Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA To Release a Free Reverse Engineering Tool (zdnet.com)

Posted by msmash on from the how-about-that dept.

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. From a report: The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.

23 of 61 comments (clear)

  1. Nice but not unique by Alain+Williams · · Score: 2

    Eg Ndisasm

    1. Re:Nice but not unique by mike.mondy · · Score: 4, Informative

      Eg Ndisasm

      There are also a few tools that try to convert to high level languages:

      Snowman
      REC Decompiler

    2. Re: Nice but not unique by lsllll · · Score: 1

      That would be trivial to find out.

      Stuxnet much?

      --
      Is that a roll of dimes in your pocket or are you happy to see me?
  2. Who hasn't used one? by Anonymous Coward · · Score: 1

    Taking assembly at university in the early '90's I used a decompiler in the process.

    How is this "a disaster"? What is unique about this one other than the maker?

  3. what do I know? by AndyKron · · Score: 2

    I thought it was illegal to reverse engineer software?

    1. Re:what do I know? by ShanghaiBill · · Score: 5, Informative

      I thought it was illegal to reverse engineer software?

      No. Disassembling software is not, and has never been, illegal in America.

      It may be illegal to use the result of the disassembly, especially to bypass security, but also by incorporating copyrighted or patented code into your own products, or accessing functionality that you are not licensed to use. But the disassembly itself is not illegal.

      Some products have terms in their license that forbid disassembly, but those are untested by the courts, are only binding if you are a party to the contract, and violation is a civil tort, not a crime.

    2. Re:what do I know? by Gabest · · Score: 2

      It's just a hex viewer, you can already see the instructions if you know their code number.

    3. Re:what do I know? by lsllll · · Score: 1

      It's just a hex viewer, you can already see the instructions if you know their code number.

      Reminds me of the The Story of Mel

      --
      Is that a roll of dimes in your pocket or are you happy to see me?
    4. Re: what do I know? by Anonymous Coward · · Score: 1

      A computer does not reverse engineer the code when it executes. A computer executes compiled binary code. Compiled Binaries are at one end, Javascript is at the other end.

      This is a decompiler, it takes a binary executable and turns it into something more readable. Not quite as readable as non-obfuscated Javascript though, but something like an old version of Javascript.

    5. Re:what do I know? by zwarte+piet · · Score: 1

      Alto violin, actually.

  4. Holy Shit no by Anonymous Coward · · Score: 4, Insightful

    Have you seen what the Obfuscated C project can do? I wouldn't trust NSA source code beyond 'print "Hello World";' and even that is iffy. God help anyone who touches it if this release is binary only.

    1. Re:Holy Shit no by SCVonSteroids · · Score: 1

      It's not an unreasonable assumption to have.
      There are some things, if I can't compile it myself, I'd rather just not have.

      --
      I tend to rant.
  5. lol by lsllll · · Score: 3, Insightful

    Does it come with a free thumbdrive? If not, I won't be interested.

    --
    Is that a roll of dimes in your pocket or are you happy to see me?
  6. Re:Nice try, NSA... by AHuxley · · Score: 1

    Its nice to read the CIA Marble Framework results when the code shows what foreign language text the CIA wanted to be found.

    --
    Domestic spying is now "Benign Information Gathering"
  7. Binary into assembly? by OneHundredAndTen · · Score: 1

    That's kind of trivial. Tedious and laborious, but trivial - you do not need the NSA to tell you how to do that. If the tool were able to spit out code in some high-level language (even something as low-level as C) that is not unintelligible spaghetti code, that would be something.

  8. Most Excellent timing by hAckz0r · · Score: 3, Interesting

    I have been a long time supporter of IDA Pro, for better than 15 years. Every year I would dig down deep into my pockets and hand over about $600 for my maintenance contract renewal, for my own personal use. My "named" license allowed me to install the product on any machine where I need to analyze something down to the assembly level, and chase the rabbit down the hole. I could code in IDAPython, to script up some magic to analyze things in ways you just could not do with any other tool. Except of course the infamous GHIDRA, which although people I knew at work all used it, I had no direct access to the tool. They said it was better than IDA Pro. Still, there were reasons for them to keep IDA Pro on their tool shelf because no one tool fits every problem.

    Well in 2018 HexRays changed the licensing, and removed the "named" licenses from their offerings. For twice the price I could own a single license for one single machine, that was of course not going to be the one I needed to analyze. My desktop machine is essentially a Xen virtualizing service with lots of smaller task-oriented virtual machines. Which single virtual machine do I now choose to run IDA Pro in? Whichever one I choose there will be some other place I need to debug something. The new IDA Pro licensing sucks, and I can not justify that kind of money for software that I can not even run where I need it.

    Now I can not wait to get my hands on GHIDRA.

    1. Re:Most Excellent timing by Bite+The+Pillow · · Score: 2

      I'm skeptical that a tool can be as good as ida. I use the free noncommercial version, so it's not even the latest and greatest.

      Ida and SoftIce/WinIce are hard to beat. I hope to contribute some fixes because ida has become less keyboard friendly. That shit needs to stop.

    2. Re:Most Excellent timing by DigitAl56K · · Score: 1

      IDA's pricing scheme is ridiculous.

      I would like to educate myself with IDA for non-commercial use, but Starter is nearly $1000 and doesn't even handle 64-bit binaries. That is ridiculous.

      Hex-Rays deprived themselves of corporate licensing last year when, having been unable to familiarize myself with anything but the old free 5.0 edition due to the cost, I could not confidently tell the person who approves the PO that yes, I am fairly confident I can use this tool to solve our problem.

      I am very glad to see this competitor come along even if only for the fact it might make someone at Hex Rays re-evaluate their model.

    3. Re:Most Excellent timing by hAckz0r · · Score: 1

      The free version has been updated as of version 7.0, so I would first try that. It's still x86 only while the paid version does something like 96 different CPU architectures, and even java/android support. I believe the new freebe should do 64 bit, which the older 5.0 version definitely can not.

      I have not used the free version since I still have my old license for 7.1 that will never expire. I'll stick with that until I find something better.

  9. Re:Why GHIDRA? by Martin+Blank · · Score: 1

    GHIDRA is supposed to be released at RSA. They have a talk scheduled about it. I've seen some people eager (setting aside backdoor risks) for a strong competitor to IDA Pro and its ridiculously high prices.

    --
    You can never go home again... but I guess you can shop there.
  10. Re:Nice try, NSA... by AlwinBarni · · Score: 1

    ...so you want to monitor who will download it, isn't it ?!?

    Sorry, no mod points - well deserved here :-)
    I would guess that it's not only download monitoring - how many people will use this tool to analyze the very tool itself?

  11. Learning is better than ignorance. by jbn-o · · Score: 1

    Have you seen what the Obfuscated C project can do?

    Yes, obfuscated programming contests can serve as important learning tools for those who want to liberate themselves from continued ignorance driven by fear of the unknown.

    I wouldn't trust NSA source code beyond 'print "Hello World";' and even that is iffy.

    I think it's safe to say you won't be doing anything with the program (as far as you know) but programmers simply can't afford the luxury of being ignorant and non-programmers are not well served by inculcating fear. The result of your suggestion is to maintain a small group of elites who ought to be blindly trusted rather than kept in check through software freedom.

    God help anyone who touches it if this release is binary only.

    I'm not sure what constitutes 'touching' in this context but disassembling the binary and examining how that works (even running the code once understood on a spare computer or VM, perhaps one that isn't networked) should be encouraged particularly for the purposes of providing a free software replacement. Running the program temporarily might be necessary to provide a free software replacement. One hopes that any release comes with complete corresponding source code and build instructions. But really, there's no more reason to trust the proprietary software people run every day than there is to trust any code from the NSA. Proprietary software is often malware. We have no good reason to trust the NSA nor software proprietors; in fact, the proprietors sometimes work with the NSA (like when Microsoft specifically changed Skype to make it easier to spy upon).

    --
    Digital Citizen
  12. disassemblers are provided by any sane toolchain by obsrwr · · Score: 1

    objdump -D ....