The US National Security Agency (NSA) announces it has made its GHIDRA Software Reverse Engineering (SRE) framework available as open source. Key features of Ghidra are:
The framework can be downloaded from https://ghidra-sre.org/. The page has a button labeled "SHA-256" but it seems to require Javascript for it to be displayed. A simple "view source" (you don't think I'm gonna let the NSA have execution permission on my computer!) of the page revealed:
3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2 ghidra_9.0_PUBLIC_20190228.zip
Alternatively, it also seems to be available on GitHub.
What I really want to know is how are you supposed to pronounce its name?
(Score: 4, Interesting) by DannyB on Wednesday March 06 2019, @03:36PM (1 child)
By making it open source, allowing others to write more modules for it, they get the benefit of free modules.
Maybe the NSA is beginning to take seriously the other part of their conflicted dual mission.
Hack the foreigners. Protect us from hacking.
Problem: the hacking mission has taken precedence, even to the detriment of the protect mission. If they protect too much, then enemies might use those protections to prevent our hacking. Maybe these two different missions should be split among two different agencies. It would create more geek jobs.
Enemies could use this new open source tool to decompile NSA payloads. But once they have those payloads, it's too late anyway. Lack of having the tool doesn't prevent analysis. It just makes analysis more difficult. If others are going to develop their own analysis tools, then why have dual efforts? Just open source your own analysis tools already and live with the fact that everyone on the planet might use then -- and contribute new modules to them.
Even stupid Microsoft eventually figured out that they can't compete against everyone else when open source is eating the world.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Thursday March 07 2019, @01:15AM
Even stupid Microsoft eventually figured out that they can't compete against everyone else when open source is eating the world
It is funny that is mainly the reason MS dominated the market in the 90s. To buy anyone else was rocking out at least 20k kit of computers and compilers. You could outfit a MSDOS/Windoes dev in the 90s for ~2-3k vs Apple which wanted 20-25k. When the rest of the world just finally said 'f-it' and gave the dev tools away MS lost its way. They finally remembered it.