Too little, too late. I'll keep using Ghidra, which is free, open source, and doesn't crash every time I look at it wrong, thank you very much.
Ghidra is absolutely amazing - I've been using it since release and it's been a huge breath of fresh air compared to the hot mess IDA is. Ghidra has great APIs, which are really well documented. It has a very powerful decompiler. It comes with a built-in, programable emulator for every platform! It has a built-in way to do collaborative reverse engineering! And it's super easy to modify the Sleigh if there's something that needs tweaking to improve the decompiler output!
Not to mention, adding your own CPU is reasonably simple - all you have to do is write a "Sleigh" description of your architecture (basically map CPU instructions to PCode) and it gives you the disassembler, decompiler, and emulator for free.
>One processor family of choice from the most common processors: PC, ARM, M68K, MIPS, PPC
This is quite unbelievable for me. Granted, a home user could reasonably only use one of these and be fine. But in the face of Ghidra's processor support, this is laughable.
Exactly, I've used IDA for 15 years, and loved it. But since Ghidra was released, I didn't need to open IDA anymore. Ghidra simple killed IDA and I couldn't be happier about it.
I've only just heard of Ghidra so I was happy to see your comment. I had a quick question - what is the learning curve like for Ghidra?
I noticed earlier this week that there is a forthcoming book from NoStarch about Ghidra. There's a sample chapter available in case anyone is interested:
I think IDA's 'killer feature' over Ghidra is supposed to be the debugger. Not disagreeing, I am a Ghidra user myself, just that's the reason I usually see proffered in the Ghidra/IDA flamewar.
That's very true. Ghidra is going to get a debugger soon (there was some activity in the issue tracker about this recently), and already has some amount of dynamic analysis support through its emulator feature. But right now, IDA's debugger is pretty much best-in-class.
I mostly use Ida for exploit development, and have been struggling to find ways to connect the debugger to a proc spawned by pwntools. It’s much easier to use gdb-gef and pwntools directly. I don’t know how much of a killer feature the debugger is to others, but to me ghidra still seems easier to use.
Tl;dr - press Ctrl+Shift+G on the instruction you want to modify and it will outline the instruction in red, allowing you to modify it.
That being said, it doesn't work for all architectures, and Ghidra will pop up with a rating box when you press Ctrl+Shift+G, explaining the compatibility/support for your current processor (for example, amd64 binaries are considered a "GOLD" rating, meaning there's an extremely high chance of your modification working correctly)
Patching actually works for every architecture, since it's backed by sleigh (and disassembly wouldn't even work without that). AFAIK, The problem (and the reason behind the popup) is that on some architecture, the sleigh might give ambiguous assembly instructions, so the assembler might not select the right instruction if there are multiple possibilities.
But the biggest problem is, exporting a runable binary is not currently supported by Ghidra. Ghidra has a Binary Export function, but it's used as a sort of memory dump. It won't try to make a runnable program. This is by design, see issue #19[0]. It will probably work for RAW images, but that's it.
Exporting a runnable binary is a highly desirable feature, though I can't find any issue tracking it. There's an open PR, #1505[1], that might provide people what they need.
IIRC Ghidra is pretty amd64-centric. IDA on the other hand has dozens of less-known CPUs types, you need when dealing with embedded and not so common stuff.
What? No! Ghidra has support for many, many less-known CPU types. With extremely good support. I recently RE'd Intel 8051 firmware, with really good results. I'm aware of people using Ghidra to reverse firmwares of all kinds, from the PS2 Emotion Engine to Nvidia Falcon Security Processor.
The amazing thing about Ghidra is that all of its tools (disassembler, emulator, decompiler) work on P-Code, which is Ghidra's IR. All you have to do to get the tools to work is write a Sleigh file, which basically describes the registers, address spaces, and map the instructions to P-Code. This is dead easy to do, and with very little tweaking, gives really clean decompiler output. A friend of mine implemented Nvidia Falcon support to Ghidra in a week-end or two[0].
As far as built-in processor goes, Ghidra has X86 16/32/64, ARM/AARCH64, PowerPC 32/64/VLE, MIPS 16/32/64/micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, and variants of these processors. I dunno if IDA has more, but it's still far from AMD64 centric!
As an embedded reverse engineer, I recently made the jump to Ghidra and haven't had any issues yet. I've been reverse engineering Infineon Tricore firmware and it's been great, though I will admit their support for it only came out recently.
Hex Rays need to take a look at how JetBrains (IntelliJ) handled the same problem.
Initially, most students and home users I knew used a cracked copy because there was no way in hell any of the students I knew had a spare $500 to pay for an IDE.
JetBrains seemed to realize this so first, they made a "self purchase" option that was half the price (or less) and belonged solely to the developer that bought it, with the caveat that they had to use their own funds. It could be used commercially too - this was the option to take if your boss couldn't be convinced to buy you a commercial license and you still wanted to use it legally.
Next, they made their tools free for people working on open source projects.
Then they made a version that had almost all the features available for free (it may have originally been only for non-commercial use but it's fine to use commercially now).
Then they worked with Google to make their free tool the default for Android development, which added many more users.
Then they switched to a monthly licensing scheme that was about $12 a month for a single product (while retaining the ability to outright buy a copy if you wanted to).
Almost everything that IntelliJ does is possible with open source competitors, but I still pay for it because of the level of polish they apply to each feature and the intuitiveness of each feature.
I think that if a $12/month copy was available initially, the number of cracked copies being used would have gone down dramatically.
EDIT: Photoshop did something similar. NO ONE I knew that used it for home use had a real license because it was so damn expensive, but I know plenty of people paying $15/month or so for access.
Note, there is a free and open-source alternative for both the console world and GUI one - radare2[1] + Cutter[2] combo. Both are native and highly portable, no Java inside. And they support various decompilers, including Ghidra'one[3] and Retdec[4].
Another +1 for Cutter from me, it's absolutely brilliant.
$365 per year is still prohibitive for most hobbyist/home use. I was hoping it'd be $100 one-off, or $60 per major release + 2 years of updates, or something like that.
That should allow them to regain some popularity with hobbyists, whilst still making the bulk of their money from the BigCorps paying $$$ for a commercial license.
It's r2 debugger that supports native mode for all platforms, remote gdb/lldb, remote WinDbg, and a few more exotic options. Both Cutter and radare2 are developed with quite a pace, if you meet any bug - reach us and we'll try to fix it as soon as possible. This year we were accepted into Google Summer of Code 2020, and students will work on a few interesting projects [1].
I've been using IDA Pro for over 15 years, for hobbies and my job, and I am thoroughly unimpressed with this offering. I get that Ghidra is eating their lunch, but this is a poor attempt to claw back some marketshare. Unless your only job is doing Windows malware analysis, this just isn't going to cut it; no decompiler and single CPU family both kill it.
In any given month, it's likely I'll end up disassembling x86-64, AArch64, and MIPS at the very least; that would cost me nearly $1200/year to do that as a hobbyist using IDA Home, or $0/year with Ghidra. For me, there's huge value in the muscle memory I've built with IDA, and generally I get my job to pay for a license, but the odds of me still using it in 2025 are quickly dwindling to zero. They need to make a big, big change or they're going to lose all of us.
My problem with IDA Pro isn’t even the license cost. It’s the licensing unfairness. Costs get multiplied a bunch of times if you want to work across multiple host OSes or want both 32 bit and 64 bit decompilation for an architecture.
I’m sure they know this stuff drives away home users, hence IDA Home. Where they miss, is what home users do. Home users do everything. I’ve seen people using Ghidra with 8-bit processors.
I don’t imagine things will continue to work out well with this strategy if Ghidra gets support for debugging and continues to receive improvements for its decompiler. Ghidra is already immensely useful today.
I am wondering whether there is a management issue at Hex-Rays. The newly released company website features a page which appears to advertise against the product [1], because it entirely misses who their audience is.
The core point made regarding why IDA is a superior product despite license unfairness is vendor support. However, the authors seem to miss that the target audience of IDA are tinkerers, who would be fine with fixing their own tools as long as the issues are only on the surface.
Hex-Rays is not Oracle, who can afford to live from license unfairness because their product is embedded deeply into the livelihood of so many large companies. Hex-Rays provides just a tool, which I have already replaced by Cutter with Radare2 and Ghidra's decompiler in my workflow.
I would not use IDA Home even if it was free due to its limitations and lack of Hex-Rays' Decompiler.
I don’t think hex rays even really has managers. I think there is the lead developer/founder/owner (Ilfak), an office admin, and I’d guess approximately 2-3 developers. The owner personally replies to most support emails or technical questions.
Ghidra is getting debugger very, very soon in public release. Actually, the debugger is already developed & now being tested in-house. It will likely be released in 9.2.x. [1]
I really don't get Hex Rays and their licensing. I've seen it first-hand a lot of times: The kind of tinkerers and hackers that would use this in their spare time usually won't spend even a dollar on software, but the minute they are hired by a large corporation they get an IDA license along with their laptop.
They should release a free home version with mostly the same features (especially Hex-Rays, nobody uses IDA without it) and just prohibit commercial use in the terms of use. The kind of companies that already shell out tens of thousands every year for IDA licenses will happily oblige by the "no-commercial-use-with-the-home-edition" terms... If you want to curtail feature set then make a compelling set of features for enterprises (e.g. builtin collaboration, annotation sharing, fuzzy function search) and then make that exclusive to the commercial version, not the decompiler. Just my two cents...
It used to be the case, a decade or so ago, that you could get IDA Free for, well, free. This was essentially the previous [major] version of IDA Pro, with fewer processors enabled, but otherwise pretty feature-complete.
And then they changed their model so that IDA Free was a horribly gimped version that was useless: no save support, no scripting support (so you can't use it in other projects that use IDA for the disassembly parts), and it shuts itself off after a short amount of time.
It's actually faintly amusing. I suppose if you're going to try and protect reverse engineering software against cracks, you're going to have to throw in a lot of effort or you're just wasting your time.
Back in 2013 or 2014 I was in school for my CS degree and was getting interested in binary analysis.
This was pre-Ghidra's release obviously, so I looked around for disassembler and came across IDA. I couldn't find a student version, so I actually emailed them asking about it.
The answer I got was a prompt, but terse, "No, sorry.".
I always wondered, how do you expect to gain mind-share if you won't even throw an undergrad a trial license? Regardless, it looks like Ghidra is eating IDA's lunch and at $365/year this doesn't seem like an adequate response.
Seems to be a common story in this area. I remember asking the Hopper folks if they'd do even an academic discount and it was similarly a no. Their argument was that it was on par with some academic textbooks .. maybe in the USA, but I never bought a textbook throughout my 3 year CS degree! That's what the library and electronic resources were for.
I concede it was more accessibly priced than e.g. IDA but it's definitely a shame HexRays and others aren't as willing to allow non-commercial educational use. I think they'd benefit in the long run, you'd definitely have some folks using the products they're familiar with commercially after a few years.
Meanwhile for software development, you have companies like JetBrains and GitHub offering premium products completely free of price.
> Thank you for your interest in Hopper.
Yes, I usually offer a 20% discount to students. If you are still interested, please let me know, and I’ll prepare an invoice for you.
The adequate response is to open up their source code and let everyone else merge the good parts into Ghidra and Radare2. Doing anything else will doom them to irrelevance in the long run. Chances are home users are pirating it anyway.
Every specialized field should have gold standard open source software like this. Companies could avoid paying hundreds of thousands per year in license fees if only they pooled their resources and hired programmers to implement common technology everyone could use.
If this is a reaction to Ghidra, I'm really glad Hex-Rays is reacting positively to the competition! I'm not an IDA Pro customer, but I know people have been asking for something like this for years. I'm actually tempted to buy this.
But that said, I'm still pretty wary about IDA's sales process. There seems to be many negative stories, talking about what a frustrating & arbitrary experience it has been in the past. If even Tavis Ormandy is being treated poorly, that doesn't give me much confidence as a prospective Home user. Hopefully things will have improved substantially!
And then there's little things like Linux and Windows licenses being sold separately, so I have a choice between running IDA in Wine, or almost doubling the price I'm being quoted.
But still, I think this is a very promising move! And the price might seem high for hobbyist use now that there are very high quality free alternatives, but compared to the previous high four digits quotes it's practically a bargain =]
Hopefully the site redesign means they've given other parts of their sales process some love, too: in particular, their self-service tool and their policy of forbidding people from registering personal licenses to personal emails.
EDIT: Looks like I got a reply from ilfak himself, but it was 6 days later and I didn't see it. If anyone from hex-rays is listening, here's a subject line with some order numbers in it: "Hex-Rays Invoice 2016-2240 orderID: (my-last-name)_4732_20160515". My email is (HN-username)@gmail. I never did get that license working, I'd greatly appreciate a reset.
Since you gave more details, we could check it out and the outcome is: you gave us your professional email address and we sent your license to it. So, from our perspective, it looks like a successfully completed transaction. As you have confirmed, you even received the invoice. You never came back with any complaints, so my guess is that you received your license.
Now, 4 years later, you are saying that the license was not working. What was the problem and why did you never contact us?
I find Hopper Disassembler just as good and the price is certainly much more reasonable, especially when it's for occasional use - I get out a disassembler to figure out undocumented/weird behavior maybe 4-5 times a year. IDA just isn't the only game in town anymore..
Ghidra is better than IDA for almost every use case I've found. I was working on reversing a bunch of mipsel binaries; Ghidra's decompiler worked, IDA didn't. I also tried r2 with Cutter, which did a decent job and had by far the slickest UI. Just my two cents.
Ok, it's coming, but there's no harm in waiting until it gets here. This is an announcement of an announcement. Those are off-topic. A thread now just duplicates whatever discussion will happen later, only generically and with less information.
Note: I reverse in my spare time and have occasionally been called on to reverse at work. I find subscription based pricing for software like this completely disagreeable.
They also have a "perpetual fallback license," though which the product becomes yours after a year or so; thus, you're incentivized to stay on the subscription, but if you decide to get off the train then your software doesn't evaporate (:eyes: 1Password.com)
Though I don't see this recapturing the casual reverse engineering market that Ghidra ate for lunch unless they have very compelling IDA Home pricing for the decompilers as well (the “One processor family of choice from the most common processors: PC, ARM, M68K, MIPS, PPC” statement is kind of vague about that).
IDA's license was too expensive for someone who wants to tinker, which is probably most people who want to use it. I almost feel bad for hex-rays now though, it's gotta be tough to compete with an excellent, free, state-sponsored tool like Ghidra. I would have gladly paid a reasonably, hobbyist monthly license fee for IDA for what I was doing (video game reversing in my free time). If I were using it professionally I would have paid for a professional license. It doesn't seem like hex-rays trusts anyone though - unsurprising considering their domain.
$365 is still a lot for a hobbyist. Also I'm always entertained when Europeans put the dollar sign after the amount as opposed to before (I'm also European and it took me forever to notice this).
I do it intentionally, to annoy back the americans who write stuff like €30 ... and because it makes sense zo me to write the unit after the value, or at least have a standard way of doing it.
I hate to break it to you, but where currency symbols are placed is mostly a language convention and not so much dependent on the the currency itself. €30 is very much correct when speaking English. In fact, it is the style recommended in the European Commission's style guide [1].
That means there is a standard way of doing it, it just depends on your language. If you were speaking German you'd also write 30,00$ and not $30.00. All of that said, I agree that the inconsistency with all other units is weird and unnecessary, but languages just are that way sometimes.
Interesting, thanks for the guideline. I'm not sure what to think about it yet, since I'm also referring to consistency towards other units (nobody writes "cm 20").
I've only recently gotten into reverse engineering as a hobby recently and have so far just used Ida Free and Ghidra to stuff. From what I've read it seems a lot of people are disappointed on the lack of the decompiler being included with this. How good is Ida's decompiler? I've tried using the Ghidra decompiler, and tbh I'd rather just stick with raw assembly than what normally gets generated from that.
Ghidra and IDA's decompiler are fairly similar in my experience. There are some specific situations when one is better than the other, but overall both do a really good job at recovering the control flow. One thing IDA has that I miss from Ghidra is a way to split/merge variables from the UI. In IDA, I can tell the decompiler that two variables are actually the same, and it will merge them.
I used Ghidra (an IDA competitor) to Reverse Engineer the Switch kernel in order to write homebrew. I also used it to reverse engineer the Steam Controller firmware as part of an ongoing work to better understand its proprietary protocol to write drivers for it, and maybe replace its firmware since it's now EOL'd.
Crackers are using those tools for sure, but there are many legit use-cases, like security research and malware analysis. Heck, I also use IDA as a debugger for my own programs sometimes, as they tend to give a lot more information with very little configuration compared to GDB/LLDB.
I used it to "crack" the calibration menu of a 20 year old spectrum analyzer made by a defunct company, allowing me to resuscitate the instrument, saving myself about $2000 in equipment costs and a bunch of environmental waste.
And then I did it a couple more times for other people.
I've had to disassemble client applications several times to investigate issues with server compatibility when generic error codes and crashes don't give me any hints. Network debuggers don't help when the issue is caused by incorrect client processing and you only wrote the server.
In all of those cases modifying the disassembled executables is not an option (both legal and must work with original installs), but was invaluable in creating workarounds on the server side. It would be simpler to submit patches to the original vendors but enterprise companies generally ignore them or put them on the back-burner for some unspecified future release.
Ghidra is absolutely amazing - I've been using it since release and it's been a huge breath of fresh air compared to the hot mess IDA is. Ghidra has great APIs, which are really well documented. It has a very powerful decompiler. It comes with a built-in, programable emulator for every platform! It has a built-in way to do collaborative reverse engineering! And it's super easy to modify the Sleigh if there's something that needs tweaking to improve the decompiler output!
Not to mention, adding your own CPU is reasonably simple - all you have to do is write a "Sleigh" description of your architecture (basically map CPU instructions to PCode) and it gives you the disassembler, decompiler, and emulator for free.