Master the fundamental concepts of reverse engineering through this focused micro-challenge.
Ghidra is a free, open-source reverse engineering suite from the NSA. It provides disassembly, decompilation to C-like pseudocode, scripting, and cross-reference analysis that rivals commercial tools like IDA Pro.
_start through __libc_start_main to find mainThe decompiler reconstructs control flow (if/else, loops, switch) even when original variable names are lost. For example, a factorial function shows a loop with multiplication regardless of whether the source called the variable i or n.
Limitations include heavily optimized code losing structure and obfuscated code confusing the analysis.
You will document the Ghidra workflow for loading a binary and reading decompiler output. This exercise asks you to explain how to find the entry point and compare decompiled pseudocode with the original algorithm.
Rename variables as you understand them: right-click and choose Rename Variable. Set correct types on function parameters to fix pointer arithmetic display. Add comments at confusing branches. Export decompiled C with File > Export Program for reporting. Heavily optimized code may inline functions and unroll loops, making the decompiler output harder to read than the original source.
Write a C program with a simple algorithm and document what Ghidra's decompiler output would look like conceptually.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github