SoylentNews is people
SoylentNews
posted by
Fnord666
on Wednesday March 06 2019, @08:12AM
from the I'm-not-gonna-try-it...YOU-try-it! dept.
from the I'm-not-gonna-try-it...YOU-try-it! dept.
The US National Security Agency (NSA) announces it has made its GHIDRA Software Reverse Engineering (SRE) framework available as open source. Key features of Ghidra are:
- includes a suite of software analysis tools for analyzing compiled code on a variety of platforms including Windows, Mac OS, and Linux
- capabilities include disassembly, assembly, decompilation, graphing and scripting, and hundreds of other features
- supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes
- users may develop their own Ghidra plug-in components and/or scripts using the exposed API
The framework can be downloaded from https://ghidra-sre.org/. The page has a button labeled "SHA-256" but it seems to require Javascript for it to be displayed. A simple "view source" (you don't think I'm gonna let the NSA have execution permission on my computer!) of the page revealed:
3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2 ghidra_9.0_PUBLIC_20190228.zip
Alternatively, it also seems to be available on GitHub.
What I really want to know is how are you supposed to pronounce its name?
This discussion has been archived.
No new comments can be posted.
US NSA Announces Open Source Availability of GHIDRA Software Reverse Engineering Framework
|
Log In/Create an Account
| Top
| 21 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Fascinating is a word I use for the unexpected.
-- Spock, "The Squire of Gothos", stardate 2124.5
(Score: 4, Interesting) by DannyB on Wednesday March 06 2019, @03:36PM (1 child)
By making it open source, allowing others to write more modules for it, they get the benefit of free modules.
Maybe the NSA is beginning to take seriously the other part of their conflicted dual mission.
Hack the foreigners. Protect us from hacking.
Problem: the hacking mission has taken precedence, even to the detriment of the protect mission. If they protect too much, then enemies might use those protections to prevent our hacking. Maybe these two different missions should be split among two different agencies. It would create more geek jobs.
Enemies could use this new open source tool to decompile NSA payloads. But once they have those payloads, it's too late anyway. Lack of having the tool doesn't prevent analysis. It just makes analysis more difficult. If others are going to develop their own analysis tools, then why have dual efforts? Just open source your own analysis tools already and live with the fact that everyone on the planet might use then -- and contribute new modules to them.
Even stupid Microsoft eventually figured out that they can't compete against everyone else when open source is eating the world.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Thursday March 07 2019, @01:15AM
Even stupid Microsoft eventually figured out that they can't compete against everyone else when open source is eating the world
It is funny that is mainly the reason MS dominated the market in the 90s. To buy anyone else was rocking out at least 20k kit of computers and compilers. You could outfit a MSDOS/Windoes dev in the 90s for ~2-3k vs Apple which wanted 20-25k. When the rest of the world just finally said 'f-it' and gave the dev tools away MS lost its way. They finally remembered it.