The National Security Agency – NSA has announced Ghidra, an open and cross-platform software called Reverse Engineering Tool suite employed internally through the intelligence agency. They are merely planning on announcing the source code of tool on GitHub shortly.

About Ghidra

Ghidra was made and is kept by the National Security Agency Research Directorate. It is encoded in Java and users require to exist JOpenJDK 11 installed on the machine for it to function. It can operate in GUI mode however is merely confident of functioning in headless batch mode employing  the command line.

“In support of NSA’s Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE [software reverse engineering] efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems,” the agency explained. “[Ghidra] includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes.”

The users can create their individual scripts, plugins and analyzers and the National Security Agency expects that, once its root code is announced, the broader malware analysts and community of software engineers will present to its development by reporting flaws, submitting fixes, checking the code and suggesting newer properties.

Ghidra does not have a debugger element for the time being that it would permit the software to compete with keep up with the famous software disassembled IDA Pro. However, an integrated debugger is evidently already in the functions, and so are an additional analysis tools. A rapid overview of its abilities can be identified in these slides.

Reception and Detected Flaws

The analysis tool has so far been downloaded and is being trialed by great many in the community of infosec and, specifically, they appear to be contented with it. Whether they believe the National Security Agency not to run back-doors into it is another issue.

The National Security Agency cyber security adviser, Rob Joyce who revealed Ghidra at RSA Conference 2019, ensured cybersecurity professionals that it is not back-doored.

“This is the last community you want to release something out to with a backdoor installed,” he noted.

Leave a Reply

Your email address will not be published. Required fields are marked *