DEV Community

Cover image for Automating Ghidra Installation on Linux
Lena
Lena

Posted on

Automating Ghidra Installation on Linux

This short post will walk through the steps required to automate Ghidra installation. This is useful when setting up Ghidra for multiple minimal Linux/Ubuntu installations to do quick Malware analysis.

The completed scripts can also be found in my Github:
https://github.com/LambdaMamba/AutomationScripts/blob/main/Ghidra

Table of contents

  1. Commands for Ghidra installation
  2. Automating Ghidra installation using a script
  3. A fancier script to first check the downloaded Ghidra hash

Commands for Ghidra installation

In this section, I'll be walking through the commands used to install Ghidra.

Most of these commands will require root privileges, so we'll log into the root account using,

sudo su
Enter fullscreen mode Exit fullscreen mode

First of all, we need to add the openJDK repo, as Ghidra uses openJDK.

add-apt-repository ppa:openjdk-r/ppa
Enter fullscreen mode Exit fullscreen mode

Next we'll need to update the package lists using

apt-get update
Enter fullscreen mode Exit fullscreen mode

Next, we'll need to install unzip, as we'll be downloading a Ghidra zip file from GitHub later. The -y option is added so it will select y when y/n is prompted. This will make the automation smoother, as it will not require user input.

apt-get install -y unzip
Enter fullscreen mode Exit fullscreen mode

Next, we'll be installing JDK 11 through the package manager, as Ghidra will require JDK 11.

apt-get install -y openjdk-11-jdk
Enter fullscreen mode Exit fullscreen mode

Next, we'll be downloading the Ghidra 10.1.5 ZIP file from NationalSecurityAgency's Ghidra repo,

wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
Enter fullscreen mode Exit fullscreen mode

Next, we will check the sha256 hash of the ghidra_10.1.5_PUBLIC_20220726.zip file.

sha256sum ghidra_10.1.5_PUBLIC_20220726.zip
Enter fullscreen mode Exit fullscreen mode

The sha256 hash should be 17db4ba7d411d11b00d1638f163ab5d61ef38712cd68e462eb8c855ec5cfb5ed. The hashes can be found in NationalSecurityAgency's Ghidra repo.

Image description

Next, we'll be unzipping the Ghidra ZIP file.

unzip ghidra_10.1.5_PUBLIC_20220726.zip
Enter fullscreen mode Exit fullscreen mode

Go to the unzipped Ghidra directory

cd ghidra_10.1.5_PUBLIC
Enter fullscreen mode Exit fullscreen mode

Then Ghidra can be run using

./ghidraRun
Enter fullscreen mode Exit fullscreen mode

Image description

Automating Ghidra installation using a script

To automate the Ghidra installation process, we'll be using a Shell script with all the commands in the previous section.

Make a new .sh file using,

nano auto_ghidra.sh
Enter fullscreen mode Exit fullscreen mode

Paste the contents below into the auto_ghidra.sh file,

#!/bin/bash

add-apt-repository ppa:openjdk-r/ppa
apt-get update
apt-get install -y unzip
apt-get install -y openjdk-11-jdk
wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
unzip ghidra_10.1.5_PUBLIC_20220726.zip
cd ghidra_10.1.5_PUBLIC
./ghidraRun
Enter fullscreen mode Exit fullscreen mode

Add the execution permissions to the script,

chmod +x auto_ghidra.sh
Enter fullscreen mode Exit fullscreen mode

Finally, execute script using,

./auto_ghidra.sh
Enter fullscreen mode Exit fullscreen mode

Now Ghidra will run!

Image description

Image description

The full script can be found here as well:
https://github.com/LambdaMamba/AutomationScripts/blob/main/Ghidra/auto_ghidra.sh

A fancier script to first check the downloaded Ghidra hash

The script in the previous section will completely automate the installation and will not prompt the user to double check the Ghidra ZIP file hash. If we want to double check the ZIP file hash before unzipping and running Ghidra, we will use sha256sum on ghidra_10.1.5_PUBLIC_20220726.zip, output the result, and ask the user before moving on.

If the user double checks that the hash is correct, it will unzip and run Ghidra. If not, it will delete the ghidra_10.1.5_PUBLIC_20220726.zip file and quit.

#!/bin/bash

add-apt-repository ppa:openjdk-r/ppa
apt-get update
apt-get install -y unzip
apt-get install -y openjdk-11-jdk
wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip

hash=$(sha256sum ghidra_10.1.5_PUBLIC_20220726.zip)

echo 'The sha256 hash is' $hash
read -p 'Is this the correct hash for ghidra_10.1.5_PUBLIC_20220726.zip ? Yes (1) or No (0):' x

if [ $x == 1 ]
then
    echo 'Correct hash, continuing to unzip and will run Ghidra'
    unzip ghidra_10.1.5_PUBLIC_20220726.zip
    cd ghidra_10.1.5_PUBLIC
    ./ghidraRun

elif [ $x == 0 ]
then
    echo 'Wrong hash, quitting and deleting file'
    rm ghidra_10.1.5_PUBLIC_20220726.zip
fi
Enter fullscreen mode Exit fullscreen mode

The sha256 hash should be 17db4ba7d411d11b00d1638f163ab5d61ef38712cd68e462eb8c855ec5cfb5ed, which can be found in NationalSecurityAgency's Ghidra repo.

Image description

The Yes/No prompt for hash checking:
Image description

If Yes (1) is selected:

Image description

Image description

If No (0) is selected:

Image description

The full script can be found here as well:
https://github.com/LambdaMamba/AutomationScripts/blob/main/Ghidra/auto_ghidra_hash.sh

Thanks for reading! Have fun doing malware analysis with Ghidra on Linux!

Top comments (0)