View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 4, 2019

The NSA to Release a Free Software Reverse Engineering Toolkit

Features run on Windows, Mac OS and LINUX...

By CBR Staff Writer

The US’s National Security Agency (NSA) is releasing a software reverse engineering tool for free public use in March, in an unusual step – although the tool had already been leaked by Wikileaks as part of its Vault 7 batch of CIA leaks.

Dubbed GHIDRA and understood to have been in use internally at the NSA for over a decade, it will be publicly demonstrated – and made freely available – for the first time on March 5 at the RSAC 2019 conference by senior NSA advisor Robert Joyce.

Shadow Brokers open NSA hacking trove in protest against TrumpNSA GHIDRA Release

GHIDRA, like commercially available reverse engineering tool IDA Pro and its open source alternative FRIDA, allows developers and researchers to “hook” into black box proprietary software.

Such tools can be used for code analysis, debugging, neutralising of malware, or simply adding functionalities to proprietary software.

IDA Pro author Ilfak Guilfanov told Computer Business Review: “The more tools to analyse binary files, the better. We spent decades to improve our tools and I’m curious to see what GHIDRA will bring to the public.”

See also: Landmark GCHQ Publication Reveals Vulnerability Disclosure Process

The release will happen in a session at the conference in San Francisco titled “Come Get Your Free NSA Reverse Engineering Tool!”

The session note says the tool provides “an interactive GUI capability [that] enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

It adds: “The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed.”

Security researcher Charlie Miller, a former NSA staffer, described the tool on Twitter as having been in use at the NSA 13 years ago.

Computer Business Review has contacted the NSA for further comment on the reasoning behind the release of the tool, which appears to be tasked for quick analysis.

One security researcher, Markus Vervier, described the release to us as a marketing exercise: “I doubt it’s backdoored; it looks like a marketing exercise. They’re just trying to get something good out of a bad thing that happened to them…”

Read this: Introducing Frida: Because Hooking Into Proprietary Software Has its Uses…

Announcement of the release comes as ex-NSA contractor Harold T. Martin III, accused of taking thousands of top secret documents home over two decades, decided to plead guilty later this month to a single charge that could carry a ten-year sentence.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU