GHIDRA– NSA’s Cyber security reverse engineering tool is now available to the public for free.
On Tuesday, 5th March at the RSA security conference in San Francisco, the NSA demonstrated Ghidra, their internal tool that they have chosen to be open source from now onward.
Finally, NSA cyber-security adviser Rob Joyce announced the public release at the RSA Conference 2019 in San Francisco.
What is Ghidra ?
This tool came in to light when the existence of this tool was uncovered in a series of leaks by WikiLeaks as part of Vault 7 documents of CIA .
GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) developed by NSA.
Now it is a best alternative to expensive proprietary reverse engineering tools out there in market like Javasnoop and edb-debugger and ollydbg etc.
Reverse Engineering – It is the process of taking something apart and putting it back together again opens in new window in order to see how it works. It’s not a technique specific to computer science; instead, it can be used any time someone wants to understand a process or project.
Ghidra framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, mac-OS, and Linux. Capabilities include disassembly, assembly, de-compilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
According to NSA, “There is no backdoor in Ghidra,”. “This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart.”
Ghidra -Reverse engineering will be playing crucial role for malware analysts and threat intelligence researchers, because it allows them to analyze backward from software they discovered —like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Ghidra will also be an important way for defenders to check their own code for weaknesses and confirm that it works as intended.
GHIDRA In Action ?
People, Security researchers and developers have started contributing to this open source tool now.
Matthew Hickey, being the first to report a security bug in GHIDRA. He noticed that the Ghidra suit opens JDWP debug port 18001 for all interfaces when a user launches the tool in the debug mode, allowing anyone within the network to remotely execute arbitrary code on the analysts’ system.
Although according to Hickey this issue can be fixed, just by changing a line of code in the tool.
Want to use this Tool – Download it from here