NSA Releases Free "GHIDRA" Reverse Engineering Tool

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,060
Today, the NSA released its free "GHIDRA" software reverse engineering tool. It can be used to analyze malicious code and malware like viruses. Cybersecurity professionals can use it to better understand potential vulnerabilities in their networks and systems. NSA will be making Ghidra available to the public as an open source release in time for its first public demonstration at the 2019 RSA Conference this March. For more NSA releases, check out CODE.NSA.GOV for open source, and NSA's Technology Transfer Program for other technology.

Key features of Ghidra: Includes a suite of software analysis tools for analyzing compiled code on a variety of platforms including Windows, Mac OS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing and scripting, and hundreds of other features. Supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may develop their own Ghidra plug-in components and/or scripts using the exposed API.
 

Made me laugh...

Now.... straight up, saying he's defeated a dragon-monster on NUMEROUS occasions??

1. this is awesome.
2. are there stories detailing said encounters?!?

- GHIDRA sounds cool but I'm clueless. (haven't coded practically anything in almost 20 years)
 
King Ghidorah is more badass.

king_ghidorah_1991_01.jpg

But really i want a kaiju pet so bad I wouldn't kick any of them off the bed.
 
Funny thing is there is already a "bug" where if you put it in debug mode you can remotely execute code on your machine. Trivial to fix since its a config issue. Looks like it was someone being lazy with their dev rather than malicious...

Uh, no. Nothing Ghidra related can be good. Ask the Japanese. Especially anything free from the NSA. Yikes
If they are releasing a tool for free you know it has a backdoor or some exploit baked in for their pleasure......next thing you know the FBI will be knocking at your door 3 weeks from now.

Dude its open source...you can quite literally see EVERYTHING it does...Paranoid much?
 
possible gov mass intelligence society psycology experiment.
just to see who and how many people actually download and install this... coming from the NSA that we all hated years ago for spying on us.

irony at its best. a good way to tell how succumbed and weakened we are as computer literate citizens.
 
With the NSA? Yes.
While I would not be in any rush to go download this and try it out, this is open source so there is full visibility to everything it does.
I honestly trust the general community's ability to read and understand the code more than i trust the NSA to have someone smart enough to slip something in that no one will notice.
 
possible gov mass intelligence society psycology experiment.
just to see who and how many people actually download and install this... coming from the NSA that we all hated years ago for spying on us.

irony at its best. a good way to tell how succumbed and weakened we are as computer literate citizens.

You may be on to something.....
I would actually be more worried that they would track exactly whom download this, just to keep tabs on those people as possible threats (i.e. those with computer knowledge), than I would the release of this tool and them using it as a backdoor.


For the even more far out conspiracy ideas..... Linux drops kernel 5.0 at the same time as this is made available....
Rope-a-dope confirmed! Linux 5.0 kernel has baked in code that, when Ghidra is also installed on the PC, allows the NSA root access to your machine. The new Windows update with SPECTRE fixes does the same.
 
It has nothing to do with the Code in the software.....Its about the agency and its dealings....

But youre not trusting the software, which is open source and freely available for you to inspect every line of code, simply because of who wrote the code. Also I would bet good money you dont really have an idea what they do beyond what the media has told you which if you know the law is horribly inaccurate. But lets not hijack the thread with that.
 
But youre not trusting the software, which is open source and freely available for you to inspect every line of code, simply because of who wrote the code. Also I would bet good money you dont really have an idea what they do beyond what the media has told you which if you know the law is horribly inaccurate. But lets not hijack the thread with that.
So you're telling me I should trust it because it was written by the NSA. Regardless of their reputation of being an agency for surveillance and spying. They have more freedom to spy on citizens than the CIA...."for security reasons".
So no I won't trust them not sure why you have a problem with this.....you can go about your business and download it if you want, I never said anyone couldn't.
 
So you're telling me I should trust it because it was written by the NSA. Regardless of their reputation of being an agency for surveillance and spying. They have more freedom to spy on citizens than the CIA...."for security reasons".
So no I won't trust them not sure why you have a problem with this.....you can go about your business and download it if you want, I never said anyone couldn't.

No thats not what I said. I said you dont HAVE to trust them. You can actually see the damn code yourself. You can see what it does and decide for yourself if you want to trust the tool. But no you have let your misconceptions about your own government get in the way of logical thinking. You have prejudged and refused to stop and think. It could be a very useful tool...but you will never know because you blind yourself to the possibility.

FFS you dont even have to get the code from THEM...https://github.com/NationalSecurityAgency/ghidra Unless your saying you cant trust github now because they host NSA projects...

Your statements are wrong about both agencies btw. But hey I am not going to change your uneducated mind on that topic so I wont even waste the characters.
 
  • Like
Reactions: DocNo
like this
You may be on to something.....
I would actually be more worried that they would track exactly whom download this, just to keep tabs on those people as possible threats (i.e. those with computer knowledge), than I would the release of this tool and them using it as a backdoor.


For the even more far out conspiracy ideas..... Linux drops kernel 5.0 at the same time as this is made available....
Rope-a-dope confirmed! Linux 5.0 kernel has baked in code that, when Ghidra is also installed on the PC, allows the NSA root access to your machine. The new Windows update with SPECTRE fixes does the same.

Or how about this one: The code, while harmless on paper, when executed causes a memory fault that creates a backdoor. By downloading the tool you basically tell them where to look for the newly compromised machine.

Actually I think the true purpose of this is far more nefarious and far reaching... they are trying to create employees!!!

By releasing this for "free" they hope that at least a handful of people amongst the brilliant 450 million 'Murican lives will become experts at using these "free" tools and decide to work for the alphabet agencies. Or at the very least familiarize themselves with what they would be working with.
 
No thats not what I said. I said you dont HAVE to trust them. You can actually see the damn code yourself. You can see what it does and decide for yourself if you want to trust the tool. But no you have let your misconceptions about your own government get in the way of logical thinking. You have prejudged and refused to stop and think. It could be a very useful tool...but you will never know because you blind yourself to the possibility.

FFS you dont even have to get the code from THEM...https://github.com/NationalSecurityAgency/ghidra Unless your saying you cant trust github now because they host NSA projects...

Your statements are wrong about both agencies btw. But hey I am not going to change your uneducated mind on that topic so I wont even waste the characters.
Have you ever worked for the government or had dealings with either of these agencies? I know what they do and what their role is. If you don't believe the CIA is a spy agency then, wow.....i guess we don't need to continue because you're just in it for the sake of arguing.
Why don't you go after the other guys posting the same sentiment on this topic.
We don't need to talk about this anymore.
 
Have you ever worked for the government or had dealings with either of these agencies? I know what they do and what their role is. If you don't believe the CIA is a spy agency then, wow.....i guess we don't need to continue because you're just in it for the sake of arguing.
Why don't you go after the other guys posting the same sentiment on this topic.
We don't need to talk about this anymore.

Yes I have and I have worked for these agencies. I know far more their role than you apparently do. I never said CIA wasnt a spy agency (stop trying to put words in my mouth), I just said you clearly dont understand their role if you think they are willy nilly spying on citizens.
 
Last edited:
Taking the other approach, isn't there something to be said for wanting to strengthen the overall average of software security of ones home country? Not saying that I know the intent for sure, but maybe there is a less nefarious purpose to this?
 
^ That was my initial thought as well, Darunion. It would make a *lot* of sense to open up a tool like this for common use software security the world around to tighten up a large number of vulnerabilities that would affect US citizens and her allies.
 
Yes I have and I have worked for these agencies. I know far more their role than you apparently do. I never said CIA wasn't a spy agency (stop trying to put words in my mouth), I just said you clearly dont understand their role if you think they are willy nilly spying on citizens.
Well I guess that's your prerogative. Like I said Your opinion shouldn't be forced onto someone because that's how you fell. I just said I won't trust it, REGARDLESS of what you think. If i don't want to trust them that's on me and you shouldn't really care.

Also I never said they "willy nilly" spy on citizens that was you assumption. They do still survey the population so yea.....

I'm done so you can have the last word if you want. This conversation is pointless. Two people with differing opinions on a subject.
 
Last edited:
Well I guess that's your prerogative. Like I said Your opinion shouldn't be forced onto someone because that's how you fell. I just said I won't trust it, REGARDLESS of what you think. If i don't want to trust them that's on me and you shouldn't really care.

Also I never said they "willy nilly" spy on citizens that was you assumption. They do still survey the population so yea.....

I'm done so you can have the last word if you want. This conversation is pointless. Two people with differing opinions on a subject.

I never forced anything on you. I just called you out for being prejudiced. Then you started putting words in my mouth and making false assumptions.
 
There are several similar tool sets and I'm not finding what this one brings to the table. I've been using r2 for a while now and it is excellent, but perhaps this one is less lean and more like IDA without the crazy license fee? I suppose that would attract some people.
 
My thoughts on it is that it seems like a useful tool. I have no use for it personally.

Now, the fact it is named after a sci fi character that was know for violently destroying Japan and required the help of three equally destructive characters, Godzilla, Rodan, Mothra, to help nullify Ghidra, I find humorous.

Sorry clarification was required. Glad a few at least saw the humor. Any more comment with me about this can be done by PMs. Enough trolling in this thread.

Back on topic people. Keep the Gubment talk in Soapbox
 
Last edited:
Or how about this one: The code, while harmless on paper, when executed causes a memory fault that creates a backdoor. By downloading the tool you basically tell them where to look for the newly compromised machine.

Actually I think the true purpose of this is far more nefarious and far reaching... they are trying to create employees!!!

By releasing this for "free" they hope that at least a handful of people amongst the brilliant 450 million 'Murican lives will become experts at using these "free" tools and decide to work for the alphabet agencies. Or at the very least familiarize themselves with what they would be working with.
No One is that evil.
 
Yes I have and I have worked for these agencies. I know far more their role than you apparently do. I never said CIA wasnt a spy agency (stop trying to put words in my mouth), I just said you clearly dont understand their role if you think they are willy nilly spying on citizens.

You have to have a value to be tracked. That sums it up.
 
Dude, the NSA and the CIA are evil, and they need to remain evil, because I'm bored of Nazis and zombies. If it turned out that the NSA and the CIA were like the other branches of the government, packed full of middle-aged Mormons in 10-year-old suits, my world view will be shattered.


P.S. Tinfoil hats are awesome, 'cause you can wear them any size you like, and if you think you're being followed you can just take it off and scrunch it up into a really tiny ball and hide it in someone's fender.

P.P.S. Sewing yourself into a full body faraday cage made out of screen-door netting is also awesome, 'cause then the NSA can't follow you electronically. Just make sure you take a dump before you go out.
 
Back
Top