The NSA to Release Free "GHIDRA" Reverse Engineering Tool

cageymaru · Jan 7, 2019

The US National Security Agency (NSA) is scheduled to release the "GHIDRA" reverse engineering tool that allows researchers to disassemble executable files into assembly code that can be read and analysed. This will allow members of cyber defense teams around the world to peer into the inner workings of malware strains and rogue software. GHIDRA was mentioned in the WikiLeaks document release from 2017. NSA Senior Advisor, Robert Joyce will give a talk and discuss the tool at the RSA Conference on March 6, 2019 in San Francisco, CA. According to Catalin Cimpanu of ZDNET, the tool is expected be available as open source on the code page for the NSA and its Github repository at the time of its release.

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.

WBurchnall · Jan 7, 2019

Anyone else think this is hacker bait? 99.9 percent chance imo that if you download this tool your digital identity goes into a watch list

Full Otto · Jan 7, 2019

WBurchnall said:
Anyone else think this is hacker bait? 99.9 percent chance imo that if you know about this tool your digital identity goes into a watch list

FTFY

PaulP · Jan 7, 2019

WBurchnall said:
Anyone else think this is hacker bait? 99.9 percent chance imo that if you download this tool your digital identity goes into a watch list

Because nobody but hackers would ever have any reason to be interested in this tool. /sarc

mord · Jan 7, 2019

RIAA to send DMCA take down notice immediately as this is obviously a pirate site dustributing tools to reverse engineer copyright protection software.

Master_shake_ · Jan 7, 2019

mord said:
RIAA to send DMCA take down notice immediately as this is obviously a pirate site dustributing tools to reverse engineer copyright protection software.

came here to say this.

sounds like a use of the golden rule.

lcpiper · Jan 7, 2019

WBurchnall said:
Anyone else think this is hacker bait? 99.9 percent chance imo that if you download this tool your digital identity goes into a watch list

Maybe, but which hackers and for what purpose?

Look, for argument's sake let's say that this is definitely a sucker play.

If the "target" was criminal hacking, it would be the FBI behind it, Law Enforcement. But with the NSA releasing it, the target would seem to be State Sponsored hacking from a National Defense angle.

Zarathustra[H] · Jan 7, 2019

WBurchnall said:
Anyone else think this is hacker bait? 99.9 percent chance imo that if you download this tool your digital identity goes into a watch list

That was the first thing I thought. Download and use this, and you now have NSA spyware on your machine.

Tak Ne · Jan 7, 2019

WBurchnall said:
Anyone else think this is hacker bait? 99.9 percent chance imo that if you download this tool your digital identity goes into a watch list

I don't think its that. I think it'll just send them a copy of your results from this tool. They still get to benefit from the work of people with morals or too smart to work for them.

Ocellaris · Jan 7, 2019

Someone say Ghidra?

seanreisk · Jan 7, 2019

WBurchnall said:
Anyone else think this is hacker bait? 99.9 percent chance imo that if you download this tool your digital identity goes into a watch list

I doubt it. Anyone knowledgeable enough to make use of this tool is going to be knowledgeable enough to know if the tool is making files or phoning home. Total system hashes and real feelz sandboxes are easy to make.

Parja · Jan 7, 2019

So I feel like the first thing you should reverse engineer with this tool would be the tool itself.

seanreisk · Jan 7, 2019

Parja said:
So I feel like the first thing you should reverse engineer with this tool would be the tool itself.

No way. That would be like two mirrors facing each other.

Code:

while(1) { fork(); }

P.S. Do not run the above.

ArFLaserBear · Jan 7, 2019

Parja said:
So I feel like the first thing you should reverse engineer with this tool would be the tool itself.

Or you know you could "just" look at the open source code on github that they claim they will publish...

It does sound like an interesting tool I wonder if there's limits to it or non feasible, there's some large .exe's out there...

ithaqua_1969 · Jan 7, 2019

What about MOTHRA or GAMERA?

horrorshow · Jan 7, 2019

This sounds super-cool but how does it work?

(I tried googling and came up with "reverse-engineering magic", but I'd like a dumbed-down real answer)

Nanan · Jan 7, 2019

So like IDA? I have been using it for 15 years...

nomu · Jan 7, 2019

Nanan said:
So like IDA? I have been using it for 15 years...

Like IDA but open source and provided in as-is condition. Considering how expensive the full version of IDA is, even a raggedy alternative is nice.

dyzophoria · Jan 8, 2019

Ocellaris said:
Someone say Ghidra?
View attachment 133419

theBrownLlama · Jan 8, 2019

quick, go reverse engineer Denuvo

The NSA to Release Free "GHIDRA" Reverse Engineering Tool

Fully [H]

2[H]4U

Weaksauce

Gawd

Limp Gawd

Fully [H]

[H]F Junkie

Extremely [H]

[H]ard|Gawd

Fully [H]

[H]ard|Gawd

[H]F Junkie

[H]ard|Gawd

n00b

n00b

Lakewood Original

[H]ard|Gawd

Gawd

Gawd

Gawd