nsa构架_我如何使用NSA的Ghidra解决了一个简单的CrackMe挑战

nsa构架

by Denis Nuțiu

丹尼斯·努尤(Denis Nuțiu)

我如何使用NSA的Ghidra解决了一个简单的CrackMe挑战 (How I solved a simple CrackMe challenge with the NSA’s Ghidra)

Hello!

你好！

I’ve been playing recently a bit with Ghidra, which is a reverse engineering tool that was recently open sourced by the NSA. The official website describes the tool as:

我最近在玩Ghidra ，这是一种反向工程工具，最近由NSA开源。 官方网站将该工具描述为：

A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission.

由NSA研究部开发的软件逆向工程(SRE)工具套件，用于支持网络安全任务。

I’m at the beginning of my reverse engineering career, so I didn’t do anything advanced. I don’t know what features to expect from a professional tool like this, if you’re looking to read about advanced Ghidra features this is likely not the article for you.

我正处于逆向工程职业的开始，所以我没有做任何高级工作。 我不知道从这样的专业工具中可以获得什么功能，如果您想阅读有关Ghidra的高级功能的信息，那么这篇文章可能不适合您。

In this article I will try to solve a simple CrackMe challenge that I’ve found on the website root-me. The challenge I’m solving is called ELF - CrackPass. If you want to give it try by yourself, then you should consider not reading this article because it will spoil the challenge from you.

在本文中，我将尝试解决在root-me网站上发现的一个简单的CrackMe挑战。 我要解决的挑战称为ELF-CrackPass 。 如果您想自己尝试一下，那么您应该考虑不阅读本文，因为它会破坏您的挑战。

Let’s get started! I open up Ghidra and create a new Project which I call RootMe.

让我们开始吧！ 我打开Ghidra并创建一个名为RootMe的新项目。

Then I import the challenge file by dragging it to the project folder. I will go with the defaults.

然后，通过将挑战文件拖到项目文件夹中来导入它。 我将使用默认值。

After being presented with some info about the binary file, I press OK, select the file, and double click it. This opens up Ghidra’s code browser utility and asks if I want to analyse the file, then I press Yes and go on with the defaults.

在显示了有关二进制文件的一些信息之后，我按OK，选择文件，然后双击它。 这将打开Ghidra的代码浏览器实用程序，并询问我是否要分析文件，然后按“是”并继续使用默认值。

After we import the file, we get some information about the binary file. If we press OK and dismiss this window, and then double click the file we imported, this opens up Ghidra’s code browser utility. I select Yes when prompted to analyze the binary and go on with the defaults.

导入文件后，我们将获得有关二进制文件的一些信息。 如果我们按OK并关闭此窗口，然后双击我们导入的文件，这将打开Ghidra的代码浏览器实用程序。 当提示您分析二进制文件并继续使用默认值时，我选择“是”。

The Code Browser is quite convenient. In the left panel we get to see the disassembly view and in the right panel the decompil