A free reverse engineering framework called GHIDRA developed by the U.S. National Security Agency will be released at the RSAConference in March.
GHIDRA software is essentially a disassembler, that breaks down executable files into assembly code that can then be examined by humans.
Developed in the early the 2000s, GHIDRA has been used by several other US government agencies where cyber teams need to analyze malware strains or suspicious software.
According to ZDNet, the existence of this reverse engineering tool isn’t exactly a secret and the concept isn’t new either. GHIDRA came into the spotlight in March 2017 when WikiLeaks revealed it in the Vault7 (a collection of internal documentation files supposedly stolen from CIA’s network)
The Vault7 documents describe GHIDRA as a tool that is coded in Java and has a graphical user interface (GUI). It works on Windows, Mac, and Linux.
GHIDRA also has the capability to analyze binaries for all major OS such as Windows, Mac, Linux, Android, and iOS. The software’s modular architecture lets users add packages when they need extra features.
Other existing reverse engineering options like IDA are expensive and generally inaccessible so even though GHIDRA is said to be slower and buggier, it still makes up for a great tool for those who’d like to see what makes a code tick.
Meanwhile, on NSA’s part, this gesture isn’t entirely altruistic as there are benefits of open-sourcing GHIDRA such as free maintenance from the open source community. This might allow GHIDRA to improve and catch up to other tools like IDA.