89f4b88503
Per https://bugs.eclipse.org/bugs/show_bug.cgi?id=134634#c3 this mirror redirection feature is not well known, but it works and it removes a decision point from an otherwise copy-and-paste set of steps. The `r=1` query fragment causes Eclipse.org's download.php to pass a redirect directly back to the client rather than a mirror list: https://git.eclipse.org/c/www.eclipse.org/downloads.git/tree/download.php#n97 Sadly it appears that including the `protocol=https` query element is wasted effort since that value is unconditionally overridden: https://git.eclipse.org/c/www.eclipse.org/downloads.git/tree/download.php#n173 Add CDT 8.6.0 checksum verification (via HTTPS) Per https://wiki.eclipse.org/CBI/How_to_check_integrity_of_downloads_from_the_Eclipse_Foundation the Eclipse Foundation mirror system offers the ability to retrieve checksums for mirrored packages to provide an additional degree of certainty about the absence of tampering in transit, since mirrored files are provided via HTTP. (The link cites performance concerns as the reason for transferring mirrored files unencrypted, but that concern, while common, is well known to be less worrisome than has been the case even recently, [eg.][1] ) The `sums.php` [source][2] shows three checkum types may be used as valid options: md5, sha1, and sha512. We'll prefer sha512. We'll also assume that the `sha512sum` tool is available and supports the `-c`/`--check` invocation option. I have observed these three checksum values for `cdt-8.6.0.zip` as returned by the Eclipse Foundation mirror, and I'm noting them here rather than in `DevGuide.md` directly on the assumption that it is a better idea to let `sha512sum` do the verification instead of the user following the guide: | Type | Value | | ------ | ----- | | md5 | `8e9438a6e3947d614af98e1b58e945a2` | | sha1 | `6363c3eece78277cc6b6748bb4eba0166db30a6a` | | sha512 | `2b8bb498146aa29995e807c5b4e9d5dab0f6afe89a5ce256978b7b2c478677a0cb5a0f15913a32bd99cb7b4bb31230521f70b9c26cdef1cb983dfcea599737c0` | [1]: https://istlsfastyet.com [2]: https://git.eclipse.org/c/www.eclipse.org/downloads.git/tree/sums.php |
||
|---|---|---|
| .github/ISSUE_TEMPLATE | ||
| eclipse | ||
| Ghidra | ||
| GhidraBuild | ||
| GhidraDocs | ||
| GPL | ||
| gradleScripts | ||
| licenses | ||
| .gitattributes | ||
| .gitignore | ||
| build.gradle | ||
| certification.local.manifest | ||
| CONTRIBUTING.md | ||
| DevGuide.md | ||
| DISCLAIMER.md | ||
| LICENSE | ||
| NOTICE | ||
| README.md | ||
| settings.gradle | ||
Ghidra Software Reverse Engineering Framework
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.
To start developing extensions and scripts, try out the GhidraDev plugin for Eclipse, which is part of the distribution package. The full release build can be downloaded from our project homepage.
This repository contains the source for the core framework, features, and extensions. If you would like to contribute, please take a look at our contributor guide to see how you can participate in this open source project.
If you are interested in projects like this and would like to develop this, and other cybersecurity tools, for NSA to help protect our nation and its allies, consider applying for a career with us.