Ghidra, NSAโs reverse engineering tool is now available for free download
Earlier this year, theย U.S.ย National Security Agencyย (NSA) had announced that it would be releasing a free open source reverse engineering tool โGHIDRAโ for public use in aย sessionย at the RSA conference 2019 in San Francisco titled โCome Get Your Free NSA Reverse Engineering Tool!โ
NSA finally released Ghidraย version 9.0 for free on Tuesday evening at the RSA conference. For those unaware, Ghidraย is a software reverse engineering (SRE) suite of tools that is developed, maintained and used by the NSA. It helps in analyzing malicious code and malware like viruses, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems. Until now, NSA had officially shared Ghidra tool only with government agencies, secret services, and other countries. Its existence was first revealed in a series of leaks by WikiLeaksย as part ofย Vault 7 documentsย ofย CIA in 2017.
Ghidraย is a Java-based application that has a graphical user interface (GUI). It includes the following key features:
- includes a suite of software analysis tools for analyzing compiled code on a variety of platforms including Windows, Mac OS, and Linux.
- capabilities include disassembly, assembly, decompilation, graphing and scripting, and hundreds of other features.
- supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
- users may develop their own GHIDRA plug-in components and/or scripts using the exposed API.
Speaking at the RSA Conference, NSAโs senior cybersecurity adviser Rob Joyce guaranteed that Ghidraย contained no backdoor. “This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart,” he said.
Joyce also added that Ghidra offers features only found in high-end, expensive commercial products. It supports a number of processor instruction sets, executable format and can be run in both user-interactive and automated modes.
“GHIDRA processor modules: X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64, micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, other variants as well,” Joyceย tweeted.
Joyce also accepted that releasing Ghidra to the open-source community would contribute to improvements in the toolkit that would benefit the NSA.
“We’re doing this because we firmly believe Ghidra is a great addition to a net defender’s toolbox. It will make the software reverse engineering process more efficient. It will help to level the playing field for cybersecurity professionals, especially those that are just starting out,” Joyce said.
“We expect the tool will enhance cybersecurity education from capture-the-flag competitions to school curriculums and cybersecurity training. Releasing Ghidra also benefits NSA because we will be able to hire folks who know the tool. When they’re coming through our doors, they’ll be able to be impactful faster.”
Ghidra, whichย has been well received by theย security community, is being considered as a significant competitor to IDA Pro, a similar reverse engineering tool that’s only available under a very expensive commercial license.
Ghidra is currently available for download only atย https://ghidra-sre.org/ (official website). NSA is also expected to release its source code in the future under an open source licenseย on GitHub.