By: Derek Dong
In the upcoming RSA security conference in March in San Francisco, the NSA is looking to release a free, reverse engineering tool for the public. The software, titled “GHIDRA”, works as a disassembler. A disassembler is a piece of software that is able to break down executable files into assembly code that humans are able to interpret and analyze. The NSA had already been working on this piece of technology for nearly a decade, starting all the way back in the early 2000s. It was mostly used by other agencies to analyze malware and other pieces of suspicious software.
Although the existence of GHIDRA was never a state secret, Wikileaks confirmed its existence in the March 2017 leak of internal CIA documents entitled “Vault7”. The leak confirmed that the CIA did indeed have access to this tool. According to wikileaks, GHIDRA is coded in Java, has a graphical interface, and is able to work on Mac, Windows, and Linux. GHIDRA has the ability to analyze binaries for all major operating systems, as well as having the option for the user to change the software itself to add or remove features.
Some have compared GHIDRA to another piece of reverse engineering software available to the public, IDA. Most users have said that GHIDRA is actually slower and more buggier than its counterpart, but unlike IDA, it is completely free. The purpose of the NSA open sourcing this piece of software is likely to help it catch up to IDA and benefit from all the other positives from the open source communities, like free maintenance and contributions.
At the RSA conference on March 5, the agency is expected to demo this piece of technology, and release it shortly thereafter. It will be publicly available on the NSA’s github account.