NSA Releases Free "GHIDRA" Reverse Engineering Tool

I'm glad that we, the US, have the NSA. But their covert activities are enough to make me put on my tinfoil hat. Their overt activities? All-over tinfoil. They're up to something, I tells ya.

Kinda just kidding.
 
Dude, the NSA and the CIA are evil, and they need to remain evil, because I'm bored of Nazis and zombies. If it turned out that the NSA and the CIA were like the other branches of the government, packed full of middle-aged Mormons in 10-year-old suits, my world view will be shattered.

Sorry to say, but the NSA and CIA are basically chock full of Mormons as well. They make for perfect employees... they follow orders first then ask questions after and are willing to work 6 days straight.

I just imagine them being the Borg... you deal with one, you deal with the whole collective. The thought helps keep my heart and mind clad in a metaphorical tinfoil at all times.

I was once a member of the collective, but then Patrick Stewart showed me that resistance is not futile.

The worst evils come from those who are too naive or unwilling to understand what they are doing.
 
Sorry to say, but the NSA and CIA are basically chock full of Mormons as well. They make for perfect employees... they follow orders first then ask questions after and are willing to work 6 days straight.

I just imagine them being the Borg... you deal with one, you deal with the whole collective. The thought helps keep my heart and mind clad in a metaphorical tinfoil at all times.

I was once a member of the collective, but then Patrick Stewart showed me that resistance is not futile.

The worst evils come from those who are too naive or unwilling to understand what they are doing.

Uh right...there are no more mormons there than there are at any other workplace.
 
Uh right...there are no more mormons there than there are at any other workplace.

Pretty sure there's a load of leg pulling in this thread mixed in with a few who are truly serious about their position. It's bad when you can't tell them apart!
 
This tool is absolutely impressive as a long time IDA pro and ollydbg user. It took about an hour to load up a popular mmorpg and find the rc4 encryption network function with very readable c pseudo code as a test. I am sure I could do it faster as I learn the program.
 
This tool is absolutely impressive as a long time IDA pro and ollydbg user. It took about an hour to load up a popular mmorpg and find the rc4 encryption network function with very readable c pseudo code as a test. I am sure I could do it faster as I learn the program.

Are you using it to cheat on an MMORPG? LUL
 
Are you using it to cheat on an MMORPG? LUL
While that would be possible with the function I found, I don't have interest in that so much as games are a harmless environment to test reverse engineer tools. They are complex and usually non standard code bases with hackish fixes. So they make for good puzzles and also playing around with them so long as you don't use it to annoy online users is benign. It makes for a good test bed so to speak rather than messing around with malicious code that could attack your own system or do harm to any real users. My use case is to learn it through games to incorporate into my actual developer tool set for work. More than anything it is a breath of fresh air to use something other than ollydbg or ida pro.
 
I wonder if we are losing the hacking wars with foreign governments. So they give this out in order to bolster our security defense. Basically:

* Servers in the US have more valuable data to lose, than what can be stolen from foreign servers. So the strategy is that the US loses some access abroad, but gains more local security.
* if we are losing, then foreign access to this tool isn't going to matter quite as much. (Or they already have a tool of equal or better value?)

Maybe a senator wanted it released
 
While I agree that in light of revelations since 2001 (yes, there is significant precedent before that date but just for the sake of discussion in the digital sphere) we should be skeptical of the actions of intelligence services such as the NSA especially related to total information awareness, warrantless wiretapping / data + metadata gathering and analysis, targeted and distributed exploits/backdoors etc... it is worth mentioning that the other "half" of the NSA's mission is defensive in nature; They're supposed to assess vulnerabilities and provide solutions for the overall good of the nations. Thus, much like the current AES encryption standard's validation, software like TOR, and projects like SELinux , NSA being involved in the open source release of a tool is not out of character.

Likewise, any issue/vulnerability with the tool doesn't necessarily mean malicious intent (especially such a blatant one as opening a service as described above) when it is certainly possible to be simply the result of a very complex project - Kali Linux, nmap, nessus, and metasploit have all had serious bugs vulnerabilities that were subsequently patched. I personally think that (assuming there is no ulterior motive or vulnerability etc) we should be applauding the NSA for putting their talents to work providing top quality, public funded and open source/spec software for our use. This doesn't mean not being skeptical when reasons arise, but if we don't applaud and support their work when we find it ethical, then the only "positive reinforcement" they'll get is from those with vested interests or ideology who would see them doing what many would consider less ethical.
 
Back
Top