Announcement

**uid313** · 04 June 2019, 10:42 AM

Ghidra does not have support for the RISC-V architecture. 😢

**FireBurn** · 04 June 2019, 10:45 AM

I thought only clean room reverse engineering was allowed in open source projects

**coder111** · 04 June 2019, 11:03 AM

Originally posted by FireBurn View Post

I thought only clean room reverse engineering was allowed in open source projects

Um, that's how you do clean room. You have one team contaminating themselves with "rogue IP" reverse engineering and writing specs. You have another clean team reading specs and writing new or compatible implementation.

**Adarion** · 04 June 2019, 11:33 AM

That sounds like a great opportunity, but I wonder if that will ever help against signed FW, since without a proper privkey you will hardly be able to sign your new and improved FW.

**Guest** · 04 June 2019, 12:03 PM

Originally posted by uid313 View Post

Ghidra does not have support for the RISC-V architecture. 😢

Hardly a problem considering RISC-V won't have much software available now, especially the kind you don't have source for.

**stormcrow** · 04 June 2019, 12:18 PM

Originally posted by Adarion View Post

That sounds like a great opportunity, but I wonder if that will ever help against signed FW, since without a proper privkey you will hardly be able to sign your new and improved FW.

While I can understand and sympathize with those concerns, the reality in practice has been that firmware signing has been mostly security theater as the OEMs that do use signed loaders seem to almost always screw it up in some rather spectacular fashion. This leads to ways to load custom firmware even on machines where signed firmware loading is enforced. See the recent Cisco enterprise hardware security blunder which can't be fixed with software patches for a rather spectacular example.

If we ever reach the point where those exploits become rare people are going to have to consciously choose between signed & locked down firmware and more open non-signed loaders. By themselves there's often pros and cons to either which may or may not be obvious to even knowledgeable purchasers, especially since that's rarely a feature point on marketing materials.

**Snoop05** · 04 June 2019, 02:26 PM

Originally posted by Adarion View Post

That sounds like a great opportunity, but I wonder if that will ever help against signed FW, since without a proper privkey you will hardly be able to sign your new and improved FW.

https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-11098

Vulmon is a vulnerability and exploit search engine with vulnerability intelligence features.

**uid313** · 04 June 2019, 03:37 PM

Originally posted by DoMiNeLa10 View Post

Hardly a problem considering RISC-V won't have much software available now, especially the kind you don't have source for.

Ghidra have support for many other architectures architectures that doesn't have much software.
But RISC-V is used on hardware too, like in Nvidia GeForce cards and in storage devices from Western Digital. So RISC-V support would be useful for firmware reverse engineering.

**pgeorgi** · 05 June 2019, 01:47 AM

Originally posted by uid313 View Post

But RISC-V is used on hardware too, like in Nvidia GeForce cards and in storage devices from Western Digital. So RISC-V support would be useful for firmware reverse engineering.

I fully expect RISC-V support in Ghidra to come around eventually. As for the project at hands, this effort is mentored by coreboot folks and so Alex will naturally work on stuff that benefits the coreboot ecosystem. The ability to learn more about PC firmware's inner working simply has a higher priority there.

Announcement

Coreboot Project Is Leveraging NSA Software To Help With Firmware Reverse Engineering

Coreboot Project Is Leveraging NSA Software To Help With Firmware Reverse Engineering

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment