ARMify is a plugin for the open-source reverse-engineering tool Ghidra, with its primary goal being to assist security analysts in analyzing ARM Cortex-M bare-metal firmware. This is achieved through automatic microcontroller model identification and annotation of memory-mapped peripherals. It helps analysts understand how the firmware interacts with microcontroller features, offering significant time savings compared to manual cross-referencing with the microcontroller datasheet.
The MMIO Accesses View shows all memory-mapped register addresses accessed by the firmware in the 0x4000_0000–0x5FFF_FFFF range. Users can interactively choose which register addresses to include for device identification.
The Candidate Groups View displays the set of included register addresses. If a candidate group is selected, the corresponding register and peripheral names appear in the Included Register Addresses table (top). The Candidate Groups table (bottom) lists all groups of compatible devices sharing the same memory map for the currently identified register accesses. Selecting a group reveals its matching devices on the right.
Comparison of the decompiled code before and after applying a device in ARMify.
Left: Vanilla Ghidra output, where peripheral addresses are shown as unnamed symbols (e.g., DAT_400e40b0).
Right: After applying a device in ARMify, peripheral addresses are renamed meaningfully (e.g.,
Peripherals::CMU.HFBUSCLKEN0), significantly improving code readability.
-
Download the ARMify Plugin
Download the latest release of the ARMify plugin as a
.zipfile from the Releases page. -
Install into Ghidra
Open Ghidra and do the following:
- Go to
File→Install Extensions - In the Install Extensions dialog, click the Add extension icon (green plus symbol) and select the
downloaded ARMify
.zipfile. - Make sure the ARMify extension is checked/enabled.
- Click OK to finish the installation.
- Restart Ghidra for the changes to take effect.
Important Note: Ghidra version 11.4.0 contains a bug that prevents extensions from being installed. This issue is expected to be resolved in version 11.4.1. In the meantime, please use Ghidra version 11.3.2.
- Go to
-
Enable the ARMify Plugin in CodeBrowser
After restarting, open CodeBrowser, then:
- Navigate to
File→Configure - In the Configure Tool dialog, go to the Miscellaneous section and click the Configure button (see below):
- In the newly opened plugin selection window, find ARMify Plugin in the list and check its checkbox to enable it (see below):
- Click OK to confirm.
- Navigate to
The ARMify plugin is now active and ready to use within Ghidra. It can be opened in the CodeBrowser via Window →
ARMify Plugin.
Two hands‑on tutorials live in the tutorials/ folder of this repository. Each contains a firmware binary
and a walkthrough (README.md).
| Tutorial | Target MCU | Format | Highlights |
|---|---|---|---|
| Basic | EFR32MG1 | ELF file | Quick start, device apply |
| Advanced | STM32F446 | RAW binary | Multiple candidate groups, incremental analysis |
Follow them to get familiar with ARMify’s workflow before using it on your own firmware.
Java Development Kit (JDK) version 21 or later is required to build this project. To build the ARMify plugin from source, follow these steps:
-
Clone the Repository
git clone https://github.com/ARMify-Project/ARMify.git cd ARMify -
Set the Ghidra Install Directory
Create a
gradle.propertiesfile in the root of the project with the following line:GHIDRA_INSTALL_DIR=/path/to/ghidraReplace
/path/to/ghidrawith the full path to your local Ghidra installation (the directory containingsupport,Ghidra, andghidraRun). -
Build the Plugin
Run the Gradle build (tested with Gradle 8.14):
gradle
After a successful build, the ZIP archive for the plugin will be created in the following location:
dist/ -
Install the Plugin
Follow the Install instructions above to add the ZIP archive to Ghidra.
This project was made possible with funding from NGI Zero Entrust Fund. NGI Zero Entrust Fund is part of the European Commission's Next Generation Internet initiative.
Project webpage: https://nlnet.nl/project/ARMify/
The apply functionality (code in DeviceApplyService.java) is based on SVD-Loader-Ghidra.