NSA will release a free open source reverse engineering tool ‘GHIDRA’
The U.S. National Security Agency (NSA) will be releasing a free open source reverse engineering tool for public use in a session at the RSA conference 2019 in San Francisco titled “Come Get Your Free NSA Reverse Engineering Tool!”
For the unaware, NSA has until now officially shared its own software tools only with government agencies, secret services, and other countries.
Dubbed as GHIDRA, the software reverse engineering framework is developed in Java and has a graphical user interface (GUI). It is available for Windows, macOS, and Linux. However, in order to use the tool, the system is required to run Java 1.7.
“NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019,” states the RSAConference session description. “An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.”
GHIDRA includes a disassembler that breaks down executable files into assembler code, which in turn can be read and examined by humans. It can be utilized to analyze binary files used by programs, as well as malware, that runs on different operating systems such as Windows, macOS, Linux as well as mobile platforms like Android and iOS.
Spoiler – it's a lot like IDA except slower (written in Java), its best feature is an architecture-agnostic C decompiler (uses a p-code translation layer) – not sure how many architectures the open source release will support. I have a bunch of friends that use it.
— ????? (@evm_sec) January 3, 2019
Apparently, the existence of GHIDRA has never officially been a secret, until it was first publicly released by WikiLeaks in CIA Vault 7 leaks in March 2017. Developed back in the early 2000s, the tool has been used extensively ever since, including outside the US and several other law enforcement agencies.