{"id":23703000,"url":"https://github.com/revengai/reai-ghidra","last_synced_at":"2025-04-07T10:19:59.196Z","repository":{"id":192624853,"uuid":"676157443","full_name":"RevEngAI/reai-ghidra","owner":"RevEngAI","description":"RevEng.AI Ghidra Plugin","archived":false,"fork":false,"pushed_at":"2025-03-28T15:43:25.000Z","size":11040,"stargazers_count":95,"open_issues_count":3,"forks_count":8,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-31T09:03:38.103Z","etag":null,"topics":["artificial-intelligence","exploit-development","ghidra","ghidra-plugin","ghidra-scripts","reverse-engineering","vulnerability-research"],"latest_commit_sha":null,"homepage":"https://reveng.ai","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RevEngAI.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-08T14:58:18.000Z","updated_at":"2025-03-31T00:21:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"37fd8009-6267-4a26-b717-2167b6cf3613","html_url":"https://github.com/RevEngAI/reai-ghidra","commit_stats":null,"previous_names":["revengai/reait-ghidra","revengai/reai-ghidra"],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RevEngAI%2Freai-ghidra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RevEngAI%2Freai-ghidra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RevEngAI%2Freai-ghidra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RevEngAI%2Freai-ghidra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RevEngAI","download_url":"https://codeload.github.com/RevEngAI/reai-ghidra/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247631833,"owners_count":20970069,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["artificial-intelligence","exploit-development","ghidra","ghidra-plugin","ghidra-scripts","reverse-engineering","vulnerability-research"],"created_at":"2024-12-30T13:00:26.817Z","updated_at":"2025-04-07T10:19:59.173Z","avatar_url":"https://github.com/RevEngAI.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RevEng.AI Ghidra Plugin\n\n[Community Forms](https://community.reveng.ai/c/integrations/ghidra/6) | [Video Overview](https://vimeo.com/879484503) \n\n### AI Assisted Binary Analysis\n\nReleased as open source by RevEng.ai - https://reveng.ai\n\n\u003c!-- TODO --\u003e\n\u003c!-- Released under the Apache 2.0 license (see [LICENSE](LICENSE) for more information) --\u003e\n\n![REAIT interface](screenshots/reait-interface.png)\n\n## Description\n\nThe RevEng.AI Toolkit allows you to interact with our API from within Ghidra.\nThis allows you to upload your currently open binary for analysis,\nand use it for Binary Code Similarity to help you Reverse Engineer stripped binaries.\n\n## Table of Contents\n\n- [Key Features](#key-features)\n- [Installation](#installation)\n  - [Loading the Plugin](#loading-the-plugin)\n  - [Enabling the Plugin](#enabling-the-plugin)\n- [Usage](#usage)\n   - [Auto Analysis](#auto-analysis)\n   - [Function Explaination](#function-explaination)\n- [Contributing](#contributing)\n  - [Building from Source](#building-from-source)\n  - [Reporting Bugs](#reporting-bugs)\n    - [Known Issues](#known-issues)\n- [Credits](#credits)\n\n## Key Features\n\n* Upload the current binary for analysis\n* Automatically rename all functions above a confidence threshold\n* Show similar functions and their names for one selected function\n\n## Installation\n\nThe latest stable version of the RevEng.AI Toolkit for Ghidra can be downloaded from the [Releases](https://github.com/revengai/reait-ghidra/releases/latest) page.\n\n### Loading the Plugin\n\n1. Launch Ghidra.\n2. Navigate to the Install Extensions window.\n   * `File` -\u003e `Install Extensions...`\n3. Click the green \"+\" icon at the top-right corner.\n4. Select the downloaded ZIP file to load the plugin into Ghidra.\n5. Click the \"OK\" button to exit the Install Extensions window.\n6. Restart Ghidra when prompted.\n\n### Enabling the Plugin\n\nOnce installed, you can enable the plugin via the `Configure` tool.\n\n1. Navigate to Ghidra's Configure tool\n   - `File` -\u003e `Configure`\n2. Click `Configure` under the `RevEng.AI` plugin group\n3. Select the checkbox next to each of the plugins you want to enable\n\n![Plugin Config](screenshots/plugin-config.png)\n\nEach plugin is dependent on the `CorePlugin`, for instance, by enabling the `BinarySimularityPlugin` you will automatically enable the `CorePlugin`.\n\n## Usage\n\nIn this section, we provide an example workflow for our plugin that uses test binaries from `src/test/resources`.\n\nOnce the plugin is loaded, there will be additional controls in the toolbar under `RevEngAI Toolkit`.\n\n### Setup\n\nThe first thing we need to do is configure the tool with our API key and the host to use.\n\nWhen you load the plugin for the first time, or by selecting `RevEngAI -\u003e Run Setup Wizard`, you will be guided through the configuration process.\n\n![Config Window](screenshots/config-wizard.png)\n\n\u003e Enter your API Key from the [RevEng.AI Portal](https://portal.reveng.ai/settings) into the API Key field\n\u003e where they will be validated and saved for future use.\n\n\n\n### Running an Analysis\n\nYou are now ready to upload a binary.\n\nImport `src/test/resources/fdupes` into Ghidra and then create a new RevEng analysis, by going to `RevEngAI Toolkit -\u003e Create New Analysis for Binary`.\n\n[//]: # (![Upload using toolbar menu]\u0026#40;screenshots/upload-menu.png\u0026#41;)\n\n[//]: # (![Upload from popup menu]\u0026#40;screenshots/upload-popup.png\u0026#41;)\n\n\u003e We are using `fdupes` with symbols to allow the model to learn what these functions look like, and to provide meaningful labels that we can use later to rename similar binaries.\n\nYou can check the status of your request by selecting `Check Analysis Status` from the same menu.\nStarting an analysis also triggers a background Ghidra thread that will periodically check the status\nand pop a notification when the analysis is complete.\n\nWe now have uploaded `fdupes` to our dataset, meaning we can now use it for our binary similarity tasks. Let's see how this works on a stripped version of fdupes.\n\nImport `src/test/resourcesfdupes.stripped` using the same steps as before. Once this has been completed, you can move on to the next step.\n\nWith `fdupes.stripped` open in Ghidra, select a funtion in Ghidra's listing or decompiler view, and `right-click -\u003e Rename from Similar Functions`, or `CTRL-Shift + R`.\nThis will open the function renaming window.\n\n![Function Rename Action](screenshots/rename-action.png)\n![Function Renaming Window](screenshots/rename-gui.png)\n\nThe list of functions is returned and displayed inside this panel for you.\n\nYou can then click `Refresh` to update the returned functions based on updated parameters.\n\n### Auto Analysis\n\nYou can also batch analyse the binary to rename functions using the `Auto Analyse` tool.\n\n[//]: # (![Auto Analyse Tool]\u0026#40;screenshots/auto-analysis-gui.png\u0026#41;)\n\n[//]: # (This tool pull the list of collections you have access to on your account, and allows you to specify which collections you want to be included in your auto analysis by clicking on the checkbox. Selecting no collections will enable all the available collections in your search.)\n\nMove the slider to determine the confidence level you want to use for batch renaming. Any function returned that is higher than this value will automatically be renamed in the listing view. Clicking the `start` button will kick off the analysis, which you can track in the blue progress bar\n\n[//]: # (![Auto Analysis Progress]\u0026#40;screenshots/auto-analysis-gui-run.png\u0026#41;)\n\nUse `Fetch Similar Functions` to load matches from the API above the confidence threshold.\n\n![Auto Analysis before loading matches](screenshots/empty_aa_dialog.png)\n\nOnce the results are retrieved, you can look at them more closely.\nEach match is represented by a row in the table, and comes with various associated information\nin each column. Not all of them are shown by default,\nyou can configure the displayed columns via the `Add/Remove Columns` entry in the context menu of a column.\n\nYou can now simply accept all displayed results via the `Apply Filtered Results` button,\nor you can investigate them more closely yourself.\n\nGhidra comes with a powerful table including filtering and we integrate with this feature.\nDouble-clicking a table entry will open the corresponding function in the listing view.\n\nYou can search by strings in all matches,\nor you can access the advanced filter options via the `Create Column Filter` button:\n\n![Filter Options](screenshots/filter_options_button.png)\n\n[//]: # (![Auto Analyse Result]\u0026#40;screenshots/auto-analysis-results.png\u0026#41;)\n\nHere you can now set up more complex filters,\ne.g. if you only want to apply matches that satisfy certain criteria.\n\n![Complex Filter Example](screenshots/complex_filter.png)\n\nAfter you apply the filter, the `Apply Filtered Results` button will only apply the matches that satisfy the filter.\n\n![Complex Filter Result](screenshots/complex_filter_result.png)\n\nAlternatively, you can select individual entries via `Ctrl+Click` and `Shift+Click` and apply only those via the\n`Apply Selected Results` button.\n\n## Contributing\n\nWe welcome pull requests from the community.\n\nThe plugin is still undergoing active development currently, and we are looking for feedback on how to improve the plugin.\n\n\n### Code Overview\n\nWe have tried to decompose the plugin into a series of individual plugins dependent on a **CorePlugin**.\n\nThe **CorePlugin** provides services that are shared across all parts of the toolkit, namely configuration and API Services.\n\nYou should therefore group related features into a Feature Plugin, and then acquire services from the CorePlugin as required. This gives users the flexiblity to enable / disable features based on their use-case and/or preferences.\n\n### Building\n\nGradle can be used to build REAIT from its source code.\n\n#### No Eclipse\n\n1. Clone the REAIT for Ghidra GitHub repository.\n   ```\n   git clone https://github.com/RevEngAI/reait-ghidra.git\n   ```\n\n2. Enter the repository and build with gradle.\n   ```\n   cd reait-ghidra\n   gradle -PGHIDRA_INSTALL_DIR=\u003cghidra_install_dir\u003e\n   ```\n   * Replace `\u003cghidra_install_dir\u003e` with the path to your local Ghidra installation path.\n\n3. After building, the plugin ZIP file will be located in the `dist/` folder.\n\n#### Using Eclipse\n\nDeveloping in Eclipse is the prefered method, but it does require some setup on the developers part, below is a (non-exhaustive) summary of what you need to do.\n\n1. Import the project into Eclipse\n2. Under **Preferences -\u003e Gradle**\n   - Add a Program Argument: `-PGHIDRA_INSTALL_DIR=PATH2GHIDRA`\n3. Link you project with Ghidra using GhidraDev\n4. Update your classpath to point at `jar`'s in `lib/`\n   - Again this can be found in your project `preferences`\n\n### Reporting Bugs\n\nIf you've found a bug in reait-ghidra, please open an issue via [GitHub](https://github.com/RevEngAi/reait-ghidra/issues/new/choose), or create a post on our [Community Forms](https://community.reveng.ai/c/integrations/ghidra/6).\n\n#### Known Issues\n\n_Plugin configuration is not appearing after installation:_\n\nCheck that the downloaded folder is called `reai-ghidra` and not `reai-ghidra-2` due to multiple downloads of the same folder.\n\n## Credits\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frevengai%2Freai-ghidra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frevengai%2Freai-ghidra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frevengai%2Freai-ghidra/lists"}