Disclaimer: This project is intended for research and reverse engineering purposes only and It is not affiliated with or endorsed by Garmin.
Garmin applications are a suite of mobile and desktop apps developed by Garmin to enhance the experience of using their GPS and fitness devices. These apps help users track health metrics, plan workouts, navigate routes, and sync data across devices. Popular apps include Garmin Connect (for fitness tracking and analytics), Garmin Explore (for outdoor navigation and trip planning), and Garmin Drive (for smart driving features and GPS updates). Each app is designed to work seamlessly with Garmin devices for specific activities like running, cycling, hiking, driving, and boating.
On the Garming IQ Store, many applications are available to be downloaded and installed on your garmin watch:
With Garmin’s Connect IQ platform, you can build several types of custom applications for Garmin wearable devices and other supported products, such as :
- Watch Faces – Customize the look of a Garmin watch's home screen, including time, date, stats, colors, and layout.
- Data Fields – Add custom metrics or calculations to the activity tracking screens (e.g., custom heart rate zones or advanced pace metrics).
- Widgets – Provide glanceable information outside of an activity (e.g., weather, calendar, or custom reminders) accessible by swiping through the watch’s menu.
- Apps (Watch Apps) – Full standalone applications that run on the watch, often used for custom sports, fitness tracking, navigation, or games.
- Device Apps (Edge/Marine) – Applications specifically designed for Garmin cycling computers, marine devices, or other non-watch devices.
Each of these types is developed using Garmin’s Monkey C language and Connect IQ SDK.
To make Ghidra understands the Garmin Wach Applications it was required to define a new processor. Ghidra supports the definition of new CPU archichetcures and instruction sets and allows you to define how machine code is disassembled,and analyzed by Ghidra for a particular processor. Ghidra uses a SLEIGH specification language to define these processors https://github.com/NationalSecurityAgency/ghidra/blob/master/GhidraDocs/languages/index.html.
This project provides a Ghidra processor definition and loader for Garmin PRG application binaries. It enables proper loading, memory layout, and initial data structure interpretation for Garmin PRG binaries, making static analysis and reverse engineering significantly easier.
- Loads Garmin
.prgapplication files into Ghidra - Creates appropriate memory blocks
- Sets the correct image base and entry point
- Applies known header structures
- Labels important offsets and symbols when possible
- SLEIGHT opcode specification implemented to allow decompilation
- Ghidra 12.0.3
- GhidraDev 5.0.0.202501081224
- gradle 8.13
- Java JDK compatible with your Ghidra version
- A local Ghidra development environment (recommended)
- Download the latest release from the Releases page (the prebuilt extension .zip).
- Open Ghidra and go to:
File → Install Extensions… - Click “+” (Add) / Install from Zip (wording varies slightly by version)
- Select the downloaded release .zip
- Restart Ghidra when prompted
If installed correctly, the loader will appear automatically when importing .prg files.
-
Clone this repository:
git clone https://github.com/anvilventures/GhidraGarminApp.git
-
Install GhidraDev on Eclipse
-
Import the project directly into the GhidraDev Eclipse environment.
-
Build the extension:
-
Using Eclipse + GhidraDev, export the extension
-
Or build manually using
$ export GHIDRA_INSTALL_DIR=YOUR_GHIDRA_PATH$ gradle buildExtension
-
-
Restart Ghidra.
If installed correctly, the loader will appear automatically when importing .prg files.
- Open Ghidra
- Create or open a project
- Import a Garmin
.prgfile - If the file format is correct you will see the following prompt:
- Press okay and proceed with default options (unless you know you need to change them).Once loaded, the program will appear with memory blocks, symbols, and data types applied.
After loading, the following information becomes available:
- Proper memory blocks for code and data with pre-loaded symbols
- Object definitions stored in the binary will be also available on Ghidra to allow an easy-reverse engineering journey. Bear in mind that symbol value references within the code base are currently not available:
- Identification and renaming of known functions
- All Opcodes have a sleight definition allow decompilation. However, the decompiled version may not be always accurate as some opcodes lack information.
- PRG header parsed into several structures, mainly ClassDefinition and FielDefinition
- The loader is able to detect and create these structures, however, not all fields are highlighted (yet). Have a look at the Kaitai structure created in previous research to have a detailed view into the binary: Garmin Kaitai file structure
Possible future enhancements include:
- More complete PRG header coverage
- Map symbol value to module functions
- Version-specific PRG handling
- Scripted analysis helpers
Contributions, format documentation, and sample files are welcome.
This project is intended for research and reverse engineering purposes only. It is not affiliated with or endorsed by Garmin.