blacktop / docker-ghidra Goto Github PK

View Code? Open in Web Editor NEW

191.0 9.0 55.0 275 KB

Ghidra Client/Server Docker Image

License: Apache License 2.0

Dockerfile 45.41% Makefile 12.82% Shell 41.77%

ghidra disassembler java nsa docker docker-image

docker-ghidra's Introduction

docker-ghidra

Ghidra Client/Server Docker Image

Why?

Cuz installing Java on your Mac is gross. 😏

Dependencies

eclipse-temurin

Image Tags

REPOSITORY               TAG                 SIZE
blacktop/ghidra          latest              1.45GB
blacktop/ghidra          10                  1.45GB
blacktop/ghidra          10-beta             1.4GB
blacktop/ghidra          9.2                 1.33GB
blacktop/ghidra          9.1                 1.18GB
blacktop/ghidra          9.0                 1.18GB

NOTE: tag beta is built from master

Getting Started

Client

On macOS

Install XQuartz brew install xquartz
Install socat brew install socat
open -a XQuartz and make sure you "Allow connections from network clients" (in XQuartz > Preferences... > Security)
Now add the IP using Xhost with: xhost + 127.0.0.1 or xhost + $(ipconfig getifaddr en0)
Start socat socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"
Start up Ghidra

$ docker run --init -it --rm \
             --name ghidra \
             --cpus 2 \
             --memory 4g \
             -e MAXMEM=4G \
             -e DISPLAY=host.docker.internal:0 \
             -v /path/to/samples:/samples \
             -v /path/to/projects:/root \
             blacktop/ghidra

Server

$ docker run --init -it --rm \
             --name ghidra-server \
             --cpus 2 \
             --memory 500m \
             -e MAXMEM=500M \           
             -e GHIDRA_USERS="root blacktop" \
             -v /path/to/repos:/repos \
             blacktop/ghidra server

Headless

$ docker run --init -it --rm \
             --name ghidra-headless \
             --cpus 2 \
             --memory 4g \
             -e MAXMEM=4G \
             -v `pwd`:/samples \
             --link ghidra-server \
             blacktop/ghidra:beta support/analyzeHeadless ghidra://ghidra-server:13100/Apple/12.4.1/ -import /samples/dyld_shared_cache -connect blacktop -p -commit "Loading Dyld."

Note To run just the server (and connect from other GUI clients etc) you must expose the ports

$ docker run --init -it --rm \
             --name ghidra-server \
             --cpus 2 \
             --memory 500m \
             -p 13100:13100 \
             -p 13101:13101 \
             -p 13102:13102 \
             -e MAXMEM=500M \
             -e GHIDRA_USERS="root blacktop" \
             -v /path/to/repos:/repos \
             blacktop/ghidra server

TODO

Figure out how to add --network none 😉
Figure out how to add --read-only

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

Black Background Issue

If the Ghidra opens in XQuartz with a black background, try closing XQuartz, executing defaults write org.xquartz.X11 enable_render_extension 0 in terminal. See issue #31 on XQuartz GitHub repo for more information.

Running on Ubuntu host

An example on how to run ghidra on Ubuntu (18.04) host

docker run --init -it --rm \
            --name ghidra \
            --cpus 2 \
            --memory 4g \
            -e MAXMEM=4G \
            -e DISPLAY=$DISPLAY \
            -h $HOSTNAME \
            -v /tmp/.X11-unix:/tmp/.X11-unix \
            -v /tmp/samples:/samples \
            -v /tmp/root:/root \
            -v $HOME/.Xauthority:/root/.Xauthority \
            blacktop/ghidra

Credits

NSA Research Directorate https://github.com/NationalSecurityAgency/ghidra

License

Apache License (Version 2.0)

docker-ghidra's People

Contributors

Stargazers

Watchers

docker-ghidra's Issues

Is there a way to set the IP to 0.0.0.0

I'm having an issue whenfiring up the docker container, it binds to the local docker address (172.x) and I cannot access the ghidra server via LAN (yes, I've forwarded the ports on the docker host with -p), but I think ghidra will try and do reverse DNS and bind to that specific address. Looking in the Ghidra Server documentation they allow you to specify -ip0.0.0.0 to get around this, but I'm not sure exactly where I would put this using this container.

Not really a bug, more of a usability thing, any help is appreciated.

Support ARM Builds

Would be nice to have ARM64 builds so this can be run on an M1 mac without x64 emulation.

Ghidra 10.1.5 released

As per title :-)

Can't connect to server

Run server with command on localhost^

docker run --init -it --rm \
             --name ghidra-server \
             --cpus 2 \
             --memory 500m \
             -e MAXMEM=500M \
             -e GHIDRA_USERS="root test" \
             -v `pwd`/repos:/repos \
             blacktop/ghidra server

Try connect in ghidra to next IPs:

127.0.0.1:13100 (localhost)
172.17.0.1:13100 (docker)
172.17.0.2:13100 (image)

Ghidra return error 1 | Connection to server failed (localhost:13100). | Thu May 26 23:22:15 EEST 2022

And no any messages in server about this connection

In firewalld current connection and docker bridge is in trusted mode

Unable to connect to server

Image: blacktop/ghidra:latest

command:

$ docker run --init -it --rm \
             --name ghidra-server \
             --cpus 2 \
             --memory 500m \
             -p 13100-13102:13100-13102 \
             -e MAXMEM=500M \
             -e GHIDRA_USERS="mart" \
             -v /opt/ghidra/repos:/repos \
             blacktop/ghidra server

docker logs ghidra-server

GHIDRA_IP: 0.0.0.0
Using service wrapper: yajsw-beta-13.01
Running Ghidra Server...
YAJSW: yajsw-alpha-13.00
OS   : Linux/5.18.3-arch1-1/amd64
JVM  : Oracle Corporation/11.0.15//usr/local/openjdk-11/64
wrapper|YAJSW: yajsw-alpha-13.00
wrapper|OS   : Linux/5.18.3-arch1-1/amd64
wrapper|JVM  : Oracle Corporation/11.0.15//usr/local/openjdk-11/64
system.env 20
env result 20
wrapper|exec:/usr/local/openjdk-11/bin/java -classpath /ghidra/Ghidra/Features/GhidraServer/data/yajsw-beta-13.01/wrapperApp.jar:/ghidra/Ghidra/Features/GhidraServer/data/yajsw-beta-13.01/lib/core/permit/permit-reflect-0.4.jar:/ghidra/Ghidra/Features/GhidraServer/lib/GhidraServer.jar:/ghidra/Ghidra/Framework/FileSystem/lib/FileSystem.jar:/ghidra/Ghidra/Framework/DB/lib/DB.jar:/ghidra/Ghidra/Framework/Docking/lib/Docking.jar:/ghidra/Ghidra/Framework/Generic/lib/Generic.jar:/ghidra/Ghidra/Framework/FileSystem/lib/ganymed-ssh2-262.jar:/ghidra/Ghidra/Framework/Utility/lib/Utility.jar:/ghidra/Ghidra/Framework/Generic/lib/cglib-nodep-2.2.jar:/ghidra/Ghidra/Framework/Generic/lib/guava-19.0.jar:/ghidra/Ghidra/Framework/Generic/lib/jdom-legacy-1.1.3.jar:/ghidra/Ghidra/Framework/Generic/lib/log4j-core-2.17.1.jar:/ghidra/Ghidra/Framework/Generic/lib/log4j-api-2.17.1.jar:/ghidra/Ghidra/Framework/Generic/lib/commons-collections4-4.1.jar:/ghidra/Ghidra/Framework/Generic/lib/commons-lang3-3.9.jar:/ghidra/Ghidra/Framework/Generic/lib/commons-text-1.6.jar:/ghidra/Ghidra/Framework/Generic/lib/commons-io-2.6.jar:/ghidra/Ghidra/Framework/Generic/lib/gson-2.8.9.jar:/ghidra/Ghidra/Framework/Generic/lib/bcpkix-jdk15on-1.69.jar:/ghidra/Ghidra/Framework/Generic/lib/bcprov-jdk15on-1.69.jar:/ghidra/Ghidra/Framework/Generic/lib/bcutil-jdk15on-1.69.jar:/ghidra/Ghidra/Framework/Docking/lib/timingframework-1.0.jar:/ghidra/Ghidra/Framework/Docking/lib/javahelp-2.0.05.jar -Djava.net.preferIPv4Stack=true -DApplicationRollingFileAppender.maxBackupIndex=10 -Dclasspath_frag=/ghidra/server/../Ghidra/Features/GhidraServer/data/classpath.frag -Dghidra.tls.server.protocols=TLSv1.2;TLSv1.3 -Ddb.buffers.DataBuffer.compressedOutput=true -Xms396m -Xmx768m -Djava=/usr/local/openjdk-11/bin/java -Dghidra_home=/ghidra/server/.. -Dwrapper.port=15003 -Dwrapper.key=-4650405481257857489 -Dwrapper.teeName=-4650405481257857489$1655459260584 -Dwrapper.tmp.path=/tmp -Djna_tmpdir=/tmp -Dwrapper.config=/ghidra/server/server.conf org.rzo.yajsw.app.WrapperJVMMain 
wrapper|posix_spawn pid 76
post start false -4650405481257857489$1655459260584
wrapper|started process 76
wrapper|started process with pid 76
76/0|INFO  Using log config file: jar:file:/ghidra/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)  
76/0|INFO  Using log file: /repos/server.log (LoggingInitialization)  
76/0|INFO  Initializing SSL Context (SSLContextInitializer)  
76/0|INFO  Initializing Random Number Generator... (SecureRandomFactory)  
76/0|INFO  Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)  
76/0|INFO  Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)  
76/0|INFO  Using self-signed certificate: CN=GhidraServer (ApplicationKeyManager)  
76/0|INFO     defaultsigkey: GhidraServer, issued by GhidraServer, S/N 8291b9dccd14decfff99d5f524699539, expires Sun Jun 16 09:47:45 UTC 2024 (ApplicationKeyStore)  
76/0|INFO  Ghidra Server 10.1.4 (GhidraServer)  
76/0|INFO     Server remote access address: 0.0.0.0 (GhidraServer)  
76/0|INFO     Server listening on all interfaces (GhidraServer)  
76/0|INFO     RMI Registry port: 13100 (GhidraServer)  
76/0|INFO     RMI SSL port: 13101 (GhidraServer)  
76/0|INFO     Block Stream port: 13102 (GhidraServer)  
76/0|INFO     Block Stream compression: enabled (GhidraServer)  
76/0|INFO     Root: /repos (GhidraServer)  
76/0|INFO     Auth: Password File (GhidraServer)  
76/0|INFO     Prompt for user ID: yes (GhidraServer)  
76/0|INFO     Anonymous server access: disabled (GhidraServer)  
76/0|INFO     Enabled protocols: TLSv1.2;TLSv1.3 (GhidraServer)  
76/0|INFO  root starting Ghidra Server... (GhidraServer)  
76/0|INFO  Instantiating Repository Manager for /repos (RepositoryManager)  
76/0|INFO  Instantiating User Manager (w/password management) (UserManager)  
76/0|INFO  User file contains 1 entries (UserManager)  
76/0|INFO  Known Users: (UserManager)  
76/0|INFO     mart (UserManager)  
76/0|INFO  Known Repositories: (RepositoryManager)  
76/0|INFO      (RepositoryManager)  
76/0|INFO  Processing 3 queued commands (UserAdmin)  
76/0|INFO  User 'mart' removed (UserAdmin)  
76/0|INFO  User 'mart' added (UserAdmin)  
76/0|INFO  Starting Block Stream Server... (BlockStreamServer)  
76/0|INFO  Registering Ghidra Server... (GhidraServer)  
76/0|INFO  Registered Ghidra Server. (GhidraServer)

Exception on start

I'm trying something a bit different. I'm trying to run this image on Ubuntu 18.04 but I'm getting an Exception from Java on startup:

$ docker image ls
REPOSITORY        TAG       IMAGE ID       CREATED        SIZE
blacktop/ghidra   latest    3df06bde5093   26 hours ago   1.46GB

$ docker run --init -it --rm \
  --name ghidra \
  --cpus 2 \
  --memory 4g \
  -e MAXMEM=4G \
  -e DISPLAY=host.docker.internal:0 \
  -v /tmp/samples:/samples \
  -v /tmp/root:/root blacktop/ghidra

WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.
openjdk version "17.0.7" 2023-04-18
OpenJDK Runtime Environment Temurin-17.0.7+7 (build 17.0.7+7)
OpenJDK 64-Bit Server VM Temurin-17.0.7+7 (build 17.0.7+7, mixed mode)
INFO  Using log config file: jar:file:/ghidra/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)  
INFO  Using log file: /root/.ghidra/.ghidra_10.3.2_PUBLIC/application.log (LoggingInitialization)  

Exception: java.lang.NoClassDefFoundError thrown from the UncaughtExceptionHandler in thread "Ghidra"

I've completely opened X11

xhost +

Any hints you can give to figure out what might be going on?

Thank you!

keyboard input stays with xquartz terminal instead of ghidra gui

The mouse focus works as expected and i can browse and select ghidra menus, but when attempting to input forms with the keyboard, the characters appear on the background xquartz terminal.

osx mojave

docker run --init -it --rm --name ghidra --cpus 2 --memory 4g -e MAXMEM=4G -e DISPLAY=host.docker.internal:0 -v /path/to/samples:/samples -v /path/to/projects:/root blacktop/ghidra

Ghidra 10.2.3 released

10.2.2 and 10.2.3 have been released: https://github.com/NationalSecurityAgency/ghidra/releases

It would be great to get updated Docker images, particularly for 10.2.3.

Thanks.

Docker Hub missing version 10 / 10.0.1

Docker Hub (https://hub.docker.com/r/blacktop/ghidra) is missing a tag for the version 10 branch, and the "latest" tag is pointing to 9.2.4.

I think this is because it is based off the Dockerfile file, whereas the only one that is being updated by @blacktop seems to be Dockerfile.alpine.

For people who have deployed the image from Docker Hub using the "latest" tag, they are not getting updated to the latest stable version when running docker pull, as it is stuck on 9.2.4.

Please let me know if I've misunderstood something.

cannot stat 'ghidra_9.1.2': no such file or directory

In the Dockerfile, the zip that is pulled has been renamed to ghidra_9.1.2_PUBLIC. The Dockerfile needs to be changed to reflect this.

Error : Uncaught Exception

Tried to run this Dockerfile with the current version (9.0.4),
BTW I'm using Linux.
Log:

OpenJDK Runtime Environment 18.9 (build 11.0.3+7)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.3+7, mixed mode)
Error: Uncaught Exception!
UnsatisfiedLinkError - /usr/local/openjdk-11/lib/libawt_xawt.so: libXext.so.6: cannot open shared object file: No such file or directory
java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libawt_xawt.so: libXext.so.6: cannot open shared object file: No such file or directory
        at java.base/java.lang.ClassLoader$NativeLibrary.load0(Native Method)
        at java.base/java.lang.ClassLoader$NativeLibrary.load(ClassLoader.java:2430)
        at java.base/java.lang.ClassLoader$NativeLibrary.loadLibrary(ClassLoader.java:2487)
        at java.base/java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2684)
        at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2617)
        at java.base/java.lang.Runtime.load0(Runtime.java:767)
        at java.base/java.lang.System.load(System.java:1831)
        at java.base/java.lang.ClassLoader$NativeLibrary.load0(Native Method)
        at java.base/java.lang.ClassLoader$NativeLibrary.load(ClassLoader.java:2430)
        at java.base/java.lang.ClassLoader$NativeLibrary.loadLibrary(ClassLoader.java:2487)
        at java.base/java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2684)
        at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2638)
        at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:829)
        at java.base/java.lang.System.loadLibrary(System.java:1867)
        at java.desktop/java.awt.Toolkit$3.run(Toolkit.java:1395)
        at java.desktop/java.awt.Toolkit$3.run(Toolkit.java:1393)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.desktop/java.awt.Toolkit.loadLibraries(Toolkit.java:1392)
        at java.desktop/java.awt.Toolkit.<clinit>(Toolkit.java:1425)
        at java.desktop/java.awt.Component.<clinit>(Component.java:621)
        at ghidra.StatusReportingTaskMonitor.setMessage(GhidraRun.java:256)
        at ghidra.framework.Application.initializeLogging(Application.java:144)
        at ghidra.framework.Application.initialize(Application.java:94)
        at ghidra.framework.Application.initializeApplication(Application.java:114)
        at ghidra.GhidraRun.lambda$launch$1(GhidraRun.java:78)
        at java.base/java.lang.Thread.run(Thread.java:834)

11.0.1 release

https://github.com/NationalSecurityAgency/ghidra/releases

No version tagged in docker hub

Hi, thanks for the Docker image - super useful :D

There is only a :latest tag in Docker Hub, is it possible to include 9.0 or similar tag?

Thanks!

10.3 release

@blacktop: please can you create an image for the 10.3 release: https://github.com/NationalSecurityAgency/ghidra/releases

Thanks 🙂

Document how to host without public DNS

This container defaults to 0.0.0.0 for the server, which is great and works well as a default. Unfortunately, having this set causes Ghidra to try and use OpenDNS to figure out what your real public IP is. If you're hosting the service on an intranet with a local DNS resolver, this'll fail miserably because OpenDNS has absolutely no idea how to resolve the hostname.

The issue is trivially fixable by passing the currently-undocumented option -e GHIDRA_IP=your.host.name into the container to override the default of 0.0.0.0, but only if you spend the 45+ minutes I did spelunking around in Wireshark and source code to figure out why it wasn't working.

Thanks for making the container, though!

10.4 Docker image not updated?

Hi @blacktop, thanks for updating to 10.4, but it looks like the CI failed to build or push the new image?

https://github.com/blacktop/docker-ghidra/actions/runs/6353755149/job/17259000781

Docker Errors

docker: Error response from daemon: Mounts denied:
The paths /path/to/projects and /path/to/samples
are not shared from OS X and are not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.
See https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more info.

These may need to go to actual paths and be shared in your instructions but about to head to a meetup and getting this error for client

Also getting this error for Server:
"docker run" requires at least 1 argument.
See 'docker run --help'.

Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Run a command in a new container
zsh: command not found: -v