The NSA announced at the 2019 RSA Conference in San Francisco this week that it is making its software reverse engineering tool Ghidra available to the public and open source. According to the agency, the project is aimed at making reverse engineering software more attainable with tools designed, among other things, to model processor activity to see how machine code runs on a chip.
The framework has been a part of NSA’s cyber security mission and used to analyze malicious code and malware.
“Ghidra is the product of years of research and development aimed at solving some of our agency’s most challenging mission problems,” NSA Public Affairs Officers Natalie Pittore and Liam Davitt wrote in a blog post about the project. “It was built to solve scaling and teaming problems and to provide a customizable and extensible software reverse engineering platform.”
The aforementioned processor modeling is accomplished with a proprietary language called Sleigh, which the NSA explained breaks down machine processes into intermediary “P-code.” The code can then be analyzed on the platform’s Windows, MacOS and Linux environments.
The exposed API will allow users to write their own plugins for Ghidra, filling in any gaps there might be in the tool’s set of processor instruction sets or executable formats.
Ghidra also allows for disassembling, assembling, decompiling, graphing, scripting and “hundreds” of other functions.
“Why share such a valuable tool with the public instead of keeping it for classified work?” Pittore and Davitt wrote. “We’re doing this because we firmly believe Ghidra is a great addition to a net defender’s toolbox. It will make the software reverse engineering process more efficient. It will help to level the playing field for cybersecurity professionals, especially those that are just starting out. We expect the tool will enhance cybersecurity education from capture-the-flag competitions, to school curriculums and cybersecurity training. Releasing Ghidra also benefits NSA because we will be able to hire folks who know the tool. When they’re coming through our doors, they’ll be able to be impactful faster.”
More information is available here.