The US intelligence agency NSA has announced the release of the hacker tool GHIDRA as open source at its current annual conference RSA Conference 2019
Analyze binary packages
GHIDRA is a Java-based reverse engineering framework with a graphical user interface (GUI) designed to run on a variety of platforms including Linux, Windows and macOS. The framework includes a set of powerful high-end software analysis tools that enable users to parse compiled code.
Good or bad?
Officially, the NSA has been using the self-developed software reverse engineering tool internally for more than a decade to fix software security issues. However, the tool can also be used to place backdoors in binary software.
Presenting the tool at the RSA, Rob Joyce, cybersecurity officer for the NSA, said GHIDRA has no backdoor: “This is the last community you want to release something to with a backdoor installed for people looking for this stuff to take it apart. “
According to The Register, British security researcher Matthew Hickey from Hacker House found an initially suspect port when running the tool in debug mode. Then it opens port 18001 for the local network and accepts and executes remote commands from each machine that can connect to it. Debug mode is not enabled by default and can also be limited to connections from the host machine. So rather no backdoor.
Reverse enginiering tools
Features include disassembly, assembly, decompilation, and scripting, plus hundreds of other features. GHIDRA supports a variety of process instructions and executable formats and can be run in both interactive and automated modes. Users can also develop their own GHIDRA plugins or scripts using Java or Python.
InfoSec community very pleased
The InfoSec community has been waiting for the powerful virus and malware detection tool since its first announcement in January, which is now available in version 9.0 on the project’s website. Until now, only expensive commercial tools such as IDA-Pro, Radare, Capstone or Hopper were available in this quality.
GHIDRA will be completely available on GitHub in the near future, installation instructions are available on the project page.