NSA's Ghidra - C++ reversing revisited
At the time of this writing, the NSA has just released a tool that seems like an open-source IDA Pro to me. Very impressively, it claims to contain a decompiler, similar to the HexRays product for IDA Pro. I thought it would be nice to give it a spin, and specifically wanted to know how the decompiler fares with C++ code.
Lets revisit the beginning of the program as shown by the disassembler edb:
You won't find the solution to the challenge here. That is against root-me.org rules. We are simply looking at the C++ aspects of the executable.
and now let's see what the Ghidra decompiler presents us:
It does an excellent job!
Next, lets investigate the
plouf function, which is where all the important work happens in this particular program. First, revisit what edb give us:
Next, compare to the Ghidra decompiler:
This is just fantastic. HexRays just got some real competition!
Finally, lets compare the function graph functionality to edb:
I think it does a little better job in representing the control flow, even going as far as labelling the loop type:
Another powerful (and free!) tool in the box....