May 1, 2026

Reverse engineering Spectragryph

Nothing evil is going on here. Spectragryph is orphaned and abandoned software. I requires a license server which no longer exists. The author died and the hiers have no interest in maintaining it.

The program runs only on Windows. I have a directory containing the install files on my linux machine. The file of current interest is: 

-rw-r--r-- 1 tom tom 29039104 Jul 14  2022 SpectraGryph.exe
That's right, a 29M executable. Either a lot of code or some big binary objects embedded in it. I see this when I run the "file" command. 
SpectraGryph.exe:  PE32 executable for MS Windows 5.00 (GUI), Intel i386, 11 sections
My expert consultant Dave tells me it was written in Delphi, which is some kind of mongrel Pascal dialect (or object pascal if that matters). We are unlikely to ever see the source code, but this is worth knowing.

Binary Ninja

I played with Ghidra (see below), but the "easy" install on Fedora using snap makes it a big pain in the ass. And I'm not sure that Ghidra offers more than binary ninja, which I already have on my machine.

Running Bninja on spectrogryph.exe takes a long time (on the order of an hour) to do the analysis. This is because SG is so big (the executable is 29M for crying out loud). But when the smoke clears, I can select string display, enter "Thunder" in the string search bar and get interesting results in the cross reference subwindow. A nice program and a lot more attractive than Ghidra.

There is also something x63dbg that I have never tried, it is more basic. There is also cutter and IDA to consider. Cutter is free and open source. IDA may have a free offering, but otherwise (like binary ninja) is quite expensive.

For scripting, Ghidra (being written in Java) supports jython, which is a java python mongrel thing. Perhaps better than nothing. A protocol rather than a welded in language would be my idea, but nobody asked me.

Ghidra

I was curious what Ghidra might do with this. I have little to no experience with Ghidra, but it is worth a try. To install Ghidra on my Fedora system: 
su
dnf copr enable dl3yc/ghidra
dnf install ghidra
This fails with "no match for ghidra". It is curious that I could add the copr repository.
I try another method: 
su
dnf install snapd
service snapd start
snap install ghidra
ln -s /var/lib/snapd/snap /snap
It tells me: ghidra 12.0 from David Lane (dclane) installed. I need to log out and in again to make snap happy. I do see /var/lib/snapd/snap/ghidra as a directory. I not only log out and in, I install updates and reboot to a new kernel.

Now I get the error: 

which ghidra
/var/lib/snapd/snap/bin/ghidra
ghidra
cannot create user data directory: /home/tom/snap/ghidra/35: Not a directory
This makes no sense. All the directories in this path exist. A search on this tells me that snap has fussy security requirements. In particular /home/tom cannot be a link (as it is on my system).

I create a special user "ghidra" that does not use a link to get to the home directory. It gets farther, but gives me: 

JDK 21+ (64-bit) could not be found and must be manually chosen!
******************************************************************
Enter path to JDK home directory (ENTER for dialog):
I hate Java. Not quite as much as Windows, but almost. The answer may be the following. I see that version 25 is available, but I will give it 21 in case the newest version breaks things. 
dnf install java-21-openjdk-devel
Ghidra now works! I log out and back in again as the ghidra user and it fires up. Now to learn how to use it.
Feedback? Questions? Drop me a line!

Tom's Mineralogy Info / tom@mmto.org