Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA To Release a Free Reverse Engineering Tool (zdnet.com)

Posted by msmash on from the how-about-that dept.

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. From a report: The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.

9 of 61 comments (clear)

  1. Nice but not unique by Alain+Williams · · Score: 2

    Eg Ndisasm

    1. Re:Nice but not unique by mike.mondy · · Score: 4, Informative

      Eg Ndisasm

      There are also a few tools that try to convert to high level languages:

      Snowman
      REC Decompiler

  2. what do I know? by AndyKron · · Score: 2

    I thought it was illegal to reverse engineer software?

    1. Re:what do I know? by ShanghaiBill · · Score: 5, Informative

      I thought it was illegal to reverse engineer software?

      No. Disassembling software is not, and has never been, illegal in America.

      It may be illegal to use the result of the disassembly, especially to bypass security, but also by incorporating copyrighted or patented code into your own products, or accessing functionality that you are not licensed to use. But the disassembly itself is not illegal.

      Some products have terms in their license that forbid disassembly, but those are untested by the courts, are only binding if you are a party to the contract, and violation is a civil tort, not a crime.

    2. Re:what do I know? by Gabest · · Score: 2

      It's just a hex viewer, you can already see the instructions if you know their code number.

  3. Holy Shit no by Anonymous Coward · · Score: 4, Insightful

    Have you seen what the Obfuscated C project can do? I wouldn't trust NSA source code beyond 'print "Hello World";' and even that is iffy. God help anyone who touches it if this release is binary only.

  4. lol by lsllll · · Score: 3, Insightful

    Does it come with a free thumbdrive? If not, I won't be interested.

    --
    Is that a roll of dimes in your pocket or are you happy to see me?
  5. Most Excellent timing by hAckz0r · · Score: 3, Interesting

    I have been a long time supporter of IDA Pro, for better than 15 years. Every year I would dig down deep into my pockets and hand over about $600 for my maintenance contract renewal, for my own personal use. My "named" license allowed me to install the product on any machine where I need to analyze something down to the assembly level, and chase the rabbit down the hole. I could code in IDAPython, to script up some magic to analyze things in ways you just could not do with any other tool. Except of course the infamous GHIDRA, which although people I knew at work all used it, I had no direct access to the tool. They said it was better than IDA Pro. Still, there were reasons for them to keep IDA Pro on their tool shelf because no one tool fits every problem.

    Well in 2018 HexRays changed the licensing, and removed the "named" licenses from their offerings. For twice the price I could own a single license for one single machine, that was of course not going to be the one I needed to analyze. My desktop machine is essentially a Xen virtualizing service with lots of smaller task-oriented virtual machines. Which single virtual machine do I now choose to run IDA Pro in? Whichever one I choose there will be some other place I need to debug something. The new IDA Pro licensing sucks, and I can not justify that kind of money for software that I can not even run where I need it.

    Now I can not wait to get my hands on GHIDRA.

    1. Re:Most Excellent timing by Bite+The+Pillow · · Score: 2

      I'm skeptical that a tool can be as good as ida. I use the free noncommercial version, so it's not even the latest and greatest.

      Ida and SoftIce/WinIce are hard to beat. I hope to contribute some fixes because ida has become less keyboard friendly. That shit needs to stop.