Review NSA releases Ghidra, A reverse engineering tool

BIOS

Knowledge Seeker
VIP
Oct 10, 2015
447
848
208
If you’ve ever read anything about how the exploits that let us hack our consoles/smart devices work are created, you surely know that a good deal of reverse engineering is required. Up until today, the go-to tool was IDA Pro (which costs an arm and a leg) but now, America’s NSA has released their OWN reverse engineering tool called Ghidra publicly at no cost!


2218


What is Ghidra?
As the title of this article suggests, Ghidra is a reverse-engeering tool that’s developed, maintained and used by the NSA.


Reverse-engineering tools take code that’s already compiled (i.e executable code) and decompile it in order to allow users to look at how the code actually works and identify potential weaknesses. Then, these weaknesses can be used to come up with bugs which in turn can be used to create exploits when combined with other vulnerabilities in the system.




A meme by xyz showing the general sentiment of the infosec community towards Ghidra.

A while ago, they promised they’d be releasing the tool for free at RSA Conference 2019 and now, that conference arrived and the tool, along with its source code, is publicly available for download!

Some hackers, including PSVita hacker Yifan Lu, are taking to the internet and are saying that it’s a significant competitor to IDA Pro since it’s pretty good and also 100% free! Furthermore, it supports a wide range of architectures including ARM64, PowerPC32/64 and obviously x86/64 and also has a barrage of features which will obviously make many consider moving to it from IDA Pro.



Ghidra in action by marcan42 (Image Source)

How could Ghidra affect the console/smart device hacking scene?
As Ghidra is a powerful security research tool, the implications of it being released for free include:
  • Security researchers and/or hackers do not need to spend thousands on obtaining an IDA Pro license along with licenses for the modules to go along with it.
    IDA Pro, which is one of the mostly used reverse engeering tools, costs a great deal of money so Ghidra will undoubtedly be popular with those who don’t have money to burn
    • This could potentially increase the amount of people poking around console system software in order to find potential entry points in their free time.​
  • Invidiuals who are still beginners when it comes to hacking will most likely find Ghidra as a godsend since they don’t have to fork out any money to start learning hacking techniques which could later lead to them finding bugs in code.​
  • Web browsers, other applications and operating systems could potentially become more secure as access to high-end reverse engineering software could be a great help to white hat hackers.​
  • Obviously, Ghidra isn’t a tool that lets you jailbreak/hack your device! It’s a tool used by security researchers, hackers and anyone interested in infosec to reverse engineer code in order to find bugs to potentially make code more secure and potentially create exploits.​
Conclusion
To grab Ghidra for yourself, check out the link below and follow the installation instructions provided there. As it’s written in Java, you need to install JRE so make sure you have a working Java installation before you start blaming the NSA that they released non-working software!

Ghidra currently supports 64-bit versions of Windows, Linux and macOS and its hardware requirements are 4GB RAM and 1GB HDD space so it’ll run on most computers from the past decade.

Ghidra website (download link + links to more information): https://ghidra-sre.org

Source : wololo


 

BennetGallein

New Member
Jun 9, 2019
7
3
8
Maybe you should mention that Ghidra is public and OS since the 5th of Mai this year and thus not that new.

Anyways, there are many great tutorials out there on how to get started but I can recommend this (0xeb.net) which covers everythign for starters.
 
Top