NSA to release a free reverse engineering tool
GHIDRA is written in Java and works on Windows, Mac, and Linux.
[You must be registered and logged in to see this link.]By
[You must be registered and logged in to see this link.] | January 5, 2019 -- 22:12 GMT (22:12 GMT) | Topic:
[You must be registered and logged in to see this link.] Recommended Content:[You must be registered and logged in to see this link.]Modern browsers store information for your convenience, but that makes them ripe targets for the theft of confidential data. Luckily, you can take certain steps to protect yourself. This ebook looks at some of the most prevalent threats and... The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco.
More security news
The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.
The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software.
GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.
According to these
[You must be registered and logged in to see this link.], GHIDRA is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux.
GHIDRA can also analyze binaries for all major operating systems, such as Windows, Mac, Linux, Android, and iOS, and a modular architecture allows users to add packages in case they need extra features.
According to GHIDRA's description in the
[You must be registered and logged in to see this link.], the tool "includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed."
US government workers to whom ZDNet has spoken today said the tool is well-known and liked, and generally used by operators in defensive roles, who normally analyze malware found on government networks.
Some people who know and used the tool and have shared opinions on social media, such as
[You must be registered and logged in to see this link.],
[You must be registered and logged in to see this link.], and
[You must be registered and logged in to see this link.], have compared GHIDRA with
[You must be registered and logged in to see this link.], a well-known reverse engineering tool -but also very expensive, with licenses priced in the range of thousands of dollars.
Most users say that GHIDRA is slower and buggier than IDA, but by open-sourcing it, the NSA will benefit from free maintenance from the open source community, allowing GHIDRA to quickly catch up and maybe surpass IDA.
The news of the NSA open-sourcing one of its internal tools should not surprise you. The NSA has open-sourced all sorts of tools over the past few years, with the most successful of them being
[You must be registered and logged in to see this link.], a project for automating large data transfers between web apps, and which has become a favorite on the cloud computing scene.
In total, the NSA has open-sourced 32 projects as part of its
[You must be registered and logged in to see this link.] so far and has most recently even opened an official GitHub account.
GHIDRA will be demoed at the RSA conference on March 5 and is expected to be released soon after on the agency's
[You must be registered and logged in to see this link.] page and
[You must be registered and logged in to see this link.].