Meet GHIDRA, NSA's Free Malware Disassembler Tool
NEWS

Meet GHIDRA, NSA’s Free Malware Disassembler Tool

GHIDRA is the name of a free reverse engineering tool that will be released by the NSA during the upcoming RSA security conference in March in San Francisco. The software is a disassembler that is designed to break down executable files into assembly code.




This code can be analyzed by security researchers. It is interesting to note that the NSA developed the tool in the early 2000s, and the agency started sharing it with other government entities that are meant to examine malware.

Related:
Security researchers from Qihu (360 Total Security) recently developed a special tool to scan for NSA vulnerabilities - NSA Cyber Weapons Defense Tool.
NSA Cyber Weapons Defense Tool Scans for Vulnerabilities

GHIDRA Became Known to the Public with the Vault7 Documentation

Even though GHIDRA is not a state secret, many were unaware of its existence, not until WikiLeaks published the infamous Vault7 documentation. The documents revealed that the CIA had access to the GHIDRA tool. As revealed by WikiLeaks, “Ghidra is a GOTS reverse engineering tool developed @NSA”. The tool is also coded in Java, has a graphical user interface, and runs on Windows, Mac, and Linux.

In terms of installing and using the tool, the following should be noted:

Regardless of what platform you use to run Ghidra or what types of binaries you are going to analyze in Ghidra, you will need the common package. Other packages provide the ability to analyze different platforms (windows, osx, linux, mobiledevices, etc.) or include plugins that allow for additional functionality (Cryptanalysis, interaction with OllyDbg, the Ghidra Debugger).

The GHIDRA tool is capable of analyzing binaries for Windows, Mac, Linux, as well as Android and iOS. Users can add packages to the tool if they need more features, and this is possible thanks to its modular architecture.

Apparently, the tool is quite handy for operators that analyze malware on government networks. In comparison with another well-known reverse engineering tool known as IDA, GHIDRA appears to be slower and buggier. However, NSA’s plan to make it open source should improve it.

Related:
Yesterday WikiLeaks exposed another utility from the Vault 7 software collection known as the CouchPotato CIA Spying Tool.
WikiLeaks Exposes CouchPotato CIA Spying Tool in a New Vault 7 Leak

That’s not the first internal tool that NSA makes open source. The agency has done this with several other tools in the past several years. Its most successful experiment in that direction is the Apache NiFi.

The GHIDRA disassembler will be presented during the RSA conference in March, and should be released soon after that.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...