Introduction: The SandBlaster Plugin is a sophisticated extension for Ghidra that seamlessly integrates the functionalities of the SandBlaster tool into the Ghidra environment.
More: Author   ReportBugs   

GitHub Release

The SandBlasterPlugin for Ghidra is a specialized and sophisticated extension that leverages the functionalities of the SandBlaster tool to facilitate the streamlined analysis and reverse engineering of iOS sandbox profiles. This tool is essential in converting the profiles from their binary format into a human-readable SBPL (Sandbox Profile Language) format, directly within the Ghidra environment. The iOS operating system employs a security feature known as the sandbox, which imposes restrictions on applications, limiting their access to certain parts of the system or user data. These restrictions are delineated in sandbox profiles, typically stored in a binary format. The SandBlaster Plugin simplifies the analysis process by converting these binary profiles into the readable SBPL format, thereby aiding researchers and security analysts in comprehending and assessing the security implications of these profiles.


  • Ghidra
  • Python 2
  • Python 3
  • pip (Python package installer for Python 3)
  • lief package for Python 3

The plugin handles the installation of additional Python 3 required packages, such as lief.


This project includes the SandBlaster submodule, which requires Python 2, Python 3, pip, and the lief package for Python 3.


  1. Download the .zip file from releases section of this repository and install it in Ghidra in Ghidra in File → Install Extensions...


  2. Clone this repository:

     git clone
     cd ghidra-plugin
  3. Initialize and update the submodules:

     git submodule init
     git submodule update
  4. Build the Ghidra plugin:

     ./gradlew build

    This will generate a .zip file in the dist directory.

  5. Once built, the plugin can be installed in Ghidra in File → Install Extensions...


Provide detailed instructions on how to use the plugin.

  1. Start Ghidra.
  2. Open File → Configure → Miscellaneous and enable SandBlasterPlugin
  3. Open Window → SandBlasterPlugin and the main window of plugin will be displayed
  4. Specify Python2 and Python3 bin paths or use Auto Detect action
  5. Specify a valid iOS Version and the SandBox Operations File Source and SandBox Profiles File Source
  6. Start process
  7. View reversed SandBox profiles in the Result tab
  8. Check the logs


The built version of the Ghidra plugin can be found in the releases section of this repository.


If you are interested in contributing to this project, please read the file.


This project is licensed under the MIT License - see the LICENSE file for details.

About Me
GitHub: Trinea
Facebook: Dev Tools