There's a new Ghidra release last week! Lots of improvements to the debugger, which is awesome. But this brings up some thoughts that have been triggering my vulnerability-and-exploitation-specific OCD for some time now.
Behind every good RE tool is a crappy crappy database. Implicitly we, as a community, understand there is no good reason that every reverse engineering project needs to implement a key-value store, or a
B-Tree, or partner with a colony of bees which maintain tool state by various wiggly dances. But yet each and every tool has a developer with decades of reverse engineering experience on rare embedded platforms either building custom indexes in a pale imitation of a real DB structure or engaging in insect-based diplomacy efforts.
I think the Ghidra team (and Binja/IDA teams!) are geniuses, but they are probably NOT geniuses at building database engines. And reading through the
issues with ANY reverse engineering product you find that performance even for the base feature-set is a difficult ask.
My plea is this: We need to port Ghidra to Neo4j as soon as possible. Having a real Graph DB store underneath Ghidra solves the scalability issues. I understand the difficulty here is: There are few engineers who understand both Neo4j and reverse engineering to the point where this can be done. I mean, why do it in Neo4j and not PostGres? An argument can be made for both, in the sense that PostGres is truly Free and the most solid DB on the market. The pluses for Neo4j are that RE data is typically graph-based more than linear.
I spent the last two years learning graph dbs, out of some masochistic desire and ended up getting certified - and I can still RE a little bit. I will manage the team porting Ghidra to Neo4j if someone funds it. :)
Either way, sooner is better than later. There are so many companies and people relying on these tools that it seems silly to do anything else.
-dave
P.S. Yes, I remember BinNavi used MsSQL installs for its data, and this was annoying to install but ... I get why Halvar did it at the time. It's because he had real work to do and building a DB was not it. I can only assume Reven doesn't use their own DB? I mean the benefits for interoperability would be huge between tools. . . like literally everything you want to do with these tools is better with a real DB underneath.
_______________________________________________