The NSA to Release Free "GHIDRA" Reverse Engineering Tool

Discussion in 'HardForum Tech News' started by cageymaru, Jan 7, 2019.

  1. cageymaru

    cageymaru [H]ard as it Gets

    Messages:
    19,725
    Joined:
    Apr 10, 2003
    The US National Security Agency (NSA) is scheduled to release the "GHIDRA" reverse engineering tool that allows researchers to disassemble executable files into assembly code that can be read and analysed. This will allow members of cyber defense teams around the world to peer into the inner workings of malware strains and rogue software. GHIDRA was mentioned in the WikiLeaks document release from 2017. NSA Senior Advisor, Robert Joyce will give a talk and discuss the tool at the RSA Conference on March 6, 2019 in San Francisco, CA. According to Catalin Cimpanu of ZDNET, the tool is expected be available as open source on the code page for the NSA and its Github repository at the time of its release.

    NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.
     
  2. WBurchnall

    WBurchnall 2[H]4U

    Messages:
    2,617
    Joined:
    Oct 10, 2009
    Anyone else think this is hacker bait? 99.9 percent chance imo that if you download this tool your digital identity goes into a watch list
     
    SomeoneElse and Zarathustra[H] like this.
  3. Full Otto

    Full Otto [H]Lite

    Messages:
    99
    Joined:
    Jun 2, 2017
    FTFY
     
  4. PaulP

    PaulP Gawd

    Messages:
    776
    Joined:
    Oct 31, 2016
    Because nobody but hackers would ever have any reason to be interested in this tool. /sarc
     
  5. mord

    mord Limp Gawd

    Messages:
    377
    Joined:
    Mar 8, 2005
    RIAA to send DMCA take down notice immediately as this is obviously a pirate site dustributing tools to reverse engineer copyright protection software.
     
  6. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,663
    Joined:
    Apr 9, 2012
    came here to say this.

    sounds like a use of the golden rule.
     
  7. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,504
    Joined:
    Jul 16, 2008
    Maybe, but which hackers and for what purpose?

    Look, for argument's sake let's say that this is definitely a sucker play.

    If the "target" was criminal hacking, it would be the FBI behind it, Law Enforcement. But with the NSA releasing it, the target would seem to be State Sponsored hacking from a National Defense angle.
     
  8. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,033
    Joined:
    Oct 29, 2000
    That was the first thing I thought. Download and use this, and you now have NSA spyware on your machine.
     
  9. Tak Ne

    Tak Ne [H]ard|Gawd

    Messages:
    1,233
    Joined:
    Jan 28, 2008
    I don't think its that. I think it'll just send them a copy of your results from this tool. They still get to benefit from the work of people with morals or too smart to work for them. :D
     
  10. Ocellaris

    Ocellaris Ginger @le, an alcoholic's best friend.

    Messages:
    18,795
    Joined:
    Jan 1, 2008
    Someone say Ghidra?
    1B36E5E4-7855-47AC-B123-3FEFB95371B1.jpeg
     
  11. seanreisk

    seanreisk Gawd

    Messages:
    850
    Joined:
    Aug 29, 2011
    I doubt it. Anyone knowledgeable enough to make use of this tool is going to be knowledgeable enough to know if the tool is making files or phoning home. Total system hashes and real feelz sandboxes are easy to make.
     
    Rebel44 likes this.
  12. Parja

    Parja [H]ardForum Junkie

    Messages:
    11,594
    Joined:
    Oct 4, 2002
    So I feel like the first thing you should reverse engineer with this tool would be the tool itself.
     
    Jim Kim and dgz like this.
  13. seanreisk

    seanreisk Gawd

    Messages:
    850
    Joined:
    Aug 29, 2011
    No way. That would be like two mirrors facing each other.

    Code:
    
    while(1) { fork(); }
    
    

    P.S. Do not run the above.
     
  14. ArFLaserBear

    ArFLaserBear n00b

    Messages:
    35
    Joined:
    Jun 30, 2017
    Or you know you could "just" look at the open source code on github that they claim they will publish...

    It does sound like an interesting tool I wonder if there's limits to it or non feasible, there's some large .exe's out there...
     
  15. ithaqua_1969

    ithaqua_1969 n00b

    Messages:
    5
    Joined:
    Oct 15, 2017
    What about MOTHRA or GAMERA?
     
  16. horrorshow

    horrorshow [H]ardness Supreme

    Messages:
    6,696
    Joined:
    Dec 14, 2007
    This sounds super-cool but how does it work?

    (I tried googling and came up with "reverse-engineering magic", but I'd like a dumbed-down real answer)
     
  17. Nanan

    Nanan [H]ard|Gawd

    Messages:
    1,218
    Joined:
    Aug 29, 2007
    So like IDA? I have been using it for 15 years...
     
    Term-X likes this.
  18. nomu

    nomu Gawd

    Messages:
    816
    Joined:
    Jul 30, 2006
    Like IDA but open source and provided in as-is condition. Considering how expensive the full version of IDA is, even a raggedy alternative is nice.
     
  19. dyzophoria

    dyzophoria Gawd

    Messages:
    947
    Joined:
    Jan 17, 2006
  20. theBrownLlama

    theBrownLlama Gawd

    Messages:
    794
    Joined:
    Aug 3, 2017
    quick, go reverse engineer Denuvo