NSA will release some sort of advanced IDA reversing tool in March

deepzero · #1 01-05-2019, 09:19

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.

https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool

WhoCares · #2 01-06-2019, 01:49

wow.

Is it more powerful than IDA?

Roy25 · #3 01-06-2019, 02:25

Quote:

Originally Posted by WhoCares

wow.

Is it more powerful than IDA?

If it is "released for free public use".. then I wish it is

atom0s · #4 01-06-2019, 13:32

Will be interesting to see how it competes with IDA and BinaryNinja. Given that it is free, if it can give those a run for their money, it could be a good thing and we could see the prices of the other two go down to compete. But, given that it is made by the NSA, there isn't much really pushing for their tool to be anything amazing and there are already worries of trust and what the tool will include in terms of phone-home like telemetry.

qzr · #5 01-06-2019, 16:05

Some spoilers could be found on Wikileak: https://search.wikileaks.org/?q=Ghidra

nikkapedd · #6 01-07-2019, 03:14

Some code tools are now free from NSA

Code:

https://code.nsa.gov/

chants · #7 01-07-2019, 07:43

Is this an old resource or just to save face in wake of the leaks?

atom0s · #8 01-07-2019, 10:07

The tool has leaked before, but this is a recent announcement that they plan to fully release it from what the various articles have mentioned. The tool was part of some of the WikiLeaks dumps in the past and you can get it already and compile it yourself if you wanted to though.

SockPuppet · #9 01-07-2019, 23:49

Quote:

Originally Posted by atom0s

The tool has leaked before, but this is a recent announcement that they plan to fully release it from what the various articles have mentioned. The tool was part of some of the WikiLeaks dumps in the past and you can get it already and compile it yourself if you wanted to though.

Any links to the leaks? Google not very helpful with this.

chants · #10 01-08-2019, 10:39

Any comments about the quality of the decompiler?

atom0s · #11 01-08-2019, 13:37

Quote:

Originally Posted by SockPuppet

Any links to the leaks? Google not very helpful with this.

For full results on Wikileaks:
https://search.wikileaks.org/?q=Ghidra

More specific ones with actual info:
https://wikileaks.org/ciav7p1/cms/page_11628795.html
https://wikileaks.org/ciav7p1/cms/page_51183656.html

There are leaks around the web still that have the Vault 7 files and such, some were uploaded to GitHub and similar. But they are all still findable on Google.

Mendax47 · #12 01-08-2019, 18:45

There Is A Actual download Link on Wikileaks but can't access to that site

"The Ghidra packages are available on DEVLAN @ \\fs-01.devlan.net\share\NSA\Ghidra"

chants · #13 01-09-2019, 04:15

That site is probably internally accessible only and a honeypot from the outside so be careful.

contactmebyhere · #14 01-12-2019, 01:08

I heared somewhere that the NSA tool were useful to defeat (at least a part) of themida protector. I hope their source code will help our community.
I'll never run their jar

chants · #15 01-12-2019, 19:21

I can't imagine it will be a full-fledged decompiler which beats hex-rays in its current incarnation though. From what I have seen it looks like just another advanced disassembly tool with some basic decompilation tricks.

But did anyone notice how chessgod101 mysteriously deleted his post after I called it out as an obvious honeypot?

The Following 18 Users Say Thank You to deepzero For This Useful Post:
alekine322 (01-06-2019), copyleft (01-06-2019), cyberbob (01-07-2019), gsaralji (01-05-2019), Indigo (07-19-2019), jgutierrez (01-12-2019), lordi (01-11-2019), Matan (06-12-2020), niculaita (01-06-2019), nimaarek (01-05-2019), ph03n1x (01-23-2019), pps44 (01-06-2019), robotics0 (03-16-2019), Storm Shadow (01-12-2019), tom324 (01-06-2019), tonyweb (01-05-2019), Uknow007 (02-17-2019), WhoCares (01-06-2019)

The Following User Says Thank You to WhoCares For This Useful Post:
Indigo (07-19-2019)

The Following User Says Thank You to Roy25 For This Useful Post:
Indigo (07-19-2019)

The Following 2 Users Say Thank You to atom0s For This Useful Post:
Indigo (07-19-2019), p4r4d0x (01-07-2019)

The Following User Says Thank You to qzr For This Useful Post:
Indigo (07-19-2019)

The Following 7 Users Say Thank You to nikkapedd For This Useful Post:
ARUBA (01-10-2019), deepzero (01-07-2019), Indigo (07-19-2019), niculaita (01-08-2019), ph03n1x (01-23-2019), sh3dow (01-09-2019), tonyweb (01-07-2019)

The Following User Says Thank You to chants For This Useful Post:
Indigo (07-19-2019)

The Following User Says Thank You to atom0s For This Useful Post:
Indigo (07-19-2019)

The Following User Says Thank You to SockPuppet For This Useful Post:
Indigo (07-19-2019)

The Following 2 Users Say Thank You to atom0s For This Useful Post:
Indigo (07-19-2019), tonyweb (01-08-2019)

The Following User Says Thank You to Mendax47 For This Useful Post:
Indigo (07-19-2019)

The Following 2 Users Say Thank You to chants For This Useful Post:
Indigo (07-19-2019), sh3dow (01-09-2019)