Add basic Ghidra-Bridge backed iPython kernel

This kernel uses the ghidra-bridge to talk to Ghidra.

Author: TorgoTorgo

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 TorgoTorgo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,59 @@
+# Ghidra Notebook
+
+Ghidra Notebook is a [Jupyter](https://jupyter.org)
+[kernel](https://jupyter.readthedocs.io/en/latest/projects/kernels.html)
+that combines the flexibility of Ghidra's API with the Jupyter notebook
+system to create reproducable, scriptable notes.
+
+This allows you to create notes that can also be run
+to show both your thinking and your work.
+
+# Installation
+
+This project depends on the (excellent) ghidra-bridge
+project. You'll need to
+[install Ghidra Bridge](https://github.com/justfoxing/ghidra_bridge#install-the-ghidra-bridge-package-and-server-scripts) before you can use ghidra-notebook.
+
+```bash
+# Install the package
+pip3 install --user .
+# Install the iPython kernel
+python3 -m ghidra-notebook.install
+```
+
+You can use any Jupyter notebook client you like!
+See [install Jupyter](https://jupyter.org/install.html)
+for setting these up.
+
+# Usage
+
+[Start the ghidra-bridge server](https://github.com/justfoxing/ghidra_bridge#start-server).
+When you start the Ghidra kernel in Jupyter it will connect to ghidra-bridge and you'll have
+access to the Ghidra API in whatever context the bridge was started in.
+
+Once ghidra-bridge is started, you can launch a Jupyter Lab and select "Ghidra" to start the
+kernel, and connect to ghidra-bridge.
+
+To run Jupyter lab:
+
+```bash
+pip install jupyterlab
+jupyter-lab
+```
+
+Or launch directly in the terminal
+```bash
+jupyter console --kernel ghidra
+```
+
+Once you're in the Jupyter shell, try something like:
+
+```python3
+print(currentProgram)
+print(currentAddress)
+```
+
+You'll have access to the
+[FlatAPI](https://ghidra.re/ghidra_docs/api/ghidra/program/flatapi/FlatProgramAPI.html)
+along with the rest of the Ghidra API, just as you would in the normal Ghidra python terminal,
+except thanks to Ghidra Bridge you'll have Python3.

ghidra-notebook/__init__.py

@@ -0,0 +1,3 @@
+from ipykernel.kernelapp import IPKernelApp
+from .ghidra_kernel import GhidraKernel
+IPKernelApp.launch_instance(kernel_class=GhidraKernel)

ghidra-notebook/__main__.py

@@ -0,0 +1,95 @@
+#!/usr/bin/env python3
+from ghidra_bridge import GhidraBridge
+from ipykernel.kernelbase import Kernel
+import logging
+import traceback
+from io import StringIO
+from contextlib import redirect_stdout
+
+class GhidraKernel(Kernel):
+    implementation = 'ghidra_kernel'
+    implementation_version = '1.0.0'
+    language_info = {
+        'name': 'Ghidra Python',
+        'mimetype': 'text/x-python3',
+        'file_extension': '.py',
+        'pygments_lexer': 'python3',
+        'codemirror_mode': 'Python',
+    }
+    help_links = [
+        {'text': "Ghidra", 'url': "https://ghidra-sre.org"},
+        {'text': "Ghidra Bridge", "url": "https://github.com/justfoxing/ghidra_bridge"},
+        {"text": "Ghidra API", "url": "https://ghidra.re/ghidra_docs/api/ghidra/program/flatapi/FlatProgramAPI.html"}
+    ]
+
+    _bridge: GhidraBridge = None
+    @property
+    def bridge(self):
+        if self._bridge is None:
+            # Reset any state
+            self._globals = {}
+            self._locals = {}
+            print("Connecting to the bridge")
+            self._bridge = GhidraBridge(namespace=self._globals,
+                interactive_mode=True,
+                hook_import=True)
+            return self._bridge
+        else:
+            return self._bridge
+    _banner: str = None
+    @property
+    def banner(self):
+        if self._banner is None:
+            self._banner = "Ghidra Python3 Kernel"
+            return self._banner
+        else:
+            return self._banner
+    _globals: dict = {}
+    _locals: dict = {}
+
+
+    def __init__(self, **kwargs):
+        print("Starting GhidraKernel...")
+        Kernel.__init__(self, **kwargs)
+        _  = self.bridge
+
+    def do_execute(self, code, silent, store_history=True, user_expressions=None, allow_stdin=False):
+        _ = self.bridge
+        out_buff = StringIO()
+        try: 
+            with redirect_stdout(out_buff):
+                exec(code, self._globals, self._locals)
+            result = out_buff.getvalue()
+            content = {
+                'name': 'stdout',
+                'text': str(result)
+            }
+        except Exception as e:
+            result = traceback.format_exc()
+            content = {'name': 'stderr', 'text': str(result)}
+        self.send_response(self.iopub_socket, 'stream', content)
+
+        return {
+            'status': 'ok',
+            'execution_count': self.execution_count,
+            'payload': [],
+            'user_expressions': {}
+        }
+
+    def do_shutdown(self, restart):
+        # We probably don't want to _actually_
+        # shut down the server within Ghidra
+        # self.bridge.remote_shutdown()
+        self._bridge = None
+        self._locals = {}
+        self._globals = {}
+        
+        if restart:
+            _ = self.bridge
+        return {
+            'status': 'ok',
+            'restart': restart
+        }
+if __name__ == '__main__':
+    from ipykernel.kernelapp import IPKernelApp
+    IPKernelApp.launch_instance(kernel_class=GhidraKernel)

ghidra-notebook/ghidra_kernel.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+import argparse
+import sys
+import os
+import json
+from tempfile import TemporaryDirectory
+from jupyter_client.kernelspec import KernelSpecManager
+
+kernel_json = {"argv": [sys.executable, "-m", "ghidra-notebook", "-f", "{connection_file}"],
+ "display_name": "Ghidra",
+ "language": "python3",
+ "codemirror_mode": "python3",
+ "env": {}
+}
+
+
+def install_my_kernel_spec(user=True, prefix=None):
+    with TemporaryDirectory() as td:
+        os.chmod(td, 0o755)  # Starts off as 700, not user readable
+        with open(os.path.join(td, 'kernel.json'), 'w') as f:
+            json.dump(kernel_json, f, sort_keys=True)
+        # TODO: Copy resources once they're specified
+
+        print('Installing IPython kernel spec')
+        KernelSpecManager().install_kernel_spec(td, 'ghidra', user=user, prefix=prefix)
+
+def _is_root():
+    try:
+        return os.geteuid() == 0
+    except AttributeError:
+        return False # assume not an admin on non-Unix platform    s
+
+def main(argv=None):
+    parser = argparse.ArgumentParser(
+            description='Install KernelSpec for Bash Kernel'
+    )
+    prefix_locations = parser.add_mutually_exclusive_group()
+
+    prefix_locations.add_argument(
+            '--user',
+        help='Install KernelSpec in user homedirectory',
+        action='store_true'
+    )
+    prefix_locations.add_argument(
+            '--sys-prefix',
+        help='Install KernelSpec in sys.prefix. Useful in conda / virtualenv',
+        action='store_true',
+        dest='sys_prefix'
+    )
+    prefix_locations.add_argument(
+            '--prefix',
+        help='Install KernelSpec in this prefix',
+        default=None
+    )
+
+    args = parser.parse_args(argv)
+
+    user = False
+    prefix = None
+    if args.sys_prefix:
+        prefix = sys.prefix
+    elif args.prefix:
+        prefix = args.prefix
+    elif args.user or not _is_root():
+        user = True
+
+    install_my_kernel_spec(user=user, prefix=prefix)
+
+if __name__ == '__main__':
+    main()

ghidra-notebook/install.py

@@ -0,0 +1,5 @@
+ghidra_bridge
+IPython
+ipykernel
+jupyter_client
+jupyter

requirements.txt

@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+try:
+    from setuptools import setup, find_packages
+except ImportError:
+    from distutils.core import setup, find_packages
+
+def main():
+    setup(
+        name='ghidra-notebook',
+        version='1.0.0',
+        description='Jupyter kernel for Ghidra\'s Python Interpreter',
+        author='torgo',
+        author_email='[email protected]',
+        license='MIT',
+        install_requires=[
+            'IPython',
+            'ipykernel',
+            'jupyter_client',
+            'ghidra-bridge',
+            'jupyter',
+        ],
+        packages=find_packages()
+    )
+
+if __name__ == '__main__':
+    main()