NSA Releases Java-Based Reverse Engineering Tool
- By John K. Waters
The National Security Agency (NSA) has open sourced its Ghidra software reverse engineering (SRE) framework. The agency announced the availability of Ghidra 9.0.2 at the annual RSA Security Conference, which wrapped up on Monday, and NSA senior advisor Robert Joyce demo'd it during a conference session.
Written in Java, Ghidra (pronounced GEE-druh) was developed by the NSA's Research Directorate for the agency's cybersecurity mission, and it has been used to support that mission for more than a decade. It was created to "solve scaling and teaming problems on complex SRE efforts," the agency explained, "and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems."
The framework comes with a suite of high-end tools for analyzing compiled code on a variety of platforms, including Windows, Mac OS, and Linux. Its list of capabilities includes disassembly, assembly, decompilation, graphing, and scripting, among hundreds of other features. It also supports a variety of processor instruction sets and executable formats, and it can be run in both user-interactive and automated modes. An Eclipse plugin (GhidraDev) comes with the distribution package.
"With this release, developers will be able to collaborate by creating patches, and extending the tool to fit their cybersecurity needs," the NSA said in a statement. The agency expects developers to create their own Ghidra plug-in components and/or scripts using Java or Python.
The full release of Ghidra 9.0.2, which is licensed under Apache 2.0, can be downloaded from the project homepage. The page includes links to documentation, and introduction video, an installation guide, and a link to a potential developer community. The complete source code, along with build instructions, are available now on GitHub.
John has been covering the high-tech beat from Silicon Valley and the San Francisco Bay Area for nearly two decades. He serves as Editor-at-Large for Application Development Trends (www.ADTMag.com) and contributes regularly to Redmond Magazine, The Technology Horizons in Education Journal, and Campus Technology. He is the author of more than a dozen books, including The Everything Guide to Social Media; The Everything Computer Book; Blobitecture: Waveform Architecture and Digital Design; John Chambers and the Cisco Way; and Diablo: The Official Strategy Guide.