The US National Security Agency (NSA) announces it has made its GHIDRA Software Reverse Engineering (SRE) framework available as open source. Key features of Ghidra are:
- includes a suite of software analysis tools for analyzing compiled code on a variety of platforms including Windows, Mac OS, and Linux
- capabilities include disassembly, assembly, decompilation, graphing and scripting, and hundreds of other features
- supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes
- users may develop their own Ghidra plug-in components and/or scripts using the exposed API
The framework can be downloaded from https://ghidra-sre.org/. The page has a button labeled "SHA-256" but it seems to require Javascript for it to be displayed. A simple "view source" (you don't think I'm gonna let the NSA have execution permission on my computer!) of the page revealed:
3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2 ghidra_9.0_PUBLIC_20190228.zip
Alternatively, it also seems to be available on GitHub.
What I really want to know is how are you supposed to pronounce its name?
(Score: 0) by Anonymous Coward on Wednesday March 06, @08:24AM (1 child)
Hydra, the g is silent.
(Score: 0) by Anonymous Coward on Wednesday March 06, @08:33AM
I assumed it was pronounced like the early English dubs of ギドラ [wikipedia.org].
(Score: 2) by MichaelDavidCrawford on Wednesday March 06, @08:32AM (1 child)
Or perhaps a test tool, I am symantically unclear.
How much do you suppose Larry Ellison would pay for a Ghidra-Resistant Binary Executable Shrouder?
(Score: 2) by ls671 on Wednesday March 06, @08:59AM
You don't get it. It is a trojan gift to us all. Who is going to reverse engineer the reverse engineering tool anyway :)
Everything I write is lies, read between the lines.
(Score: 2) by dltaylor on Wednesday March 06, @08:36AM (1 child)
You know, the three-headed monster, perhaps an allusion to three letter acronym or pick three of (NSA, CIA, SRO, FBI, ...).
The new Netflix animated "Godzilla" Episode 3 has King Ghidora as an interesting plot device.
(Score: 0) by Anonymous Coward on Wednesday March 06, @08:58AM
Ghidra was a work-alike substitute monster in Final Fantasy, used in place of Ghidora or Ghidorah.
(Score: 0) by Anonymous Coward on Wednesday March 06, @08:53AM
Comparing the current equivalents that are not junk:
Ghidra (pronounced with a hard G, an evil-sounding breathy H, and an I drawn out like EEEE) is free, including the decompilers. It is sadly written in Java. It supports undo/redo and collaboration. There is a built-in assembler for modifying binaries. This is from the NSA. Many CPUs are supported; it looks like a couple dozen. This is the only Open Source interactive disassembler that isn't junk.
IDA Pro is about $1800 plain, or $15000 with all 5 decompilers. It's about half that if you skip 64-bit architectures. There is NO undo/redo and NO collaboration, but you can hack around it with manual snapshots and import/export. This is from a Belgian company run by a Russian. Numerous CPUs are supported; it looks like more than 50.
IDA freeware is free. It only does x86 and ARM, only does PE and ELF, and doesn't have decompilers. As above: There is NO undo/redo and NO collaboration, but you can hack around it with manual snapshots and import/export. This is from a Belgian company run by a Russian.
Binary Ninja is $149. It has most of a decompiler. You don't get compilable C source code; instead you get a sort of pseudocode that is helpful for understanding things. (full decompiler to C is coming soon) This is from a US company. You get undo/redo. You can get collaboration if you pay extra for the enterprise version. There is a built-in C compiler that can produce code that meets various strange constraints, including obfuscation. The UI is eye-pleasing. Roughly a half dozen CPUs are supported, and another half dozen are available as community contributions.
Hopper Disassembler is $99. You get undo/redo. The UI is somewhat eye-pleasing. I think it supports ARM, x86, and PowerPC.
BTW, I'm serious about that pronunciation. I met the project manager in a location that shall not be disclosed. Do it right: hard G, evil breathy H, drawn-out I sounding like EEE