This repository aims to simplify the setup of a Ghidra and BSim server to use the BigSim databases.
Warning
Disclaimer: The provided configuration is meant to be INSECURE to facilitate its use. You are responsible to restrict access to your Ghidra server and BSim server if you desire.
To build the guidra container, execute the build_guidra_container.sh script.
./build_ghidra_container.shThe script creates a docker image named ghidra/ghidra with the Ghidra version used as a the image version. To use a more recent Ghidra version, update the script accordingly.
To customize your deployment, copy the example.env file to .env.
cp example.env .envThen, change the variables according to your needs.
Here is an overview of the options:
FQDN: Domain name or IP of the machine hosting the Ghidra serverGHIDRA_TAG: Ghidra container version previously builtDATA_FOLDER: Relative path to a folder where the data will be stored (by default:./data)
For better security, you can also change the default postgres credentials by changing POSTGRES_USER and POSTGRES_PASSWORD.
The containers will use multiple directories to store their data. However, Ghidra is very sensitive to the ownership and permissions of these directories. Therefore, you need to create them before starting the containers for the first time.
Note
The folder paths should match the DATA_FOLDER variable above
mkdir -p data/bsim_datadir data/repositories export
sudo chown -R 1001:1001 data/*
sudo chmod 777 exportGhidra needs the directories to be owned by the internal ghidra user which has UID and GID 1001. This setup should work even if your host system doesn't have any user with UID and GID 1001. The export folder has fully public permissions to make it easier to retrieve exported data.
Finally, you can deploy the container with docker compose.
docker compose up -dYou should now have access to the Ghidra server and BSim server running on your system.
The repositories will appear in data/repositories and the postgresql databases will be created in data/bsim_datadir.
By default, there are no users on the Ghidra server, so you need to create one. You can either use the utility script or call the svrAdmin binary directly in the container.
docker exec -it bigsim-cli-ghidra-server-1 /ghidra/server/svrAdmin -add <USERNAME>The default password is changeme and Ghidra will ask the user to change it when the user first log in.
The current configuration uses the trust authorisation scheme to disable any authentication. The default user is ghidra.
This is the main use case for this project. You can use the import script to manage components that will be added to your Ghidra and BSim servers.
Once a component has been imported, you can use it as a normal BSim server. You can add it in your Ghidra client in BSim -> Manage Servers. Choose postgresql and enter the connection details.
Change the DB name to the name of the component you want to use.
Once you are connected, you can use this BSim database as you would normally, by looking up functions for similar signatures.
You can also contribute by manually adding new components, exporting them and publishing them.
To create a BSim database, you can use the bsim binary in the docker of the ghidra server. You can also use the bsim binary from you local installation.
docker exec -it bigsim-cli-ghidra-server-1 /ghidra/support/bsim createdatabase postgresql://ghidra@bsim-server/<DATABASE_NAME> medium_nosizeHeadless binary analysis can be executed from any clients. First, create a shared project on the ghidra server. Analysis can then be ran using the CLI.
<PATH_TO_GHIDRA>/support/analyzeHeadless ghidra://127.0.0.1/<PROJECT_NAME> -connect "<USERNAME>" -p -import "<PATH TO FOLDER OF BINARIES>"Once the analysis is complete, the signatures can be generated in a similar way.
<PATH_TO_GHIDRA>/support/bsim generatesigs ghidra://127.0.0.1/<PROJECT_NAME> -u "<USERNAME>" --bsim postgresql://ghidra@127.0.0.1/<DATABASE_NAME> --commit