Back to Details

headless-ghidra-evidence

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Headless Ghidra Evidence

无头Ghidra证据

Use this phase skill when planning needs to preserve how evidence will be extracted, replayed, and reviewed after the target and scope are already normalized.
The canonical contract is 
./planning-brief.md
. That brief carries evidence and replay constraints into 
speckit
, then acts as the checklist for reviewing generated planning artifacts.
当目标和范围已完成标准化后,若规划需要留存证据的提取、重放以及后续审查方式,可使用此阶段技能。
规范契约见
./planning-brief.md
。该简报会将证据和重放约束传入
speckit
,之后用作审查生成的规划工件的检查清单。

Phase Focus

阶段核心范围

This phase covers:
  • evidence sources and extraction expectations
  • replayable command or manifest requirements
  • artifact capture and review surfaces
  • validation expectations for generated planning artifacts
This phase is generic evidence planning. It does not own active Frida runtime capture. When the request needs new Frida capture planning rather than review of already captured outputs, route first to 
../headless-ghidra-frida-runtime-injection/SKILL.md
. When a runtime-capture manifest already exists and the remaining work is provenance review, observed-versus-inferred claim labeling, or static-vs-dynamic conflict recording, route to 
../headless-ghidra-frida-evidence/SKILL.md
.
本阶段涵盖:
  • 证据来源与提取预期
  • 可重放命令或清单要求
  • 工件捕获与审查界面
  • 生成的规划工件的验证预期
本阶段属于通用证据规划,不负责活跃的Frida运行时捕获。如果请求需要新增Frida捕获规划,而非审查已捕获的输出,请先路由到
../headless-ghidra-frida-runtime-injection/SKILL.md
。如果已经存在运行时捕获清单,剩余工作为来源审查、观测值与推断值声明标记,或静态与动态冲突记录,请路由到
../headless-ghidra-frida-evidence/SKILL.md

Non-Negotiable Constraints

不可妥协的约束

  • Headless-only workflow. Evidence collection must not depend on GUI-only activity.
  • Evidence-backed claims. Reverse-engineering conclusions must trace to observable exports, manifests, or recorded outputs.
  • Reproducible workflow expectations. Replay commands, inputs, and outputs must be explicit enough to regenerate.
  • Reviewable Markdown outputs. The planning and audit surfaces remain readable as Markdown.
  • No downstream 
    speckit
    extension or constitution change is required.
  • 仅支持无头工作流。证据收集不得依赖仅GUI可用的操作。
  • 声明需有证据支撑。逆向工程结论必须可追溯到可观测的导出内容、清单或已记录的输出。
  • 工作流需符合可复现预期。重放命令、输入和输出必须足够明确,可支持重新生成结果。
  • 输出为可审查的Markdown格式。规划和审计界面需保持为可读的Markdown格式。
  • 无需对下游
    speckit
    扩展或规则进行修改。

Required Inputs

所需输入

  • existing intake summary or normalized target context
  • expected evidence sources and artifact types
  • replay expectations, including command, manifest, or export surfaces
  • validation gates a reviewer must confirm after planning
  • optional local overlays that only tighten the contract
  • 已有的intake摘要或标准化的目标上下文
  • 预期的证据来源和工件类型
  • 重放预期,包括命令、清单或导出界面
  • 规划完成后审查人员必须确认的验证关卡
  • 可选的本地覆盖配置,仅可用于收紧契约要求

How To Use This Skill

如何使用该技能

  1. Fill in 
    ./planning-brief.md
     with the evidence and replay expectations for the target.
  2. Pass that brief into 
    speckit
    as a file or inline paste.
  3. Review the generated planning artifacts against the same evidence checklist before treating them as ready for implementation.
  4. If a generated artifact weakens replay or evidence requirements, refine or regenerate the planning artifacts rather than weakening this phase contract.
  1. ./planning-brief.md
    中填写目标对应的证据和重放预期。
  2. 将该简报作为文件或内联粘贴传入
    speckit
  3. 在认为生成的规划工件可用于实施前,对照同一证据检查清单对其进行审查。
  4. 如果生成的工放宽了重放或证据要求,请优化或重新生成规划工件,不得放宽本阶段的契约要求。

Example

示例

  • Evidence handoff example: 
    ./examples/evidence-speckit-handoff.md
  • 证据移交示例:
    ./examples/evidence-speckit-handoff.md

Next Step Routing

下一步路由

  • Use this phase after intake is stable and before script-specific planning.
  • Move to the Frida runtime-injection phase when the planning request still needs reproducible CLI/headless Frida capture, common script selection, or a capture manifest before imported evidence can be reviewed.
  • Move to the Frida evidence phase when the planning request depends on externally captured Frida traces, hook logs, or session notes that need their own provenance and replayable handoff contract.
  • Return to intake if the real gap is still target identity, initial scope, or setup normalization rather than evidence design.
  • Move to script authoring and review when the plan introduces reusable Ghidra scripts, registration work, or checklist-based script review.
  • 请在intake稳定后、特定脚本规划前使用本阶段。
  • 如果规划请求仍需要可复现的CLI/无头Frida捕获、通用脚本选择或捕获清单,之后才能审查导入的证据,请进入Frida运行时注入阶段。
  • 如果规划请求依赖外部捕获的Frida trace、钩子日志或会话记录,需要为其配置来源和可重放的移交契约,请进入Frida证据阶段。
  • 如果实际缺口仍在于目标身份、初始范围或设置标准化,而非证据设计,请返回intake阶段。
  • 如果规划引入了可复用的Ghidra脚本、注册工作或基于清单的脚本审查,请进入脚本编写和审查阶段。