Reverse engineering tool Ghidra made by NSA is now open-source!
- Developed by the National Security Agency (NSA), Ghidra was announced to the public at the RSA Conference held this week.
- Ghidra is capable of performing a variety of reverse engineering tasks such as disassembly, assembly, decompilation, graphing, scripting, among others.
In the latest news, NSA announced its much-hyped cybersecurity tool Ghidra as an open-source offering. The agency made this announcement in the RSA Conference held this week. Ghidra will significantly now assist cybersecurity experts with their analysis of defensive activities. The tool allows security researchers to analyze malicious code and malware thoroughly with reverse engineering.
The big picture
- Ghidra analyzes files, searches for codes and pulls out the functions in these files. In simple words, it sees bytes, interprets them and gives out ‘assembly language’ code.
- The assembly language code can be decompiled into a high-level programming language such as C.
- Security analysts can now use this code for further analysis. They can perform annotation, scripting etc.,
- Unlike other powerful reverse engineering tools such as IDA-Pro, Hex-Rays, CFF Explorer etc., Ghidra is open-source and provides most of the necessary features.
- Ghidra is available for multiple platforms including Windows, Mac OS, and Linux.
- It provides support for a variety of processor instruction sets and executable formats. Ghidra can be run in user-interactive and automated modes.
Following the NSA announcement, Ghidra was received with a mixed response on social media. Twitter was abuzz with some praising the agency’s move to make it open-source. Many were happy with the features the tool had.
On the other hand, some users felt apprehensive, hinting the possibility of Ghidra being plagued with backdoors planted by the agency.
Rob Joyce, a cybersecurity advisor at NSA, told Wired, “Ghidra is a software reverse engineering tool built for our internal use at NSA. We're not claiming that this is the one that’s going to be replacing everything out there—it's not. But it helped us address some things in our workflow.”