Exetools  

Go Back   Exetools > General > General Discussion

Notices

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 01-05-2019, 09:19
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
NSA will release some sort of advanced IDA reversing tool in March

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.


https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool
The Following 18 Users Say Thank You to deepzero For This Useful Post:
alekine322 (01-06-2019), copyleft (01-06-2019), cyberbob (01-07-2019), gsaralji (01-05-2019), Indigo (07-19-2019), jgutierrez (01-12-2019), lordi (01-11-2019), Matan (06-12-2020), niculaita (01-06-2019), nimaarek (01-05-2019), ph03n1x (01-23-2019), pps44 (01-06-2019), robotics0 (03-16-2019), Storm Shadow (01-12-2019), tom324 (01-06-2019), tonyweb (01-05-2019), Uknow007 (02-17-2019), WhoCares (01-06-2019)
  #2  
Old 01-06-2019, 01:49
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 409
Rept. Given: 10
Rept. Rcvd 16 Times in 14 Posts
Thanks Given: 41
Thanks Rcvd at 155 Times in 61 Posts
WhoCares Reputation: 17
wow.

Is it more powerful than IDA?
__________________
AKA Solomon/blowfish.
The Following User Says Thank You to WhoCares For This Useful Post:
Indigo (07-19-2019)
  #3  
Old 01-06-2019, 02:25
Roy25 Roy25 is offline
Friend
 
Join Date: Sep 2018
Posts: 21
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 17
Thanks Rcvd at 23 Times in 13 Posts
Roy25 Reputation: 0
Thumbs up

Quote:
Originally Posted by WhoCares View Post
wow.

Is it more powerful than IDA?
If it is "released for free public use".. then I wish it is
The Following User Says Thank You to Roy25 For This Useful Post:
Indigo (07-19-2019)
  #4  
Old 01-06-2019, 13:32
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Will be interesting to see how it competes with IDA and BinaryNinja. Given that it is free, if it can give those a run for their money, it could be a good thing and we could see the prices of the other two go down to compete. But, given that it is made by the NSA, there isn't much really pushing for their tool to be anything amazing and there are already worries of trust and what the tool will include in terms of phone-home like telemetry.
__________________
Personal Projects Site: https://atom0s.com
The Following 2 Users Say Thank You to atom0s For This Useful Post:
Indigo (07-19-2019), p4r4d0x (01-07-2019)
  #5  
Old 01-06-2019, 16:05
qzr qzr is offline
Friend
 
Join Date: Oct 2018
Posts: 23
Rept. Given: 0
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 20
Thanks Rcvd at 74 Times in 15 Posts
qzr Reputation: 4
Some spoilers could be found on Wikileak: https://search.wikileaks.org/?q=Ghidra
The Following User Says Thank You to qzr For This Useful Post:
Indigo (07-19-2019)
  #6  
Old 01-07-2019, 03:14
nikkapedd nikkapedd is offline
VIP
 
Join Date: Mar 2011
Location: ::Bratva::
Posts: 275
Rept. Given: 275
Rept. Rcvd 151 Times in 65 Posts
Thanks Given: 202
Thanks Rcvd at 275 Times in 112 Posts
nikkapedd Reputation: 100-199 nikkapedd Reputation: 100-199
Some code tools are now free from NSA
Code:
https://code.nsa.gov/
The Following 7 Users Say Thank You to nikkapedd For This Useful Post:
ARUBA (01-10-2019), deepzero (01-07-2019), Indigo (07-19-2019), niculaita (01-08-2019), ph03n1x (01-23-2019), sh3dow (01-09-2019), tonyweb (01-07-2019)
  #7  
Old 01-07-2019, 07:43
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
Is this an old resource or just to save face in wake of the leaks?
The Following User Says Thank You to chants For This Useful Post:
Indigo (07-19-2019)
  #8  
Old 01-07-2019, 10:07
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
The tool has leaked before, but this is a recent announcement that they plan to fully release it from what the various articles have mentioned. The tool was part of some of the WikiLeaks dumps in the past and you can get it already and compile it yourself if you wanted to though.
__________________
Personal Projects Site: https://atom0s.com
The Following User Says Thank You to atom0s For This Useful Post:
Indigo (07-19-2019)
  #9  
Old 01-07-2019, 23:49
SockPuppet SockPuppet is offline
Friend
 
Join Date: Sep 2018
Posts: 28
Rept. Given: 0
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 7
Thanks Rcvd at 75 Times in 21 Posts
SockPuppet Reputation: 4
Quote:
Originally Posted by atom0s View Post
The tool has leaked before, but this is a recent announcement that they plan to fully release it from what the various articles have mentioned. The tool was part of some of the WikiLeaks dumps in the past and you can get it already and compile it yourself if you wanted to though.
Any links to the leaks? Google not very helpful with this.
The Following User Says Thank You to SockPuppet For This Useful Post:
Indigo (07-19-2019)
  #10  
Old 01-08-2019, 10:39
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
Any comments about the quality of the decompiler?
The Following User Says Thank You to chants For This Useful Post:
Indigo (07-19-2019)
  #11  
Old 01-08-2019, 13:37
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by SockPuppet View Post
Any links to the leaks? Google not very helpful with this.
For full results on Wikileaks:
https://search.wikileaks.org/?q=Ghidra

More specific ones with actual info:
https://wikileaks.org/ciav7p1/cms/page_11628795.html
https://wikileaks.org/ciav7p1/cms/page_51183656.html

There are leaks around the web still that have the Vault 7 files and such, some were uploaded to GitHub and similar. But they are all still findable on Google.
__________________
Personal Projects Site: https://atom0s.com
The Following 2 Users Say Thank You to atom0s For This Useful Post:
Indigo (07-19-2019), tonyweb (01-08-2019)
  #12  
Old 01-08-2019, 18:45
Mendax47's Avatar
Mendax47 Mendax47 is offline
Family
 
Join Date: Jun 2016
Location: Earth..
Posts: 206
Rept. Given: 35
Rept. Rcvd 8 Times in 7 Posts
Thanks Given: 685
Thanks Rcvd at 255 Times in 99 Posts
Mendax47 Reputation: 8
There Is A Actual download Link on Wikileaks but can't access to that site

"The Ghidra packages are available on DEVLAN @ \\fs-01.devlan.net\share\NSA\Ghidra"
The Following User Says Thank You to Mendax47 For This Useful Post:
Indigo (07-19-2019)
  #13  
Old 01-09-2019, 04:15
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
That site is probably internally accessible only and a honeypot from the outside so be careful.
The Following 2 Users Say Thank You to chants For This Useful Post:
Indigo (07-19-2019), sh3dow (01-09-2019)
  #14  
Old 01-12-2019, 01:08
contactmebyhere contactmebyhere is offline
Friend
 
Join Date: Nov 2017
Posts: 5
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 9 Times in 4 Posts
contactmebyhere Reputation: 1
I heared somewhere that the NSA tool were useful to defeat (at least a part) of themida protector. I hope their source code will help our community.
I'll never run their jar
The Following User Says Thank You to contactmebyhere For This Useful Post:
Indigo (07-19-2019)
  #15  
Old 01-12-2019, 19:21
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
I can't imagine it will be a full-fledged decompiler which beats hex-rays in its current incarnation though. From what I have seen it looks like just another advanced disassembly tool with some basic decompilation tricks.

But did anyone notice how chessgod101 mysteriously deleted his post after I called it out as an obvious honeypot?
The Following User Says Thank You to chants For This Useful Post:
Indigo (07-19-2019)
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 19:01.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )