How_to_use_vxhunter_firmware_tools_in_ghidra.md

How to use VxHunter firmware tools in ghidra

VxHunter Ghidra script can analyze Vxworks image load address and symbols automatically.

step 1: Load VxWorks image to Ghidra

You can found some example VxWorks firmware at here, in this document we chose image_vx5_ppc_big_endian.bin.

Load VxWorks image to Ghidra with correct processor type with default load address zero.

Don't analyze image this time, since we don't known the correct load address.

step 2: Running VxHunter firmware init script

Run VxHunter vxhunter_firmware_init.py in script manager, this script will rebase image to correct load address and fix the function name.

step 3: Analyze hard coded accounts, compiled in services using vxhunter_analysis script

All done, you can start analyze the firmware, have fun.