NSA will release some sort of advanced IDA reversing tool in March
 

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.


https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool

wow.

Is it more powerful than IDA?

If it is "released for free public use".. then I wish it is :cool:

Will be interesting to see how it competes with IDA and BinaryNinja. Given that it is free, if it can give those a run for their money, it could be a good thing and we could see the prices of the other two go down to compete. But, given that it is made by the NSA, there isn't much really pushing for their tool to be anything amazing and there are already worries of trust and what the tool will include in terms of phone-home like telemetry.

Some spoilers could be found on Wikileak: https://search.wikileaks.org/?q=Ghidra

Some code tools are now free from NSA

Is this an old resource or just to save face in wake of the leaks?

The tool has leaked before, but this is a recent announcement that they plan to fully release it from what the various articles have mentioned. The tool was part of some of the WikiLeaks dumps in the past and you can get it already and compile it yourself if you wanted to though.

Any links to the leaks? Google not very helpful with this.

Any comments about the quality of the decompiler?

For full results on Wikileaks:
https://search.wikileaks.org/?q=Ghidra

More specific ones with actual info:
https://wikileaks.org/ciav7p1/cms/page_11628795.html
https://wikileaks.org/ciav7p1/cms/page_51183656.html

There are leaks around the web still that have the Vault 7 files and such, some were uploaded to GitHub and similar. But they are all still findable on Google.

There Is A Actual download Link on Wikileaks but can't access to that site

"The Ghidra packages are available on DEVLAN @ \\fs-01.devlan.net\share\NSA\Ghidra"

That site is probably internally accessible only and a honeypot from the outside so be careful.

I heared somewhere that the NSA tool were useful to defeat (at least a part) of themida protector. I hope their source code will help our community.
I'll never run their jar :D

I can't imagine it will be a full-fledged decompiler which beats hex-rays in its current incarnation though. From what I have seen it looks like just another advanced disassembly tool with some basic decompilation tricks.

But did anyone notice how chessgod101 mysteriously deleted his post after I called it out as an obvious honeypot?

Salaries for skilled reverse engineers are rising, there is a lot of demand. NSA was having a hard time locking in new guys into a tool that they cant take to another employer. There is also less incentive to keep it private in the days of Bninja, Hopper et al pressing to establish themselves as a cheap(er) IDA-Alternative.

Or maybe they cant update it because they cant find Skilled reverse engineers !
as the Javabased NSAdebugger has started years ago and now they though that is nice day of sharing on github ? & voluntary upgrading it and one day frame it with any backdoor?

I agree, by publishing the source code of their tool, they get many interested reverse engineers to look at it and if possible, contribute to it. So in the end they get improvements to their software for free. Without having to maintain the tool they can focus again on the real work and spy on people. Clever move, NSA.

There you go A nice photo of what they gone release

_https://i.imgur.com/6LhaH5E.jpg

have fun!!

Question is... in their line of work, could they actually use this "community-maintained" tool? There could be vulnerabilities/backdoors there...

A move to appear as good willed. An ancient version or a flag there.

I found a a page from Wikileaks called EDG Tools of the Trade. Ghidra is mentioned there alongiside with IDA Pro and other tools they use to create backdoors.

https://wikileaks.org/ciav7p1/cms/page_54198278.html

404
We are sorry, the file you have requested could not be found.

Please wait few minutes and try again.

@niculaita
Page Screenshot

it has been released, any idea if it is better than ida?

https://forum.exetools.com/showthread.php?t=19154

Pls close this thread. :)