Setting up Ghidra

Introduction

Ghidra is a reverse-engineering tool that can be used to translate the assembly code within the exefs into more readable pseudocode. This can be very useful to find and document the instructions and their offsets within the executable that we can hook into later.

Note

The Breath of the Wild Decompilation Project recommends the use of IDA Pro over Ghidra due to the more advanced features and the ability to use the decomp projects IDB. However, due to the very steep price tag of IDA Pro I do not use it and do not condone acquiring the software through illicit methods.

Installation

To begin you will want to download the latest version of Ghidra as well as the Switch Loader.

Decompiling

You can now import the previously acquired main.nso and run Ghidra’s auto-analysis (this will take a while).

Tools

Repository

This section relies on my botw-sym-helper scripts. I recommend checking on the repository to make sure nothing has changed.

Click to view the repository on GitHub.

I would suggest using my botw-sym-helper python scripts as they make exporting symbols from Ghidra easier while also providing some useful ways to format them. Since a large portion of the Switch RE community uses IDA we do not have all the handy tools for working with the symbols.

Using the sym scripts

Caution

This section is under construction. There may be missing information.

Setup

After analyzing the executable in Ghidra, navigate to the Script Manager and import then run the ghidramapexport.py to export the projects symbols out to a .map file. This is useful for reading and interacting with these symbols in an exlaunch project later down the road.

Other Scripts

The other scripts within the repository are useful for formatting the list of symbols exported by the previous script. These scripts can help filter out stubs and apply the proper offsets.