Ghidra, NSA’s reverse engineering device is now accessible for free obtain
Earlier this 12 months, the U.S. National Security Agency (NSA) had introduced that it will be releasing a free open supply reverse engineering device ‘GHIDRA’ for public use in a session at the RSA convention 2019 in San Francisco titled “Come Get Your Free NSA Reverse Engineering Tool!”
NSA lastly launched Ghidra model 9.0 for free on Tuesday night at the RSA convention. For these unaware, Ghidra is a software program reverse engineering (SRE) suite of instruments that’s developed, maintained and utilized by the NSA. It helps in analyzing malicious code and malware like viruses, and can provide cybersecurity professionals a greater understanding of potential vulnerabilities of their networks and techniques. Until now, NSA had formally shared Ghidra device solely with authorities businesses, secret companies, and different international locations. Its existence was first revealed in a collection of leaks by WikiLeaks as a part of Vault 7 documents of CIA in 2017.
Ghidra is a Java-based software that has a graphical person interface (GUI). It contains the following key options:
- features a suite of software program evaluation instruments for analyzing compiled code on quite a lot of platforms together with Windows, Mac OS, and Linux.
- capabilities embrace disassembly, meeting, decompilation, graphing and scripting, and tons of of different options.
- helps all kinds of processor instruction units and executable codecs and may be run in each user-interactive and automatic modes.
- customers might develop their very own GHIDRA plug-in parts and/or scripts utilizing the uncovered API.
Speaking at the RSA Conference, NSA’s senior cybersecurity adviser Rob Joyce assured that Ghidra contained no backdoor. “This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart,” he stated.
Joyce additionally added that Ghidra provides options solely present in high-end, costly industrial merchandise. It helps a lot of processor instruction units, executable format and may be run in each user-interactive and automatic modes.
“GHIDRA processor modules: X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64, micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, other variants as well,” Joyce tweeted.
Joyce additionally accepted that releasing Ghidra to the open-source neighborhood would contribute to enhancements in the toolkit that might profit the NSA.
“We’re doing this because we firmly believe Ghidra is a great addition to a net defender’s toolbox. It will make the software reverse engineering process more efficient. It will help to level the playing field for cybersecurity professionals, especially those that are just starting out,” Joyce stated.
“We expect the tool will enhance cybersecurity education from capture-the-flag competitions to school curriculums and cybersecurity training. Releasing Ghidra also benefits NSA because we will be able to hire folks who know the tool. When they’re coming through our doors, they’ll be able to be impactful faster.”
Ghidra, which has been properly obtained by the safety neighborhood, is being thought-about as a major competitor to IDA Pro, an identical reverse engineering device that’s solely accessible beneath a really costly industrial license.
Ghidra is at present accessible for obtain solely at https://ghidra-sre.org/ (official web site). NSA can be anticipated to launch its supply code in the future beneath an open supply license on GitHub.