Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Releases Ghidra, a Free Software Reverse Engineering Toolkit (zdnet.com)

Posted by msmash on from the how-about-that dept.

An anonymous reader writes: At the RSA security conference this week, the National Security Agency released Ghidra, a free software reverse engineering tool that the agency had been using internally for well over a decade. The tool is ideal for software engineers, but will be especially useful for malware analysts first and foremost, being similar to other reverse engineering tools like IDA Pro, Hopper, HexRays, and others.

The NSA's general plan was to release Ghidra so security researchers can get used to working with it before applying for positions at the NSA or other government intelligence agencies with which the NSA has previously shared Ghidra in private. Ghidra is currently available for download only through its official website, but the NSA also plans to release its source code under an open source license in the coming future.


28 of 64 comments (clear)

  1. Translate machine code into language by XXongo · · Score: 1

    So, basically, this is google translate, but for software!

  2. Is it Open Source? by 3seas · · Score: 2

    Wait till it is, otherwise no telling what it contains unless you use it to revers engineer itself.

    1. Re:Is it Open Source? by Anonymous Coward · · Score: 1

      https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip

      direct download link, fwiw...

      it's only 272MB.

      what could possibly go wrong.

      captcha : intercom

    2. Re:Is it Open Source? by PPH · · Score: 1

      Is that source or a binary? Does it run on Linux?

      Uh uh. I ain't clickin' that sh*.

      --
      Have gnu, will travel.
    3. Re:Is it Open Source? by gweihir · · Score: 1

      It is FOSS. The NSA will not place any exploits in there. First, they would be found and second, they would be all over the world pretty fast, making this an utter PR disaster.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Is it Open Source? by gweihir · · Score: 2

      You seriously think the NSA would do an untargeted attack on the whole world with this? Maybe you should have your paranoia looked at professionally.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Is it Open Source? by gweihir · · Score: 1

      Bullshit. If this is back-doored, it will have networking code that has no place in there. And that code will be found. Also, what purpose would an _untargeted_ attack against the whole world have? Right, none at all.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Is it Open Source? by ZoomieDood · · Score: 1

      Well, I'll certainly use a tool like this to aim it at a piece of software I have to use with a CZURtek book scanner I purchased from a kickstarter campaign years ago that appears to be scanning across my hard drive in unrelated areas and opening a port to china while in the middle of scanning.

    7. Re: Is it Open Source? by Anonymous Coward · · Score: 1

      cough EternalBlue cough

      It's not as if they are lacking a past of untargetted world wide attacks. They invented the concept of untargetted world wide attacks.

    8. Re:Is it Open Source? by gweihir · · Score: 1

      So corrupting other services with exploit code that is worth quite a bit? Not really harder to spot. You really have no clue what you are talking about.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    9. Re:Is it Open Source? by gweihir · · Score: 1

      Paranoia and insight do not mix. Your statement is a nice example of that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. A Quick Example by chill · · Score: 4, Informative

    http://www.peppermalware.com/2019/03/quick-analysis-of-trickbot-sample-with.html

    That's a quick review of using Ghidra to analyze Trickbot. It shows the interface and many of the features, with a brief comparison to IDA.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:A Quick Example by phantomfive · · Score: 2

      Looks like it is really similar to IDA, but open source (eventually) and free.

      --
      "First they came for the slanderers and i said nothing."
    2. Re: A Quick Example by eatvegetables · · Score: 1

      Thanks for posting link. Nice overview.

  4. Better Ghidra than King Ghidorah by Mspangler · · Score: 1

    With a Three Letter Agency you are never quite sure what they are plotting.

    1. Re:Better Ghidra than King Ghidorah by omfglearntoplay · · Score: 1

      That's the first thing that came to mind. I still think that's how they got the name.

    2. Re:Better Ghidra than King Ghidorah by K.+S.+Kyosuke · · Score: 1

      Isn't it "Hydra" in Russian?

      --
      Ezekiel 23:20
  5. What happens if you run in on Slashcode? by Anonymous Coward · · Score: 1

    Will the world implode if this were run on Slashcode?

  6. Re:No thank you by gweihir · · Score: 2

    Makes you stupid, but be my guest. You are hardly alone.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. Re:More details by fibonacci8 · · Score: 2

    It takes any compiled binary and reverse engineers it into Brainfuck.

    --
    Inheritance is the sincerest form of nepotism.
  8. Bad Guys Too! by nuckfuts · · Score: 1

    The tool is ideal for software engineers...

    Yes, there will be good guys who will use this to reverse-engineer malware to design patches. There will also be bad guys who will use it to reverse-engineer patches to design malware.

    Here's a scenario: A security researcher discovers a critical vulnerability in Microsoft Windows. Remotely executable. Root-level access. Being a responsible researcher, the information is provided quietly to Microsoft before being announced publicly, so they are given a chance to develop a patch. Somewhere down the road, Microsoft releases a patch.

    What happens immediately is that people start reverse-engineering the patch. What modules is it touching? Let's look very closely at those modules, maybe do some fuzzing, see if we can figure out what's exploitable. I once saw Halvar Flake give a talk on this that was both impressive and frightening. A person with his level of skill could potentially develop an exploit by reverse-engineering a patch in a matter of hours. Much faster than many people would be deploying the patch.

  9. does anyone know list of platforms. G85ware only? by yfeefy · · Score: 1

    I guess we'll find out soon enough. People afraid of it could always run it in a sandboxed area. I wouldn't worry too much about being on a list, you are probably already on it. If the download consists of a stub that downloads a "downloader" like so much crapware today, maybe start to worry :-)

  10. Run at your own risk by hermi · · Score: 1

    unless you want a TCP port opened that is reachable via internet with remote code execution source

  11. Re: Hide in plain sight by LifesABeach · · Score: 1

    / . The NSA? Cool, if course it's my tax dollars that will used to fix it, but cool.

  12. I feel like someone in Strugatskys Roadside Picnic by Dirk+Becher · · Score: 1

    With the NSA in the role of the super-advanced aliens and the rest of humanity as the strugglers in the zone who feast on their junk.

  13. Re:No thank you by AHuxley · · Score: 1

    Recall "NSA likely targets anybody who's 'Tor-curious'" https://www.cnet.com/news/nsa-... (July 3, 2014)

    --
    Domestic spying is now "Benign Information Gathering"
  14. This is just a recruiting tool by Nocturrne · · Score: 1

    You can be sure, this is not considered an advanced tool, worthy of protection. If you are able to use this tool to do something interesting, you might find yourself being contacted by a recruiter from a contractor with a strange name. If government salaries were not borderline poverty level, it might be fun.

  15. Try Reko. by cheesybagel · · Score: 1

    Reko is already open source. It has a disassembler and a GUI.
    https://uxmal.github.io/reko/
    https://github.com/uxmal/reko