Ghidra is a good, free software reverse engineering tool from the NSA. It’s primarily written in Java, although its compute-intensive components (most notably the decompiler) are native binaries.
Unfortunately for M1/M2 Mac users, Ghidra is not distributed with ARM builds of these binaries, and the builds that are distributed are not codesigned. In practice, this results in slow, battery-draining decompiles and a slew of Gatekeeper errors regarding unsigned code.
Thankfully, it’s straightforward to get around these issues by rebuilding Ghidra’s native binaries for Apple Silicon.
Step 1: Install a JDK
First of all, you will need to install a Java Development Kit. Eclipse Temurin (née AdoptOpenJDK) appears to be the frontrunner amongst the current crop of OpenJDK derivates.
Any others such as Amazon Corretto or Azul Zulu should also work fine. Just be sure to install the AArch64 build of your preferred JDK, not the x64 build.
Step 2: Install Ghidra
Homebrew is the easiest way to install Ghidra—just run
brew install --cask ghidra.
Otherwise, download the latest release of Ghidra, extract it somewhere, and add that location to your
Step 3: Rebuild Native Binaries for ARM64
Ghidra uses the Gradle build system. Install it with the
brew install gradle command or by following the installation instructions on its website.
You will also need the Xcode Command Line Tools installed. (These are already installed if you have Homebrew.) Run the
clang command in Terminal, and macOS will prompt you to install the command line tools.
Then, navigate to the
support folder in your Ghidra installation directory, and run the
# Substitute your Ghidra version into the path below cd /opt/homebrew/Caskroom/ghidra/xx.x.x-xxxxxxxx/ghidra_xx.x.x_PUBLIC/support ./buildNatives
🎉 Too easy. You’ve now got a much faster installation of Ghidra, codesign warning-free.