Ghidra is already a well known and widely used platform for reverse engineering. Ghidra provides a platform for plugin development and use. A lot of the work for RE, however, is done manually via researchers each time they RE. This talk enables researchers into a glimpse of what is possible with Ghidra plugins by discussing the philosophy of what can be automated and done via plugins to prevent toil and improve efficiency. This talk and demo aims to enhance researchers knowledge of the possibilities of Ghidra and its Plugin System by walking through how to build a Plugin to aid in reverse engineering Gameboy games and the information embedded in them, which provides a fun and unique view into what is possible with Ghidra Plugins.

The talk aims to lay the groundwork on common use-cases researchers encounter in Ghidra, potentially automating some of those factors, and looking at what can be implemented. It may be difficult to view all the potential use-cases in an abstract way, so what better way to show a use-case than by walking through the development of a plugin and use of it for extracting information out of a Gameboy game and how to develop the plugin that does so.

Starting with the use-case and potential motivators for why a researcher may want to develop or promote the development of a plugin, this talk will break down a pattern for designing the plugin, accomplishing the requirements of the plugin, and the actual development of the plugin in Java and/or Python code. Additionally, it offers researchers who may not be development focused an insight into the world of development in both plugins for Ghidra and general. It allows for context gained on what may be possible and able to be pursued in the plugin space for Ghidra.

Ghidra plugins offer both processing power and the ability to show visuals via the GUI to the researcher. This allows for an automated approach to extracting information from a binary (in this case, a Gameboy game) and presenting it to the user in a standard, uniform way each time. The Gameboy game is a good, fairly straightforward example to show how this methodology and development can be useful for researchers and analysts.

While this presentation takes the aforementioned abstractions and applies them to the RE and information extraction processes on a Gameboy game, the principles and benefits can be abstracted to analyze multiple different file types and use-cases, such as PE, Mach-O, ELF, and more! It can promote a streamlined, repeatable workflow when you leverage plugins to do initial canvassing or to begin analysis of a certain binary.

The presentation will wrap up with a demo of the plugin in Ghidra that was imagined, designed, and implemented during the course of the presentation, as well as an open-source repository to provide to researchers to explore the source code and such as they see fit. The open-source repository allows for users to take what they like from the code and modify to get up and running quickly and easily.