The NSA will open its GHIDRA reverse engineering tool, which breaks executable files into an assembly code that can be analyzed by humans.

0
6

ghidra.png

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference in early March in San Francisco.

The software is called GHIDRA and, technically, it is a disassembler, a software that breaks executable files into an assembly code that can then be analyzed by humans.

The NSA developed GHIDRA in the early 2000s and has been sharing it for a few years with other US government agencies with cyber teams tasked with analyzing the inner workings of malware strains or suspicious software.

The existence of GHIDRA has never been a state secret, but the rest of the world learned this in March 2017 when WikiLeaks released Vault7, a collection of internal documentation files allegedly stolen from the internal network. the CIA. These documents show that the CIA was one of the agencies that had access to this tool.

According to these documents, GHIDRA is coded in Java, has a graphical user interface (GUI) and runs on Windows, Mac and Linux.

GHIDRA can also scan binary files from all major operating systems, such as Windows, Mac, Linux, Android and iOS, and a modular architecture allows users to add packages in case they need additional features.

According to the description of GHIDRA in the intro of the RSA conference session, the tool "includes all the features expected in high-end business tools, with new and expanded features, uniquely developed."

The US government employees ZDNet spoke to today said the tool is well known and appreciated, and is typically used by operators in defensive roles who typically scan for malware found on government networks.

Some people who know and use this tool and have shared opinions on social networks, such as HackerNews, Reddit and Twitter, compared GHIDRA to IDA, a well-known but also very expensive reverse engineering tool, with thousands of dollars worth of licenses.

Most users say that GHIDRA is slower and more annoying than IDA, but by opening it up for free access, the NSA will benefit from the free maintenance of the open source community, which will allow GHIDRA to catch up quickly and can to be even more than IDA.

The NSA's news in open-source one of its internal tools should not surprise you. In recent years, the NSA has opened several types of tools, the most successful being Apache NiFi, a project to automate large data transfers between Web applications, and which has become one of the favorites of the cloud computing.

In total, the NSA has so far opened 32 open source projects under its Technology Transfer Program (TTP) and recently even opened an official GitHub account.

GHIDRA will be presented at the RSA conference on March 5th and should be published soon after on the agency code page and the GitHub account.

More news on cybersecurity: