It’s not a hidden fact that the National Security Agency (NSA) develops and uses many powerful and in-house security tools for carrying out different “important” tasks. Ghidra is one such well-known software reverse engineering toolkit that the agency has been using for a long time.
At 2019’s RSA security conference, the NSA open sourced the tool with Apache 2.0 license, calling it a “contribution to the nation’s cybersecurity community.”
This announcement was made by Rob Joyce, the cybersecurity adviser to the NSA director. He ensured the audience that there’s no backdoor in Ghidra. “This is the last community you want to release something out to with a backdoor installed,” he added.
— NSA/CSS (@NSAGov) March 6, 2019
Joyce also told that the tool was internally developed for taking a deep look into malware and software to spot the weak points and exploit them. It also lets multiple users reverse engineer the same binary at the same time.
What makes this tool more interesting is the fact that it’s cross-platform and one can run it on Linux, Windows, and macOS. The users can also develop their own Ghidra plug-in scripts using the available API.
Ghidra processor modules: X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64,micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, Others+ variants as well. Power users can expand by defining new ones
— Rob Joyce (@RGB_Lights) March 5, 2019
This release also attracted a good amount of attention on The Hacker News, where users have called it a competitor to IDA Pro.
At the moment, you can visit the official website of Ghidra to download the tool. NSA also plans to release its source code under an open source license on GitHub as well.