Security

NSA to release free reverse engineering tool GHIDRA at RSAConference

WikiLeaks Fame Reverse Engineering Tool GHIDRA to be Released in March.

GHIDRA is a reverse engineering tool developed by the United States’ National Security Agency (NSA). According to reports, this framework will be released in March at the RSAConference.

This is the same reverse engineering tool to which WikiLeaks referred to in its March 2017 CIA Vault 7 leaks. At the time, WikiLeaks released a series of classified documents from the CIA that contained details of different tools used by the NSA.

GHIDRA framework, according to the announcement about RSAConference sessions, will be available for Linux, macOS, and Windows-based systems after its release at the conference in March 2019 where it will be “demonstrated for the first time.”

Furthermore, GHIDRA is equipped with GUI capability that makes it compatible with numerous platforms and a wide range of processor instruction sets.

“The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA,” stated the RSAConference announcement.

Those who have accessed GHIDRA and according to the information disclosed by WikiLeaks’ vault 7, this would be a Java-based system that will be subsequently released on the NSA’s open source repository.

It is currently a point of debate whether GHIDRA is better than other reverse engineering options available such as the IDA. However, experts claim that unlike the expensive IDA, GHIDRA is a bit slow and complicated.

Basically, GHIDRA is disassembling software that can break down all the executable files into assembly code, which can be examined by experts. Various US government agencies have been using it to assess malware strain and malicious software ever since GHIDRA was developed in the early 2000s.

GHIDRA can assess all major operating systems’ binaries including Windows, Linux, macOS, and Android while its modular structure allows the user to add more packages to enjoy additional features.

Releasing GHIDRA for the public is an interesting move from the NSA as it would help the agency in improving the software and make it at par with tools like the IDA.

GHIDRA will be available on the NSA’s code page as well as on GitHub account soon after the RSAConference.

Comment here