search

redballoonsecurity / ofrak

OFRAK: unpack, modify, and repack binaries.
https://ofrak.com
Other
1.82k stars 128 forks source link

External Ghidra Server Integration #460

Closed SamL98 closed 1 month ago

SamL98 commented 2 months ago

Allows for users to connect to an external ghidra server by changing the host in ofrak_ghidra.conf.yml. Also exposes OFRAK's ghidra server for users to connect an external ghidra instance to.

One sentence summary of this PR (This should go in the CHANGELOG!)

Link to Related Issue(s)

Please describe the changes in your request.

Anyone you think should look at this, specifically?

dannyp303 commented 1 month ago

I am testing trying to use exclusively an external ghidra server with OFRAK using the headless analyzer to connect to it. The CreateRepository.java file creates a new respository for OFRAK, but that command is run in run_ghidra_server.sh, which we shouldn't have to run to allow the client to work with an external server.

running the command ./support/analyzeHeadless . dummy -postScript CreateRepository.java root changeme <myserverhostname> 13100 -scriptPath <path_to>/ofrak_ghidra/ofrak_ghidra/ghidra_scripts/ -deleteProject -noanalysis allows me to connect to the external server and provides it the scripts required to do ofrak analysis.

We need to run that command somewhere, make it more generic and remove it from the shell script that starts the server and instead run it when the client starts. Probably also test the server for the repo ofrak and don't run it if that repo exists.

dannyp303 commented 1 month ago

I am testing trying to use exclusively an external ghidra server with OFRAK using the headless analyzer to connect to it. The CreateRepository.java file creates a new respository for OFRAK, but that command is run in run_ghidra_server.sh, which we shouldn't have to run to allow the client to work with an external server.

running the command ./support/analyzeHeadless . dummy -postScript CreateRepository.java root changeme <myserverhostname> 13100 -scriptPath <path_to>/ofrak_ghidra/ofrak_ghidra/ghidra_scripts/ -deleteProject -noanalysis allows me to connect to the external server and provides it the scripts required to do ofrak analysis.

We need to run that command somewhere, make it more generic and remove it from the shell script that starts the server and instead run it when the client starts. Probably also test the server for the repo ofrak and don't run it if that repo exists.

I think the best way to solve this issue is to create a ofrak server connect command with server options. In doing this i also think we should get rid of the ofrak_ghidra.conf.yml arch for selecting a server and make it arguments to ofrak server start with the defaults as what is currently in the config, using the same arch for the connect command.

@whyitfor thoughts?

dannyp303 commented 1 month ago

Good as is, will open a new MR with my proposed changes to better connect to external server