by slimsag on 3/6/19, 12:26 AM
Why this is important (for those uninitiated):
- Ghidra is basically the first real competitor to IDA Pro, the extremely expensive and often pirated state-of-the-art software for reverse engineering. Nothing else has come close to IDA Pro.
- Ghidra is open-source, IDA Pro is not.
- Ghidra has a lot of really cool features that IDA Pro doesn't, such as decompiling binaries to pseudo-C code.
- It's also collaborative, which is interesting because multiple people can reverse engineer the same binary at the same time -- something IDA only got VERY recently.
by yifanlu on 3/6/19, 12:59 AM
From someone who does binary reverse engineering full time, in my experience, BinaryNinja, Hopper, radare2, etc are toys compared to IDA Pro + Hex Rays Decompiler. The quality of the results and the features supported are unmatched... until now. I haven’t spent too much time with ghidra yet but it’s the real deal. The output of the decompiler looks alright (not complete garbage like I’ve seen with other tools). Even if everything else sucks, the decompiler by itself makes it outrank every other tool aside from IDA. And it costs $10k less! The fact that it’ll be open source is just icing on the cake.
by yalogin on 3/6/19, 5:34 AM
You are the leader in your segment of the market one day and the undisputed leader. You wake up and the NSA decides to send a free competitor out with better or matching functionality. Tough blow. But good for us.
by Semaphor on 3/6/19, 11:18 AM
by twodayslate on 3/5/19, 11:58 PM
by zelon88 on 3/6/19, 2:34 AM
I'm curious what feature specifically prompted the NSA to develop their own IDA Pro alternative. I mean, someone somewhere at the NSA must have been trying to do something with IDA Pro only to repeatedly fail before the decision was made that whatever the NSA was trying to do warranted developing their own IDA Pro... right? Or perhaps they used IDA Pro so often and grew so frustrated by it that they started their own?
by z3phyr on 3/6/19, 10:50 AM
Just used it to solve the 2015 flare-on challenge #1. Rudimentary, but I am blown away. The interface feels better than IDA, I was able to write a python script straight away! 10/10 recommended.
The python interpreter attached with it is aware of the state. Where is my cursor, what memory module I have selected etc. Easy to write scripts for
by xxpor on 3/6/19, 2:39 AM
by mrmuagi on 3/6/19, 12:46 AM
I'm definitely excited for this, considering I couldn't fork out the thousand of dollars needed for using IDA. I can't really justify that on a small hobby project (reverse engineering games).
by JoachimS on 3/6/19, 7:51 AM
by kevinchen on 3/6/19, 3:03 AM
This is an unusually large open source project, especially for NSA. I wonder whether they were motivated to release this tool because of their recent brain drain / hiring problems.
by hatsunearu on 3/6/19, 9:33 AM
Oh yeah, for those who are wondering; there's another NSA project where they made a tool that's a direct competitor with a product that's "out there":
https://github.com/redhawksdrThe competitor in question is GNU Radio.
by subjectsigma on 3/6/19, 6:01 AM
I just don't understand the doubt and hate. It's perfectly reasonable to distrust the NSA in most cases, but look at the context - the NSA has a huge brain drain and PR problem. They desperately need qualified people to start trusting and applying to them again. Does anyone seriously think they would try to backdoor security researchers in such a stupidly obvious way?
I was actually at the RSA talk where they released the tool - the presenter was very open in saying that this is a recruiting tool. They want college kids just getting into RE to learn their tools and have their name in the back of their mind so they apply for internships and jobs, and are trained for those roles from day zero. There are other benefits to releasing the tool, like free labor and testing from people submitting patches and bug reports, but the real value is in making the NSA appear like the good guys and getting people on their side.
It seems pretty obvious to me that this gives the NSA more benefit than trying (and probably failing) to hack random people. And yet the dude sitting next to me was shaking his head and saying he would only ever run it in a VM. Irrational as hell.
by megous on 3/6/19, 3:30 PM
So, I've tried it on some mips binaries I've been reverse engineering on and off last 7 years from assembly, for various reasons. I'm completely blown away by the quality of the decompiler output. The binaries include symbols, so everything global is named correctly, which helps. Anyway, nothing I've tried over the years comes even close to the clean output I'm seeing from Ghidra.
It's great.
by noodlesUK on 3/6/19, 11:27 AM
I’m really hoping this release will improve the situation with learning RE in universities etc. The free version of IDA is very limiting, and few people use the open source and cheaper alternatives (radare2/cutter, binary ninja, hopper). I’m also hoping I can get that decompiler (or something similar) in cutter at some point, but with the source not yet available we’ll have to wait.
by snazz on 3/6/19, 12:56 AM
by vasilia on 3/6/19, 1:08 AM
Are they serious? They are banning Russian IPs with decompiler source code. Hmm, I know ARM and x86 assembly. Of course, I don't know how to download these sources :)
by alexozer on 3/6/19, 1:35 AM
by souprock on 3/6/19, 12:39 AM
It's not the first real competitor available to the public. Hopper Disassembler and Binary Ninja are both capable. They have been available for a few years.
Binary Ninja is also collaborative if you get the enterprise edition: https://binary.ninja/purchase/
by hendi_ on 3/6/19, 1:44 PM
by stargazing on 3/6/19, 12:35 AM
by bluedino on 3/6/19, 1:16 PM
Is it odd that this is written in Java? What advantages does this have?
by nyrulez on 3/6/19, 12:15 AM
I am going to sound pessimistic here, but isn't there a real danger of having this technology available to bad actors and is there any value to keeping such things confidential if it plays a role in national security?
If someone was releasing malicious software to hijack the power grid as an example, wouldn't they be first able to use this to try to improve the robustness and invisibility of their attack ?
Or is the functionality here common place enough that it doesn't tilt the axis of power in an unfavorable way?
by Sreyanth on 3/6/19, 5:01 PM
Am I the only one or is anyone else thinking about what the angle here could be?
Pretty impressive software though. Finally one strong open-source alternative for reverse engineering.
by J253 on 3/6/19, 7:13 AM
Can anyone speculate as to why the NSA decided to release this? Have they released any OSS in the past?
by andrewcchen on 3/6/19, 12:50 AM
There's a typo in launch.sh that breaks when you try launch in debug mode
> "{$DEBUG_PORT}"
by marrowgari on 3/6/19, 3:09 PM
If you run in debug mode it listens on port 18001 allowing for RCE on host machine
by the_librarian on 3/7/19, 2:26 AM
by AnIdiotOnTheNet on 3/6/19, 3:20 PM
Oh cool, this even supports old DOS MZ exes. And it easy to make portable.
Edit: no, spoke too soon. It acts like it supports MZ exes but consistently fails to import them.
by ru999gol on 3/6/19, 8:27 PM
honest question: should I trust the binary they provided? What reason should I have trusting it? Because I don't.
by ryanmarsh on 3/6/19, 1:53 AM
The logo reminds me of 8 chan's logo.
by ramon on 3/6/19, 1:25 AM
does Ghidra work for APK files, it would be cool if it also worked with mobile projects.
by morenoh149 on 3/6/19, 5:25 PM
How did they use jenkins to do this exactly? I'm curious
by keypnchr on 3/6/19, 1:15 AM
Started to watch the video, then remembered Snow Crash.
by kuroguro on 3/6/19, 10:09 AM
I know what I'm doing this weekend :)
by sscarduzio on 3/6/19, 12:19 AM
Does it work for non windows binaries?
by _bashskids on 3/6/19, 11:13 AM
wish it would be helpful for reversing drivers etc.. for oss community
by kuwze on 3/9/19, 1:13 PM
This is awesome!
by karthickgururaj on 3/6/19, 1:27 PM
radare2 is an other open source alternative
by savgeborn on 3/6/19, 10:08 AM
This is Sanskrit name for Vulture
Ghid = Vulture
Ra = In Sanskrit RA is the acoustic root of fire. RA also connotes with light or spiritual light.
by m0zg on 3/6/19, 2:44 AM
Yeah, I think I'm gonna pass on this strictly binary release and wait until the code is released, reviewed, and independently compiled.
by imjustsaying on 3/6/19, 1:56 AM
>clicking the link before reading the domain
regret
by an-allen on 3/6/19, 8:36 AM
Nice try NSA.
by baby on 3/6/19, 12:17 AM
Annndddd, it's ugly as fuck. Well, I'm not going to install something made by the NSA on my machine but I'd be interested in feedback.
by Defcon6 on 3/6/19, 1:07 AM
by maxfan8 on 3/6/19, 12:03 AM
It appears that it isn't actually available as of now. Apparently, the NSA is going to release it at RSA Conference 2019, so it'll probably actually be published within the next couple of days.
by Foxboron on 3/6/19, 12:00 AM