Ghidra/IDA Reverse Engineering Skill

Overview

This skill provides deep integration with Ghidra and IDA Pro for comprehensive binary analysis and reverse engineering tasks.

Capabilities

• Execute Ghidra headless analysis scripts
• Parse and interpret disassembly output
• Generate and run Ghidra Python scripts
• Analyze decompiled code for vulnerabilities
• Extract function signatures and data structures
• Create and apply Ghidra type definitions
• Export analysis artifacts (call graphs, data flows)
• Support IDA Pro scripting (IDAPython)

Target Processes

• binary-reverse-engineering.js
• firmware-analysis.js
• malware-analysis.js
• vulnerability-root-cause-analysis.js

Dependencies

• Ghidra CLI (analyzeHeadless)
• IDA Pro (optional, for IDAPython support)
• Python 3.x with ghidra_bridge or ghidrathon
• Java Runtime Environment (for Ghidra)

Usage Context

This skill is essential for:

• Static binary analysis workflows
• Vulnerability discovery in compiled code
• Malware reverse engineering
• Firmware extraction and analysis
• Protocol reverse engineering from binaries

Integration Notes

• Ghidra headless mode enables automated analysis pipelines
• Results can be exported as JSON, XML, or custom formats
• Supports both script-based and interactive analysis workflows
• Can generate Ghidra project files for manual follow-up