Getting Ghidra to run on MacOS Catalina

What are the options

Ghidra is an awesome tool, and I'm just scratching the surface myself. As a named IDA license holder I have a perfectly capable tool under my belt, but that doesn't mean cheaper or free don't appeal to me.

Getting the tool up and running on a modern system isn't trivial, however, as the zip releases on Ghidra's homepage are not signed by a developer certificate, which mean we'll need to either 1) build and codesign the releases ourselves, or 2) open and bypass the security warning (has security implications, which we'll ignore - don't do this on a machine with important stuff on it.)

Building and signing Ghidra is out of scope for this blog post, but worth exploring. We're going to focus on bypassing MacOS's security warnings, which is a temporary fix and will re-prompt at some regularity.

How to bypass MacOS Gatekeeper

Simply download the latest Ghidra release, extract it, and run the following binaries one by one, accepting the Gatekeeper prompt each time when prompted:

./Ghidra/Features/Decompiler/os/osx64/decompile

./GPL/DemanglerGnu/os/osx64/demangler_gnu_v2_33_1

./ghidraRun

Once that's done you should be able to use the autoanalyzer without issue! Repeat this for other binaries that might get added over time, older instructions I found on the internet were incomplete due to this issue.