Posts: 2,978 +794
The NSA notes the GHIDRA framework is essentially a disassembler for Window, Mac, and Linux. It is able to break an executable file down into assembly code for analysis. Disassemblers are very useful for security researchers who want to dig into a piece of malware to see how it works.
The NSA has already shared it with other government agencies. In fact, the public first heard about GHIDRA when WikiLeaks published Vault 7 in 2017, which were internal documents gathered from the Central Intelligence Agency.
The software is written in Java, so can run on any system with JRE installed. GHIDRA can break down binaries for virtually any operating system including Windows, macOS, Linux, iOS and Android. It is also modular in design so users can add packages to it for extended functionality.
"An interactive GUI enables reverse engineers to leverage an integrated set of features that run on a variety of platforms … and supports a variety of processor instruction sets."
Government officials who have used GHIDRA told ZDNet that the software is well-liked. It is reportedly comparable to Hex-Rays’ IDA, albeit somewhat buggy. By going open-source, developers outside the NSA will be able to dig in and squash the bugs pretty quickly making it a viable free alternative.
GHIDRA is not the only tool that the NSA has made available to the public. It has more than 30 other apps with various functionality and goofy names like Beer Garden, Maplesyrup, Lemongrenade, and Waterslide. The repositories for all NSA software can be found on its GitHub pages.
The NSA will demo GHIDRA during the RSA Conference on March 5 in San Francisco. The software will be made available later that day.