TL;DR
- macOS Catalina’s Gatekeeper blocks Ghidra’s bundled binaries when they aren’t code-signed.
- The quick workaround is to run the bundled executables once, approve them when prompted, then start Ghidra normally.
Ghidra is a genuinely great reverse-engineering tool, and it’s hard not to like “free” (or “cheaper”) as an option—even if you already have something like IDA.
On macOS Catalina, the friction is macOS security tooling: the official Ghidra release ZIPs include binaries that aren’t signed with an Apple developer certificate, which triggers Gatekeeper prompts.
Your two real options
- Best option (more work): build and code-sign Ghidra yourself
- Pragmatic option (fast, with tradeoffs): explicitly approve the blocked binaries
This post is about the pragmatic option. Don’t do this on a machine you consider high-sensitivity.
Bypass Gatekeeper by triggering prompts intentionally
Download the latest Ghidra release, extract it, then run these binaries one-by-one. Each one will trigger a Gatekeeper prompt; approve it when prompted.
./Ghidra/Features/Decompiler/os/osx64/decompile
./GPL/DemanglerGnu/os/osx64/demangler_gnu_v2_33_1
./ghidraRunAfter you’ve approved those, you should be able to use the auto-analyzer without the “blocked” failure mode.
One more thing
If Ghidra adds or moves bundled binaries in future releases, you may need to repeat the process for additional executables. A lot of older internet instructions age badly for exactly this reason.
Backlinks
No backlinks yet.