The NSA releases Ghidra, their reverse engineering tool, for free! – The IDA Pro days may be over and more people will have access to high-end RE tools for finding security holes
If you’ve ever read anything about how the exploits that let us hack our consoles/smart devices work are created, you surely know that a good deal of reverse engineering is required. Up until today, the go-to tool was IDA Pro (which costs an arm and a leg) but now, America’s NSA has released their OWN reverse engineering tool called Ghidra publicly at no cost!
What is Ghidra?
As the title of this article suggests, Ghidra is a reverse-engeering tool that’s developed, maintained and used by the NSA.
Reverse-engineering tools take code that’s already compiled (i.e executable code) and decompile it in order to allow users to look at how the code actually works and identify potential weaknesses. Then, these weaknesses can be used to come up with bugs which in turn can be used to create exploits when combined with other vulnerabilities in the system.
A while ago, they promised they’d be releasing the tool for free at RSA Conference 2019 and now, that conference arrived and the tool, along with its source code, is publicly available for download!
Some hackers, including PSVita hacker Yifan Lu, are taking to the internet and are saying that it’s a significant competitor to IDA Pro since it’s pretty good and also 100% free! Furthermore, it supports a wide range of architectures including ARM64, PowerPC32/64 and obviously x86/64 and also has a barrage of features which will obviously make many consider moving to it from IDA Pro.
How could Ghidra affect the console/smart device hacking scene?
As Ghidra is a powerful security research tool, the implications of it being released for free include:
- Security researchers and/or hackers do not need to spend thousands on obtaining an IDA Pro license along with licenses for the modules to go along with it.
- This could potentially increase the amount of people poking around console system software in order to find potential entry points in their free time.
- Invidiuals who are still beginners when it comes to hacking will most likely find Ghidra as a godsend since they don’t have to fork out any money to start learning hacking techniques which could later lead to them finding bugs in code.
- Web browsers, other applications and operating systems could potentially become more secure as access to high-end reverse engineering software could be a great help to white hat hackers.
- Obviously, Ghidra isn’t a tool that lets you jailbreak/hack your device! It’s a tool used by security researchers, hackers and anyone interested in infosec to reverse engineer code in order to find bugs to potentially make code more secure and potentially create exploits.
To grab Ghidra for yourself, check out the link below and follow the installation instructions provided there. As it’s written in Java, you need to install JRE so make sure you have a working Java installation before you start blaming the NSA that they released non-working software!
Ghidra currently supports 64-bit versions of Windows, Linux and macOS and its hardware requirements are 4GB RAM and 1GB HDD space so it’ll run on most computers from the past decade.
Ghidra website (download link + links to more information): https://ghidra-sre.org