This is a basic tutorial for using BSim in Ghidra. The main thing it will go over is how to compare matches of functions across binaries and how to navigate the BSim interface.
Your Ghidra version MUST be on 11 or higher to use BSim features.
To enable BSim, go into CodeBrowser. Then, click the File tab, then click the Configure button. Then, click the checkbox on the BSim tool. This enables the BSim tab in CodeBrowser.
In the Script Manager (found in Window tab or the green circle with the triangle icon), search for "bsim" (without quotation marks) in the Filter. If you haven't already (which you probably haven't), create an H2 BSim database by double clicking on CreateH2BSimDatabaseScript.java in the list. Then, pick a name and directory for your database. Now you've made a database, which will be used for the next step!
If you ran an analysis on your file and it has been completed, navigate to the Script Manager and run AddProgramToH2BSimDatabaseScript.java from the list of scripts. Then, select your BSim database from the directory you created it in (will be formatted as [name].mv.db). This may require redecompiling all functions in the binary, and afterwards it will add the file to that BSim database when done. Now, you can repeat the process for any other files you want to add to the DB. (You may add as many files as you want, but 2 is a good amount to start off with)
First, you need to add your BSim database as a BSim server. Go to the BSim tab and click on Manage Servers. Then, click the green plus (+) button and then click on the File radio button. Then, find your database file and then add it and then press OK and then press Dismiss. Now you've successfully added a BSim database as a server.
Typically, when comparing files, you want to compare EVERY function to other functions. To do this for your file, in the disassembly view press Ctrl + A (Cmd + A on Mac) to select the entire disassembly. Then, go to the BSim tab and click on Search Functions. Now, choose the BSim Server from the dropdown with the BSim server you registered and then it will use that for searching. You can also configure some of the settings in the search dialog, but you can just leave it as the default if you want. You'll also see how many functions you selected. Now, hit Search. This runs a pseudocode decompilation on all functions in your current binary and it will let you search between other files in the database.
When the decompilation is finished, the search window opens up. Here's a breakdown of most of the columns in the view:
- Status will display a green flag automatically if the symbol name matches with the other symbol.
- Similarity shows a value (from 0 to 1 by default) which notes how similar the symbol is in code to another symbol in another binary.
- Confidence shows a scale of how confident Ghidra is that the symbol matches to the other symbol.
- Function Name shows the name of the function in the current binary.
- Matching Function Name shows the name of a potential matching function from another binary
- Exe Name is the name of the executable/binary which the matching function name originates from
- Location shows the Function Name location in the currently opened binary.
The NSA actually has a really good guide on this (https://github.com/NationalSecurityAgency/ghidra/blob/master/GhidraDocs/GhidraClass/BSim/BSimTutorial_Evaluating_Matches.md) which I recommend reading, it gives more of an in-depth explanation than I can give. But basically, to compare a function, you just right click on one of the functions, click on the Compare Function button and it will open a comparison window. Once again, read the NSA's guide on evalulating function matches before speculating about a match!
The best usage of BSim is to find matches to a function from a binary which does not contain symbols to a binary that does contain symbols. In the case of GC/Wii decomp, you could use it to convert RVL/DOL sdk symbols to symbol-less binaries, convert invalid symbol maps to valid versions manually, analyze differences between functions over time, and more!
I hope this information will be useful to you!