Decompilation of Linux executable AARCH64 binary - GHIDRA or IDA-PRO / HexRays?

Reverse engineering of an unknown binary for a rare or non-standard platform could be quite a challenge. First we must guess and decide what kind of data/code is inside the binary blob we have. Is it an application (a executable file which resides in a filesystem and executed by kernel/bios/hypervisor etc.) or it is standalone firmware (a flash chip dump, or content of internal flash of a MCU). Is that code visible (e.g. MCU instructions, string data, structures with obvious content like CRC tables, Sine tables, ASCII characters) … or it is encrypted/compressed somehow… and of course it could be both of these…

1 Like