Ghidra, NSA’s reverse engineering tool is now available for free download
Earlier this year, the U.S. National Security Agency (NSA) had announced that it would be releasing a free open source reverse engineering tool ‘GHIDRA’ for public use in a session at the RSA conference 2019 in San Francisco titled “Come Get Your Free NSA Reverse Engineering Tool!”
NSA finally released Ghidra version 9.0 for free on Tuesday evening at the RSA conference. For those unaware, Ghidra is a software reverse engineering (SRE) suite of tools that is developed, maintained and used by the NSA. It helps in analyzing malicious code and malware like viruses, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems. Until now, NSA had officially shared Ghidra tool only with government agencies, secret services, and other countries. Its existence was first revealed in a series of leaks by WikiLeaks as part of Vault 7 documents of CIA in 2017.
Ghidra is a Java-based application that has a graphical user interface (GUI). It includes the following key features:
- includes a suite of software analysis tools for analyzing compiled code on a variety of platforms including Windows, Mac OS, and Linux.
- capabilities include disassembly, assembly, decompilation, graphing and scripting, and hundreds of other features.
- supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
- users may develop their own GHIDRA plug-in components and/or scripts using the exposed API.
Speaking at the RSA Conference, NSA’s senior cybersecurity adviser Rob Joyce guaranteed that Ghidra contained no backdoor. “This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart,” he said.
Joyce also added that Ghidra offers features only found in high-end, expensive commercial products. It supports a number of processor instruction sets, executable format and can be run in both user-interactive and automated modes.
“GHIDRA processor modules: X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64, micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, other variants as well,” Joyce tweeted.
Joyce also accepted that releasing Ghidra to the open-source community would contribute to improvements in the toolkit that would benefit the NSA.
“We’re doing this because we firmly believe Ghidra is a great addition to a net defender’s toolbox. It will make the software reverse engineering process more efficient. It will help to level the playing field for cybersecurity professionals, especially those that are just starting out,” Joyce said.
“We expect the tool will enhance cybersecurity education from capture-the-flag competitions to school curriculums and cybersecurity training. Releasing Ghidra also benefits NSA because we will be able to hire folks who know the tool. When they’re coming through our doors, they’ll be able to be impactful faster.”
Ghidra, which has been well received by the security community, is being considered as a significant competitor to IDA Pro, a similar reverse engineering tool that’s only available under a very expensive commercial license.