UPDATED 14:33 EST / MARCH 07 2019

SECURITY

NSA open-sources Ghidra, a tool for reverse-engineering malware

The annual RSA Conference in San Francisco draws thousands of cybersecurity experts from around the world, along with numerous corporate exhibitors that use the opportunity to spotlight their newest products. This year’s event, which kicked off on Wednesday, saw the National Security Agency join the chorus by open-sourcing an internal software analysis tool called Ghidra.

Ghidra provides a workbench for reverse engineering programs to expose their source code. Specifically, the system is geared toward security researchers whose work consists of analyzing newly discovered malware strands to understand how they propagate and who created them.

Ghidra boasts an expansive feature set. The system, which is made up of no less than 1.2 million lines of code, can run on Windows, Linux and macOS with support for more than a dozen processor architectures. This broad hardware compatibility enables researchers to analyze many different kinds of malware, including payloads targeted at specialized systems such as mainframes.

Another standout capability is Ghidra’s focus on collaboration. The system enables several researchers to work on a program at once, as well as share the results of their reverse-engineering efforts with one another directly though the native interface.

Particularly savvy security teams can customize Ghidra using plugins to adapt it to their specific workflows. The system provides a mechanism for creating extensions that, among other things, makes it possible to add compatibility with additional processor architectures beyond the ones supported out of the box.

Ghidra could emerge as a serious contender to the commercial reverse-engineering tools that currently dominate the market. The most popular product, an application called IDA Pro, costs thousands of dollars per license and doesn’t support as many processor types.

Ghidra is the latest in a series of internal technologies that the NSA has released as part of a long-running initiative known as the Technology Transfer Program. The agency’s previous open-source contributions include SELinux, a widely used Linux module that adds access control features to the operating system.

Photo: Wikimedia

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.