Ghidra versus IDA and many other competitors
Even if you have already mastered a powerful reverse engineering framework, such as IDA, Binary Ninja, or Radare2, there are good reasons to start learning Ghidra.
No single reverse engineering framework is the ultimate one. Each reverse engineering framework has its own strengths and weaknesses. Some of them are even incomparable to each other because they were conceived with different philosophies (for instance, GUI-based frameworks versus command line-based frameworks).
On the other hand, you will see how those products are competing with and learning from each other all the time. For instance, IDA Pro 7.3 incorporated the undo feature, which was previously made available by its competitor, Ghidra.
In the following screenshot, you can see the epic and full-of-humor @GHIDRA_RE official Twitter account's response to IDA Pro's undo feature:
Figure 1.1 – IDA Pro 7.3 added an undo feature to compete with Ghidra
Differences between frameworks are susceptible to change due to the competition, but we can mention some current strengths of Ghidra:
- It is open source and free (including its decompiler).
- It supports a lot of architectures (which maybe the framework you are using does not support yet).
- It can load multiple binaries at the same time in a project. This feature allows you to easily apply operations over many related binaries (for example, an executable binary and its libraries).
- It allows collaborative reverse engineering by design.
- It supports big firmware images (1 GB+) without problems.
- It has awesome documentation that includes examples and courses.
- It allows version tracking of binaries, allowing you to match functions and data and their markup between different versions of the binary.
In conclusion, it is recommended to learn as many frameworks as possible to know and take advantage of each one. In this sense, Ghidra is a powerful framework that you must know.
