AskJoe original project is https://github.com/securityjoes/AskJOE This repository contains an installation file, detailed installation steps and slightly change in the source code.
AskJoe is a tool that utilizes OpenAI to assist researchers wanting to use Ghidra as their malware analysis tool. It was based on the Gepetto idea. With its capabilities, OpenAI highly simplifies the practice of reverse engineering, allowing researchers to better detect and mitigate threats.
The tool is free to use, under the limitations of Github.
Author: https://twitter.com/moval0x1 | Threat Researcher, Security Joes
Contributor: https://github.com/AzizKpln | Threat Researcher, Malware Analyst, CTI Analyst, ThreatMon
- Ghidrathon added and removed pyhidra
- Refactored Code
- AI Triage added
- Better Name added
- Search for crypto constants added
- Mandiant CAPA added
- Search XORs
- Ask User Prompt (To OpenAI)
- askChoices added
- Explain selection added
- Config file added
- Execute all added
- Stack String added
- Rename function added
- Changed color from function renamed added
- Changed max_tokens
- Code refactored
- Explain function added
- Simplify code added
- Set OpenAI answer to comment added
- Monitor messages added
OpenAI has a hard limit of 4096 tokens for each API call, so if your text is longer than that, you'll need to split it up. However, OpenAI currently does not support stateful conversations over multiple API calls, which means it does not remember the previous API call.
For now, this project can only be used in Linux Distributions.
Firstly run the install.sh this will setup everything that's needed for AskJOE
Then, give your OpenAI API Key when the project asks for an API Key
When the installation is done, start Ghidra
Go to File > install extensions
Click on "+" icon and select the AskJOE/Ghidrathon-v4.0.0/Ghidrathon-v4.0.0.zip
When you create a project make sure Ghidrathon extension is active
Some functions were added in the AskJOE, but we did not create them. Let us give the proper credit.