Recently we informed that the National Security Agency’s (NSA) plans to release GHIDRA, the famous reverse engineering tool in March. As per latest reports, the NSA has released GHIDRA and the open-source world can now use it easily.
This is quite unlike the other cybersecurity tools so far associated with the NSA because it is far more benign and can reverse engineer all kinds of codes including deployed and compiled ones. It then decompiles the code and turns it into logic for easy understanding of programmers and users. GHIDRA is the same tool about which WikiLeaks hinted at in its CIA Vault 7 leaks during March 2017.
For your information reverse engineering is the process of identifying how an infection penetrated into the device or to assess how malicious codes like malware work. Moreover, it can also identify methods of defending devices against these threats. It must be noted that by releasing GHIDRA, the NSA has helped the cybersecurity community in understanding various malicious software/codes.
However, it does come as a surprise given that NSA is known for keeping its cybersecurity tools a secret so far. Releasing a tool that the agency has been using for the past three years is indeed confusing. Perhaps, some may take it as the NSA being generous and wants the cybersecurity world to benefit from its most advanced tools but some are a bit spectacle of the release, for instance, @VessOnSecurity, a prominent anti-virus, malware, and infosec expert on Twitter tweeted that:
“Infosec nerds: I’m not using public WiFi without a VPN because the NSA can inject malware in my sessions. Also infosec nerds: I can’t wait to try this program that the NSA just released.”
Infosec nerds: I'm not using public WiFi without VPN because the NSA can inject malware in my sessions.
Also infosec nerds: I can't wait to try this program that the NSA just released.
— Vess (@VessOnSecurity) March 6, 2019
The NSA, however, has released a statement explaining the reasoning behind its decision to make GHIDRA open source. The statement read:
“We’re doing this because we firmly believe Ghidra is a great addition to a net defender’s toolbox. It will make the software reverse engineering process more efficient. It will help to level the playing field for cybersecurity professionals, especially those that are just starting out.”
GHIDRA boasts of a user-friendly interface and a wide range of handy features for researchers and cybersecurity experts. Since it is GUI capable, therefore, it is compatible with multiple platforms. Now that the open source community is backing it, the tool can be utilized for the development of new software with similar or advanced capabilities than GHIDRA. It is actually disassembling software having the capability of breaking down the executable files into assembly code for the convenience of experts. Cybersecurity firms in the US have been using it since the early 2000s for evaluating malware strains and malicious codes.
The NSA believes that the tool is going to enhance the cybersecurity education at a much broader level that includes school curriculums, capture-the-flag competitions as well as cybersecurity training. The decision also benefits the NSA because the agency will also be able to hire people who have the expertise to use the tool.
The tool can be directly downloaded from the official website of GHIDRA. Alternately, users/researchers can get it from GitHub via an open source license. It will be available for macOS, Windows and Linux-based systems. It will be demonstrated for the very first time at the RSAConference in March 2019.