Ghidra, A Powerful Cybersecurity Tool By NSA
And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.
Ghidra is not a tool that facilitates you to hack a device. It is a reverse engineering platform that is used to “compile,” implement, and decompile. In other words, it converts one and zero into a human-readable format and makes it easy for you to know what the software is up to and impact it carries. Reverse engineering is an important process for malware analysts and threat intelligence researchers because they can work with the software they find in around, such as malware used to carry out attacks. to understand how it works, what skills it has and who wrote it or where it came from. Reverse engineering is also an important way for supporters to check their code for vulnerabilities and ensure the function as intended.
“If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”
Having said that reverse engineering products were already there in the market, including the famous IDA disassembler and debugger. However, Joyce shows that the NSA has been developing Ghidra for years, taking into account priorities and real needs, and making it a powerful and very useful tool. Even products like IDA need costs and make Ghidra Open Source the first tool available for free. This is an important contribution to the formation of the next generation of cybersecurity advocates. (As with other open source codes, we expect some errors). Joyce also noted that the NSA saw the introduction of Ghidra as a recruitment strategy that facilitated the entry of new employees to the NSA or allowed authorized employers to share their experiences without having to know the tool.
The NSA announced Joyce’s speech at the upcoming RSA and Ghidra release in early January. However, knowledge of this tool is publicly available thanks to the release of “Vault 7” by WikiLeaks in March 2017, which analyzed a number of hacking tools used by the CIA, and repeatedly referenced Ghidra as a reverse engineering tool made by the NSA. The code itself, with 1.2 million channels just coming into effect on Tuesday. Ghidra runs on Windows, MacOS, and Linux and includes all the security components provided by researchers. Joyce, however, has focused on adjusting tools. It was also developed to facilitate collaboration between different people involved in the same reverse project, a concept that is not so common on other platforms.
Ghidra also has a user interface and features to make an investment as easy as possible given the complexity and time. As Joyce put it as his favorite feature, the undo/redo mechanism that allows users to test theories about the function of the code being analyzed. If the idea doesn’t work, you can easily go back a few steps.
Over the years, NSA has developed other open source code, such as Security-Enhanced Linux and Security-Enhanced Android initiative. But Ghidra seems to speak more directly about discourse and tension at the heart of cybersecurity now. Available for free, it may spread and inform defense and offensive unexpectedly. If it seems that launching the tool can give hackers an edge over so they can find out how to evade NSA, even Dave Aitel, a former NSA researcher who is now the director of Cyxtera security infrastructure security technology, said that this was not the case of concern.
“Malware authors already know how to make it annoying to reverse their code,” Aitel said. “There’s really no downside” to releasing Ghidra.
Joyce emphasized on Tuesday that “No matter what comes next for the NSA’s powerful reversing tool, it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. “There’s no backdoor in Ghidra,” he said. “
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.