The United States' National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications. GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux. Reverse engineering a program or software involves disassembling, i.e. converting binary instructions into assembly code when its source code is unavailable, helping software engineers, especially malware analysts, understand the functionality of the code and actual design and implementation information. The existence of GHIDRA was first publicly revealed by WikiLeaks in CIA Vault 7 leaks, but the NSA today publicly released the tool for free at the RSA conference, making it a great alternative to expensive commercial reverse engineering tools like IDA-Pro. "It [GHIDRA] helps analyze malicious code and malware like viruses, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems," NSA official website says while describing GHIDRA.
At the RSA security conference today, the National Security Agency, released Ghidra, a free software reverse engineering tool that the agency had been using internally for well over a decade. The tool is ideal for software engineers, but will be especially useful for malware analysts first and foremost. The NSA's general plan was to release Ghidra so security researchers can get used to working with it before applying for positions at the NSA or other government intelligence agencies with which the NSA has previously shared Ghidra in private. Ghidra is currently available for download only through its official website, but the NSA also plans to release its source code under an open source license on GitHub in the coming future. News that the NSA was going to release Ghidra first broke at the start of the year, and the tool has been on everybody's mind for the past two months.
The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.
The NSA has frequently been accused of holding on to info that could potentially improve security, but this time it's being a little less secretive. The agency is planning to release a free reverse engineering tool, GHIDRA, in tandem with the RSA Conference on March 5th. The software dissects binaries for Android, iOS, macOS and Windows, turning them into assembly code that can help analyze malware or pinpoint questionable activity in otherwise innocent-looking software. ZDNet noted that this kind of software isn't strictly new, and GHIDRA in particular isn't secret (it mainly entered the spotlight with the Vault 7 leak). However, existing reverse engineering options like IDA are expensive and generally inaccessible -- this would let any reasonably knowledgeable person tear open a program and gain a better understanding of what makes it tick.
Army Gen. Paul Nakasone, who leads the National Security Agency and U.S. Cyber Command, testifies on Capitol Hill in January. Nakasone has been calling for the U.S. to take a harder line against rivals in cyberspace. He said the U.S. sent three Cyber Command teams to Europe last November as part of a larger effort to prevent Russian interference in mid-term elections. Army Gen. Paul Nakasone, who leads the National Security Agency and U.S. Cyber Command, testifies on Capitol Hill in January. Nakasone has been calling for the U.S. to take a harder line against rivals in cyberspace.