprojects/rev50_linux64-bit: cannot execute binary file
Can you explain what argv[0] is? If argv[1] is the array of arguments.
1 likeReplies (1)
argv[0] is the program Name, 1 is the first argument, 2 the second argument etc :)
2 likesSo if you call “ls /etc” argv[0] contains “ls”
Great introduction to Ghidra!
0 likesYou have 13.2K subscribers and only 3 videos from 8 months ago! This was such a great video, I was disappointed to see you didn't have more content.
3 likesReplies (1)
Tech YouTubers always have their view count scaled way down
0 likesgreat !!! Please, more !!!
0 likesJust curious as I just learned that this tool exists, what is difference using this vs ollydbg for cracking? Other than assembly
1 likeMore tutorials please!!!
0 likesThank you for this video!
0 likeshello, i have followed the same steps as you but my main function looks different. and it says no function in decompiler. please help
1 likeReplies (1)
I'm having the same problem
0 likesI hope you teach me more about reverse , please create tutorial on udemy , i will subscribe you
1 likeThank you for the nice tutorial!
1 likeGood and fast introduction!
1 likeHey, can you explain how to figure out which format/language/etc is used for a specific program, if you don't know it? :)
0 likesGood Job btw
Replies (2)
PE Header, eg program named "Detect it easy 2.00"
0 likesThere is only one language - assembly :)
0 likesThank you for this tutorial.
3 likesamazing man keep uploading ghidra tutorials
5 likesGreat job
1 likevery thorough. thanks
1 likeAmazing tutorial
0 likesGreat video. Keep it up!
1 likeKind of a dumb question but how did you get your keystrokes to show up on the screen like that?
0 likesWhat VM do you use for running Linux code in OSX?
0 likesGreat content, subbed, keep them coming!
2 likesWhat Microsoft did right is "Maximize" and the taskbar.
1 likeCould you please make a tutorial on how to skirt the Mac OX Catalina 10.15.8 and download Ghidra? I really want to start using Ghidra but my mac will not allow the Javascript updates ...
0 likesThank you Ghidra Ninja. You are a true Ninja!!
4 likesVery cool, I LOVE Ghidra so far
0 likesLooking forward to more videos like this.
2 likesGreat, really great !
0 likesWaiting for more videos from you.
0 likesThanks man for the knowledge you are awsm
1 likeI love it , already subscribed !
10 likesHello Ninja. I wonder how you secure your MacOS environment from the malware you analyzing? Seems like you are not running a virtual machine, then how do you isolated your machine?
0 likesReplies (7)
Songchen Han In this case he’s analyzing a Linux binary, so it physically cannot run on macOS so there is no concern there. Same if you’re analyzing Windows malware on macOS or Linux (yes it may run under Wine, but you’d have to do that manually and it most likely wouldn’t work anyway). Also even if it was Mac malware, or if you were running Linux or Windows and analyzing Linux or Windows malware respectively, as long as you don’t execute the file it can’t do anything to your machine.
0 likesNow with that said, if you’re analyzing malware at all, I agree it’s probably best to always do it inside a VM with networking and file sharing disabled just to be safe. Of course if your just reversing some normal software you don’t need to worry about any of that.
@Ben Baron OMG you are so sweet! That is a very good detailed explanation I could ever expected, that is very kind of you.
0 likesI see, we can still reverse software/malware without of running environment. Huh, I ask because the only reverse engineer I do is the buffer overflow attack with requires the application to run and interact while monitor the registers and such in Immunity Debugger. I guess this is different from just purely "Reverse engineering".
I am so happy I learned something today, thanks Ben!
@Songchen Han Glad to help :)
0 likesYes exactly, when reversing with Ghidra, it's doing a disassembly and decompilation which is a static analysis. It never actually runs the binary. That's why he's able to analyze a linux elf on macOS, as it doesn't need to be compiled for that OS or even for that CPU architecture. He could just as easily be reverse engineering some ARM linux firmware or something.
It's basically the same as looking at the file in a hex editor, except it's doing the extra work of converting the machine code into assembly and then a step further into C code which you can then annotate and comment to better understand the code flow.
If you were to want to then use the information you learned from Ghidra to modify the binary for example to change a command and control server address or something like that so you could do some dynamic analysis by running it and viewing it's network traffic in Wireshark for example, then you would definitely want to do that in an isolated VM. But all Ghidra is doing is just looking at the bytes, it's not executing anything (unless it has some dynamic analysis features I'm unaware of).
@Ben Baron Thank you sir! I think I am more interested in the latter(modify the binary or control address). I guess that is dynamic analysis then.
0 likesWhat tools you recommend for dynamic access then? Immunity Debugger/IDA PRO for windows, GDB for linux ?
@Ben Baron Also, do you have a twitter or something I can follow?
0 likes@Songchen Han To clarify, I'm not a security researcher or anything, though I have been a professional software engineer for a decade now and have been tinkering with computers since I was a kid. At work I do everything from managing and securing servers, building custom Android ROMs (including a bit of kernel hacking), and writing software in various languages on various platforms. However, as a hobby I like to work on embedded hardware and game console hacking/homebrew, so I've been interested in learning Ghidra to reverse engineer console homebrew, software, and firmware, especially Dreamcast at the moment as I'm most heavily working on that console right now and there is an SH4 CPU plugin for Ghidra.
0 likesWith that said, just based on my software development background, for dynamic analysis, something like GDB, LLDB, or whatever debugger is common on Windows (I don't use it much) and Wireshark for network monitoring is a good place to start. Keep in mind that if the binary was stripped and not exported with debug symbols (which if they know what they're doing is likely the case) it will be more difficult to use any debugger. Though once you know the addresses of the functions you're interested in from Ghidra disassembly, you should be able to at least set breakpoints on them and do some inspection of memory and registers, etc, but the normal debugging functionality will be more limited than usual and many commands will likely not work or not work correctly.
I wish I could give you more information, but I'm still learning myself and am very new to reverse engineering which is why I've been watching this channel and LiveOverflow a lot lately.
I'm @benbaron on Twitter, but I rarely use it. I'm on Discord a lot as @einsteinx2#2342, mostly in the Simulant Discord server, which is a Dreamcast hacking and homebrew development server.
@Ben Baron Still, you taught me something I never think of, bring me the concept of dynamic analysis, i use to think dynamic analysis is more like static code comparison by software with less human involved. but good to learn that.
0 likesI also add you from discord, name is RedCorner!
I am following the liveoverflow as well!
Great Job! Keep up please.
1 likecooooooooooooooooooooooooool
0 likesLoved it!
Thanks man. I enjoyed you cracking that.
1 likeThanks for the video =)
0 likesnice but can u show the next step to us like if i have to modify the exe and have to change password from @ to something else how am going to do that . i know there are tons of tuts there but all of them go through asm analysis and not teach exe modification , so will be thankful if u can make detail video on exe modifications
0 likesThank you so much!!!
1 likeThank you - and pls. continue the work. PS: made me smile.
6 likesTHANK YOU FOR DOING GOD'S WORK!
4 likesInteresting why it throws error: Invalid Function Signature
2 likesBut you edited at 06:37 without problem..
Maybe new version is aware it must be array :)
Replies (2)
How can i fix this error? I'm at the moment a noob at programming.
0 likes@let's player the LARP groups are showing people how to use this shit lmao, hire me LARP people,
0 likesI don't second guess stuff when I know what the shot is
Great job
4 likesI get an error "decompile.exe" not found when disassembling. Anyone know why?
0 likesWhat VM are you using to get that seamless terminal integration?
0 likesReplies (1)
It's an SSH session into the VM
0 likesawesome!
0 likesCan someone please help me find an unused map select for a GC game?
1 likeplease can you write the easy_reserve password??
0 likesWould love to try this but I'm not putting anything made by the NSA on my PC lol
0 likesHow difficult is to show how to save (which format) the patched file or/and apply to original file ???? ????? ?????
0 likesHow do you get the Linux shell on the terminal?
3 likesReplies (2)
It’s a SSH connection into a VM
2 likesAh I see. Thanks for the reply
0 likesNice introduction! Had have no idea abut Ghidra ;)
1 likelove it bruh...
2 likeskeep it up
hi i have a problem: i the analyse just does not start! and if i want to select it from the menu it is gray. can someone help me please?
0 likesnote: im using windows 10
What VM were you using during this video?
4 likesReplies (1)
None, I have a separate computer where I do this kind of stuff.
4 likesmy terminal doesnt allow me to open the crack me initially, you said you're using a VM, is that a different terminal than mac's default?
1 likeawsome tutorial !! only issue why we changed char* argv[] to char **argv ??
1 likeReplies (1)
Because Ghidra unfortunately does not support [] in the function signature - so instead of saying 'this is a pointer to an array' we say 'this is a pointer to a pointer', which gives us the result we want :) (Simplified: Working with an array in C is basically just pointer-arithmetic in the background)
5 likesWatched first 11 seconds. subscribed. I think I'm only subscribed to a dozen people after over a decade of being on Youtube.
0 likeswow your using this sucesfully and i fail at a baby shark singing program (basically a less trivial kinda hello world) lol.
6 likesactually ghidra seems to hate the function definitions of visual studios stdlib...
Pls increase volume, cant hear you
0 likesis there a way i can try this? because the crackme zip file is password protected
0 likesReplies (1)
Check the FAQ of crackmes.one :)
0 likeshi! can you reload crack me file? link is down
3 likesReplies (1)
Will do later today!
0 likesHave you noticed that it's not possible to patch or export working exes from Ghidra?
1 likeReplies (2)
File -> Export program didn't work for you?
0 likesnah it creates binaries with seg faults. @stacksmashing check this out: https://github.com/NationalSecurityAgency/ghidra/issues/19
1 likeWonderful introduction! You kind of sound German
0 likesReplies (1)
hai
0 likeslots of day later i restarted, i thought i had to rewrite program name and make it with 10 letters. oOPps forget [1] != 1 rather 2.
0 likesIt's Ghidra!!! It's not a J. It's a soft G as in gear (not G as in generous or gentle or genius). Then it's followed by hard E, as in easy and finally dra (soft), as in dram.
0 likesSo is anyone else having trouble accessing crackmes.one? Any word on how long it's going to be down.
1 likeReplies (2)
Looks like it down, will upload and host the crackme myself later today (on a plane right now)
0 likes@stacksmashing how did you get this crackme to run on macos? I can't seem to get mine to run :/
0 likesI cant run the exec on my mac. It says "zsh; exec format error"
1 likeAAA content.
3 likesGrüße aus Deutschland
what is the password?
0 likesthis tutorial is very jay
2 likesReplies (1)
So there are "good" feds?
0 likesTell me what the shot is lmao, I'm too bored and see through the veil that most content is staged and fake
Is it only for mac?
0 likesnot working anymore for the main function. still trying to figure out what changed
0 likesReplies (1)
Use this instead:
0 likesint main (int argc, char * * argv)
Wait, it is pronounced jai-dra not ghee-dra?
0 likesLearn something new everyday.
Replies (2)
Ah no, It is pronounced ghee-dra afaik, or atleast that's the popular pronunciation. He himself calls it ghee-dra in later videos
1 likeAccent
0 likesIs Ghidra really safe to use?
1 likeI do not trust the NSA at all.
Replies (1)
@killmoo, true, but I believe there were several vulnerabilities found and fixed in Ghidra upon its release.
1 likeNow seeing as it was an in-house tool for the NSA, then they should have been able to patch these up (or at least some of them, and acknowledge that these vulnerabilities exist).
I find it hard to believe that those vulnerabilities are not, in fact, deliberately placed backdoors.
I really want to get into reverse engineering, and I only use free software, so I guess I'll have to use radare2 for the time being.
(I'm not saying radare2 is bad, it's just notoriously difficult to learn and virtually impossible to master, from what I've heard and read at this point in time.)
PS of course vulnerabilities exist in virtually every program, and it is entirely possible that these vulnerabilities slipped through, but seeing as we are talking about the NSA and their infamous reputation, I can't help but be dubious and sceptical.
(Edit: content.)
can you plz tell the ZIP password here
1 likeReplies (1)
Passwords are often : crackmes.de or crackmes.one
0 likesdoes it work in windows ?
0 likesReplies (1)
Yes
0 likesit's Ghidra G as in Get.
0 likes"Just hit okay because nobody reads those anyway" Well, I guess I'm a nobody.
138 likesReplies (5)
You sir are a thought criminal reading those agreements... tut tut..
9 likes@EchoXIII...GO! I do recall about 10 years ago, a very prominent software vendor had an Easter egg in the terms and conditions. something about giving away your first born and pledging elegance to satan. It took about 5 or more years for someone to finally read it and mention it. (Mickyj Whitehat)
21 likes@benzo I highly doubt an opensource project would send data to the NSA, I feel like people are very aware of their role in the world, especially floss peeps.
7 likesYou must know what you are agreeing to before you agree.
0 likes@benzo people with the skill & knowledge to use Ghidra are exactly the people with the skill & knowledge to find out if you've hidden something shady in it, especially since it's open source. It's the last group of people you'd want to attempt to fool.
7 likes"Let's get started..." - 6:00
0 likesApproved for 100k.
0 likesXkeyscore server tutorial next ?
0 likesI come here only to see what the heck ghidra is. I know nothing about reversing, executables and stuff, and I never use Mac in my lifetime, so please forgive me if my question is so stupid. 0:26 Can you really run linux elf binary on Mac?? Or have you done some "hack" before to make it possible?
0 likesWhy does he pronounce it Ghidra in another video but pronounce it Ghidra in this video?
0 likesthis is so complicated xD
0 likesJidra 😞😭 didnt think that video would stress me out this much 🥶🥶🤯
0 likesfucking awesome
0 likesIt's pronounced GHEE dra
2 likeshow anyone does not read a agreement license that mentions nsa :P
0 likesIt is pronounced gee dra nor jeay dra
0 likesquality
0 likesnice
2 likesAre you running this on a vr enviroment?
0 likesReplies (4)
Do you mean VM? I run this on a dedicated machine that I regularly wipe anyway. (And I don't think Ghidra is backdoored or anything.)
0 likes@stacksmashing sorry that is exactly what i meant cool thank you for the info do you recomend running this in a VM enviroment or on my regular linux machine
0 likes@Geo Brito I in general recommend running things like this in a VM cause I've accidentally ransomwared my investigation VM before :D
1 like@stacksmashing thank you great tutorial by the way.
0 likesnice
1 likeit is pronounced gheedra
0 likesAre you on a Mac or is this a Vbox
1 likeU sad that u been using it for "years" so my question is how did u know it befor vault7 leak? How long u are/been working for nsa?
0 likesDude, it's pronounced "Ghidra"! (j/k, was a good video)
0 likesNice reverse engineering. wouldn't call it a crack, since you didn't patch it to allow any input ;)
0 likesI get a popup when changing to the new c standard saying Can't pass name: argv[]
0 likesdas gut
0 likesGHIDRA!
0 likesThe NSA program that comes with a built-in spyware and R.A.T!
It's funny that you pronounce Ghidra wrong this entire video.
1 likeReplies (1)
Indeed :) I fixed it in the other ones.
0 likescomment here the password I am from another country there and it is difficult to know just by hearing the password
1 likeIt's Gee-druh, not jeye-druh
26 likesReplies (1)
I thought since the g is before the h it would be pronounced as geye-druh fff
0 likesEnglish has me all sorts of confused
It's GHee-Drah bro
3 likesTidy work
0 likesNo Pop & Push!? Noobs...
0 likesThe crackme was a stupid crack me totally unrealistic no body codes that way in real life ........just saying it would take me no less than 30 seconds to NOP the jumps NO KEY NEEDED .
0 likesReplies (1)
That's why it's a simple crackme :)
0 likesKyle, WTF is "Dude, it's pronounced "Ghidra"! "? That leaves things as clear as mud. It is pronounced GEE-druh with a hard G (as in "good").
0 likes...just hit agree because in the EULA, you sign your first child over to the NSA.
2 likesThat's super bad advice.
Replies (1)
It's also a joke :)
1 likeThis is ghidra , so what software is indra? Or is indra a red herring ?
0 likesWhere is debugging mode?
0 likesReplies (2)
Not yet released unfortunately
0 likes@stacksmashing I think we should use immunity debugger + ghidra
0 likesyeaaaaaaaaaaaaaaaaaaaaaaaaaaaa !
1 like17
0 likesUh, like can you play Space Invaders on this? Didn't understand a thing you were talking about. Looking for old games like Pac-Man? my homie? Do you have Pac-WoMan? Dude, nomesayin
0 likes