NSA To Release a Free Reverse Engineering Tool

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. From a report: The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.

Re:

[AHuxley]

Its nice to read the CIA Marble Framework results when the code shows what foreign language text the CIA wanted to be found.

Re:

[Alwin Barni]

...so you want to monitor who will download it, isn't it ?!?

Sorry, no mod points - well deserved here :-)
I would guess that it's not only download monitoring - how many people will use this tool to analyze the very tool itself?

Nice but not unique

[Alain Williams]

Eg Ndisasm [www.nasm.us]

Re:Nice but not unique

[mike.mondy]

Eg Ndisasm [www.nasm.us]

There are also a few tools that try to convert to high level languages:

Snowman [derevenets.com]
REC Decompiler [backerstreet.com]

Re:

[lsllll]

That would be trivial to find out.

Stuxnet much?

Who hasn't used one?

[Anonymous Coward]

Taking assembly at university in the early '90's I used a decompiler in the process.

How is this "a disaster"? What is unique about this one other than the maker?

what do I know?

[AndyKron]

I thought it was illegal to reverse engineer software?

Re:what do I know?

[ShanghaiBill]

I thought it was illegal to reverse engineer software?

No. Disassembling software is not, and has never been, illegal in America.

It may be illegal to use the result of the disassembly, especially to bypass security, but also by incorporating copyrighted or patented code into your own products, or accessing functionality that you are not licensed to use. But the disassembly itself is not illegal.

Some products have terms in their license that forbid disassembly, but those are untested by the courts, are only binding if you are a party to the contract, and violation is a civil tort, not a crime.

Re:

[zwarte piet]

Alto violin, actually.

Re:

[Gabest]

It's just a hex viewer, you can already see the instructions if you know their code number.

Re:

[lsllll]

It's just a hex viewer, you can already see the instructions if you know their code number.

Reminds me of the The Story of Mel [utah.edu]

Re:

[eneville]

Does that go for JavaScript? What about bytecode? Doesn't a computer reverse enginer every time it executes? Would reading punch cards count as reverse engineering too? Genuinely curious.

Re: what do I know?

[Anonymous Coward]

A computer does not reverse engineer the code when it executes. A computer executes compiled binary code. Compiled Binaries are at one end, Javascript is at the other end.

This is a decompiler, it takes a binary executable and turns it into something more readable. Not quite as readable as non-obfuscated Javascript though, but something like an old version of Javascript.

Holy Shit no

[Anonymous Coward]

Have you seen what the Obfuscated C project can do? I wouldn't trust NSA source code beyond 'print "Hello World";' and even that is iffy. God help anyone who touches it if this release is binary only.

Re:

[SCVonSteroids]

It's not an unreasonable assumption to have.
There are some things, if I can't compile it myself, I'd rather just not have.

Learning is better than ignorance.

[jbn-o]

Have you seen what the Obfuscated C project can do?

Yes, obfuscated programming contests can serve as important learning tools for those who want to liberate themselves from continued ignorance driven by fear of the unknown.

I wouldn't trust NSA source code beyond 'print "Hello World";' and even that is iffy.

I think it's safe to say you won't be doing anything with the program (as far as you know) but programmers simply can't afford the luxury of being ignorant and non-programmers are not well served by incul

Re:

[Martin Blank]

GHIDRA is supposed to be released at RSA. They have a talk scheduled about it. I've seen some people eager (setting aside backdoor risks) for a strong competitor to IDA Pro and its ridiculously high prices.

lol

[lsllll]

Does it come with a free thumbdrive? If not, I won't be interested.

Binary into assembly?

[OneHundredAndTen]

That's kind of trivial. Tedious and laborious, but trivial - you do not need the NSA to tell you how to do that. If the tool were able to spit out code in some high-level language (even something as low-level as C) that is not unintelligible spaghetti code, that would be something.

Most Excellent timing

[hAckz0r]

I have been a long time supporter of IDA Pro, for better than 15 years. Every year I would dig down deep into my pockets and hand over about $600 for my maintenance contract renewal, for my own personal use. My "named" license allowed me to install the product on any machine where I need to analyze something down to the assembly level, and chase the rabbit down the hole. I could code in IDAPython, to script up some magic to analyze things in ways you just could not do with any other tool. Except of course the infamous GHIDRA, which although people I knew at work all used it, I had no direct access to the tool. They said it was better than IDA Pro. Still, there were reasons for them to keep IDA Pro on their tool shelf because no one tool fits every problem.

Well in 2018 HexRays changed the licensing, and removed the "named" licenses from their offerings. For twice the price I could own a single license for one single machine, that was of course not going to be the one I needed to analyze. My desktop machine is essentially a Xen virtualizing service with lots of smaller task-oriented virtual machines. Which single virtual machine do I now choose to run IDA Pro in? Whichever one I choose there will be some other place I need to debug something. The new IDA Pro licensing sucks, and I can not justify that kind of money for software that I can not even run where I need it.

Now I can not wait to get my hands on GHIDRA.

Re:

[Bite The Pillow]

I'm skeptical that a tool can be as good as ida. I use the free noncommercial version, so it's not even the latest and greatest.

Ida and SoftIce/WinIce are hard to beat. I hope to contribute some fixes because ida has become less keyboard friendly. That shit needs to stop.

Re:

[DigitAl56K]

IDA's pricing scheme is ridiculous.

I would like to educate myself with IDA for non-commercial use, but Starter is nearly $1000 and doesn't even handle 64-bit binaries. That is ridiculous.

Hex-Rays deprived themselves of corporate licensing last year when, having been unable to familiarize myself with anything but the old free 5.0 edition due to the cost, I could not confidently tell the person who approves the PO that yes, I am fairly confident I can use this tool to solve our problem.

I am very glad to see t

Re:

[hAckz0r]

The free version has been updated as of version 7.0, so I would first try that. It's still x86 only while the paid version does something like 96 different CPU architectures, and even java/android support. I believe the new freebe should do 64 bit, which the older 5.0 version definitely can not.

I have not used the free version since I still have my old license for 7.1 that will never expire. I'll stick with that until I find something better.

disassemblers are provided by any sane toolchain

[obsrwr]

objdump -D ....