Linux에서 Ghidra 설치 자동화

이 짧은 게시물은 Ghidra 설치를 자동화하는 데 필요한 단계를 안내합니다. 이것은 빠른 맬웨어 분석을 수행하기 위해 여러 개의 최소 Linux/Ubuntu 설치용 Ghidra를 설정할 때 유용합니다.

목차


  • Commands for Ghidra installation
  • Automating Ghidra installation using a script
  • A fancier script to first check the downloaded Ghidra hash

  • Ghidra 설치 명령

    In this section, I'll be walking through the commands used to install Ghidra.

    Most of these commands will require root privileges, so we'll log into the root account using,

    sudo su
    

    First of all, we need to add the , as Ghidra uses openJDK.

    add-apt-repository ppa:openjdk-r/ppa
    

    Next we'll need to update the package lists using

    apt-get update
    

    Next, we'll need to install unzip , as we'll be downloading a Ghidra zip file from GitHub later. The -y option is added so it will select y when y/n is prompted. This will make the automation smoother, as it will not require user input.

    apt-get install -y unzip
    

    Next, we'll be installing JDK 11 through the package manager, as Ghidra will require JDK 11.

    apt-get install -y openjdk-11-jdk
    
    Next, we'll be downloading the Ghidra 10.1.5 ZIP file from NationalSecurityAgency's Ghidra repo ,

    wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
    


    다음으로 ghidra_10.1.5_PUBLIC_20220726.zip 파일의 sha256 해시를 확인합니다.

    sha256sum ghidra_10.1.5_PUBLIC_20220726.zip
    


    sha256 해시는 17db4ba7d411d11b00d1638f163ab5d61ef38712cd68e462eb8c855ec5cfb5ed 여야 합니다. 해시는 NationalSecurityAgency's Ghidra repo.에서 찾을 수 있습니다.



    다음으로 Ghidra ZIP 파일의 압축을 풉니다.

    unzip ghidra_10.1.5_PUBLIC_20220726.zip
    


    압축을 푼 Ghidra 디렉토리로 이동합니다.

    cd ghidra_10.1.5_PUBLIC
    


    그런 다음 Ghidra는 다음을 사용하여 실행할 수 있습니다.

    ./ghidraRun
    




    스크립트를 사용하여 Ghidra 설치 자동화

    To automate the Ghidra installation process, we'll be using a Shell script with all the commands in the previous section.

    Make a new .sh file using,

    nano auto_ghidra.sh
    

    Paste the contents below into the auto_ghidra.sh file,

    #!/bin/bash
    
    add-apt-repository ppa:openjdk-r/ppa
    apt-get update
    apt-get install -y unzip
    apt-get install -y openjdk-11-jdk
    wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
    unzip ghidra_10.1.5_PUBLIC_20220726.zip
    cd ghidra_10.1.5_PUBLIC
    ./ghidraRun
    

    Add the execution permissions to the script,

    chmod +x auto_ghidra.sh
    

    Finally, execute script using,

    ./auto_ghidra.sh
    

    Now Ghidra will run!





    다운로드한 Ghidra 해시를 먼저 확인하는 고급 스크립트

    The script in the previous section will completely automate the installation and will not prompt the user to double check the Ghidra ZIP file hash. If we want to double check the ZIP file hash before unzipping and running Ghidra, we will use sha256sum on ghidra_10.1.5_PUBLIC_20220726.zip , output the result, and ask the user before moving on.

    If the user double checks that the hash is correct, it will unzip and run Ghidra. If not, it will delete the ghidra_10.1.5_PUBLIC_20220726.zip file and quit.

    #!/bin/bash
    
    add-apt-repository ppa:openjdk-r/ppa
    apt-get update
    apt-get install -y unzip
    apt-get install -y openjdk-11-jdk
    wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
    
    hash=$(sha256sum ghidra_10.1.5_PUBLIC_20220726.zip)
    
    echo 'The sha256 hash is' $hash
    read -p 'Is this the correct hash for ghidra_10.1.5_PUBLIC_20220726.zip ? Yes (1) or No (0):' x
    
    if [ $x == 1 ]
    then
        echo 'Correct hash, continuing to unzip and will run Ghidra'
        unzip ghidra_10.1.5_PUBLIC_20220726.zip
        cd ghidra_10.1.5_PUBLIC
        ./ghidraRun
    
    elif [ $x == 0 ]
    then
        echo 'Wrong hash, quitting and deleting file'
        rm ghidra_10.1.5_PUBLIC_20220726.zip
    fi
    
    The Yes/No prompt for hash checking:


    예(1)를 선택한 경우:





    아니오(0)를 선택한 경우:



    읽어 주셔서 감사합니다! Linux에서 Ghidra로 악성코드 분석을 즐겨보세요!

    좋은 웹페이지 즐겨찾기