I was recently tasked with reverse engineering (RE) some mobile apps. The actual task was to “learn” to RE – I don’t actually know how to do it, so it’s a good thing it’s more of a learning experience than an actual security job.

And the task wasn’t really to RE apps. It was “do a security check on these mobile apps.” I’ve never done that and didn’t even know where to start. RE? Disassemble? Decompile? Which one? Or is it something else?

And what after that? After I pick a method of viewing the mobile app, which program do I use? Online or Offline? dotPeek? Visual Studio? Android Studio? Hopper? Or others?

And which one works for the mobile app? APK or iOS, Windows or Linux, Paid or Free, online vs. local, add-in or standalone?

So many questions. So, naturally, I chose Ghidra!

What is Ghidra?

Why would I even want to learn about Ghidra? And how do you pronounce it? I thought it was pronounced “HIGH-druh” like the multi-headed monster in Greek mythology. I thought of this pronunciation because of the icon of the dragon/serpent, though it doesn’t have multiple heads. But it’s pronounced “Gee-druh.” Oh, well. It still seemed to be a great tool which, at the time, I didn’t know how to use with any proficiency. But it was so prevalent that I HAD to give it a try.

On a related tangent, here’s a short Twitter thread that talks a little about what might be the reasoning and meaning behind the logo: