JHUAPL/CodeCut
1
0
Fork 0
mirror of https://github.com/JHUAPL/CodeCut.git synced 2026-01-09 13:28:06 -05:00
Code Issues Packages Projects Releases 4 Wiki Activity
Files
44dbcdce55c3949e9bca6a3e0cc9ecf7f51c82c4
CodeCut/deepcut-ghidra
History
evm 44dbcdce55 Final minor tweaks for CodeCut 1.1 release
2023-11-22 15:37:45 -05:00
..
data
Fixed extra directories
2022-12-20 17:03:14 -05:00
ghidra_scripts
Fixed extra directories
2022-12-20 17:03:14 -05:00
gradle/wrapper
Fixed extra directories
2022-12-20 17:03:14 -05:00
os
Fixed extra directories
2022-12-20 17:03:14 -05:00
src
Final minor tweaks for CodeCut 1.1 release
2023-11-22 15:37:45 -05:00
build.gradle
Fixed extra directories
2022-12-20 17:03:14 -05:00
extension.properties
Fixed extra directories
2022-12-20 17:03:14 -05:00
gradlew
Updating legal comments
2023-02-23 11:04:21 -05:00
gradlew.bat
Fixed extra directories
2022-12-20 17:03:14 -05:00
Module.manifest
Fixed extra directories
2022-12-20 17:03:14 -05:00
README.md
Added high level README
2023-01-12 16:15:13 -05:00
requirements-torch_geometric.txt
Fixed extra directories
2022-12-20 17:03:14 -05:00

README.md

Ghidra Deepcut Analyzer

Implementation of Deepcut as a Ghidra one-shot analyzer.

Building and Installation

Requirements are the same as Ghidra. Currently JDK 17 (or newer) is required (for Ghidra 10.2).

Ghidra's standard Gradle build system is used. Set the GHIDRA_INSTALL_DIR environment variable before building, or set it as a Gradle property (useful for building in an IDE):

Environment variable

$ export GHIDRA_INSTALL_DIR="/path/to/ghidra"
$ ./gradle

Gradle property

echo GHIDRA_INSTALL_DIR=/path/to/ghidra > gradle.properties

The module ZIP will be output to dist/. Use File > Install Extensions and select the green plus to browse to the extension. Restart Ghidra when prompted.

For proper functionality, the plugin should be built with the same JRE used by your Ghidra installation. If you have multiple Java runtime environments installed, select the correct JRE by setting the JAVA_HOME environment variable before building.

Native Python 3

The Deepcut graph based machine learning model needs Python 3 to execute (outside of Ghidra). The analyzer calls an external Python process to execute the model on a graph representation of the binary. There are no GPU requirements since the model converge quickly even running in CPU mode.

Python 3 Path

By default the analyzer use the command /usr/local/bin/python3 to execute the deepcut python script. This setting can be changed in the Analysis Options menu Analysis -> Analyze All Open... To change the setting you need to click the checkbox next to Deepcut (Prototype) first.

Dependencies

Deepcut has the following Python 3 dependencies:

  • torch 1.7.1
  • torch-geometric 1.6.3
  • torch-cluster 1.5.8
  • torch-sparse 0.6.8
  • torch-scatter 2.0.5
  • torch-spline-conv 1.2.0

To install the dependencies:

pip install torch==1.7.1+cpu -f https://download.pytorch.org/whl/torch_stable.html
pip install -r requirements-torch_geometric.txt

The torch-cluster dependency can take a significant amount of time to build and install.

Running the Analyzer

The Deepcut analyzer will not run during auto-analysis. Once the binary is loaded and the auto-analyzer is finish use the menu item Analysis -> One Shot -> Deepcut

Once complete each function will include a moduleX value in the Namespace field.

If there are any errors please make sure you are using the proper path to Python 3 and the requirement dependencies installed.

Troubleshooting

You can verify that dependencies are correct by navigating to: ~/.ghidra/.ghidra_${VERSION}/Extensions/deepcut-ghidra/data and running ./python3 deepcut.py. Python will throw errors if it can't find dependencies. If the process runs and sits there waiting for input, then the dependencies should be correct.

Reference in New Issue View Git Blame Copy Permalink