The US National Security Agency will release a free reverse engineering tool at the forthcoming RSA Security Conference, which will be held in San Francisco in early March.
The name of the software is GHIDRA and technically a disassembler, a software that decomposes executable files into assembler code that can be analyzed by humans. The NSA developed GHIDRA in the early 2000s, and for the last few years, they share it with other US government agencies that have cyber teams dealing with the intricacies of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks released Vault7, a collection of internal documentation files allegedly stolen from the CIA's internal network. These documents showed that the CIA was one of the agencies that had access to the tool. According to these documents, GHIDRA is coded in Java, has a graphical user interface (GUI) and is suitable for Windows, Mac and Linux.
GHIDRA can also analyze binaries for all popular operating systems such as Windows, Mac, Linux, Android and iOS. Users can add packages through the modular architecture if they need additional features. As described by GHIDRA in the RSA Conference Session Intro, "The Tool" includes all the features expected of high-end commercial tools with new and enhanced features that NSA has uniquely developed. "
US government officials ZDNet spoke with today said the tool is known and popular and used by operators in defensive roles who typically analyze malware found on government networks. Some people who know, use, and comment on the tool Social media like HackerNews, Reddit, and Twitter have compared GHIDRA with IDA, a well-known reverse engineering tool, but it's also very expensive and has thousands of dollars worth of licenses , Most users say GHIDRA is a slower bugger than IDA, but through open sourcing, the NSA is being maintained by the free open source community for free so GHIDRA IDA can quickly catch up and even surpass it. NSA Open Sourcing Messages Should Not Be One of Its Internal Tools Surprise The NSA has provided all sorts of tools from a single source over the past few years, of which Apache NiFi has been the most successful. This is a project to automate large data transfers between web apps, which has become a favorite in the cloud computing scene. Overall, the NSA has commissioned 32 projects under its Technology Transfer Program (TTP) and has recently even opened an official GitHub account. GHIDRA will be presented at the RSA conference on March 5 and is expected to be released soon after, on the agency's code page and in the GitHub account. More about cybersecurity: