Ghidra is a good, free software reverse engineering tool from the NSA. Although it's primarily written in Java, the performant components—notably the decompiler—are native binaries. Unfortunately for Mac uses, the NSA doesn't ship ARM64 versions of these binaries, and despite being one of the first users of public-key cryptography, they don't codesign their binaries either. This leads to inefficient performance, as the x86 binaries are translated with Rosetta, and Gatekeeper errors when the decompiler is called. Fortunately, it is simple to rebuild these native binaries for Apple Silicon.
Step 1: Install a JDK
First, you will need to install a Java Development Kit, if you haven't already. I use Eclipse Temurin (née AdoptOpenJDK), which appears to be the frontrunner amongst the current crop of OpenJDK derivates. Any others such as Amazon Corretto or Azul Zulu should work fine. Be sure to install the AArch64 build, not the x64 build.
Step 2: Install Ghidra
If you use Homebrew, the easiest way to install Ghidra is to run
brew install --cask ghidra. This will install Ghidra to
/opt/homebrew/Caskroom/ghidra and add the ghidraRun script to PATH.
Otherwise, download the latest release of Ghidra, extract it somewhere, and add that location to PATH.
Step 3: Rebuild Native Binaries for ARM64
To build the native binaries, you will need Gradle installed. Again, the easiest way to install Gradle is with Homebrew, by running the
brew install gradle command.
You will also need the Xcode Command Line Tools installed. If you use Homebrew, these are already installed. Otherwise, try running
clang in a terminal, and macOS will prompt you to install the command line tools.
Then, navigate to the
support folder in your Ghidra installation directory, and run the
# Substitute your Ghidra version into the path below cd /opt/homebrew/Caskroom/ghidra/xx.x.x-xxxxxxxx/ghidra_xx.x.x_PUBLIC/support ./buildNatives
That's it! You should now have a performant installation of Ghidra, Gatekeeper warning free.