back to article Did you know?! Ghidra, the NSA's open-sourced decompiler toolkit, is ancient Norse for 'No backdoors, we swear!'

The NSA has released its home-grown open-source reverse-engineering suite Ghidra that folks can use to poke around inside applications to hunt down security holes and other bugs. Spoiler alert: it's Apache 2.0-licensed, available for download here, and requires a Java runtime – and the agency swears it hasn't backdoored the …

  1. Blockchain commentard Silver badge
    Black Helicopters

    would it be sensible/prudent to run Ghidra on itself. Cos, you know....

    1. Anonymous Coward
      Anonymous Coward

      @Blockchain did you miss the whole open source part?

      1. A.P. Veening

        Nobody missed the open source part, it is just extremely interesting to compare that open source with the results of the decompilation. For real fun, also use another decompiler that isn't built to hide some of the more questionable routines.

        Since we are talking about NSA, there is no such thing as excessive paranoia.

      2. david 12 Bronze badge

        >did you miss the whole open source part? <

        Fun note: git hub "Issues" lists includes the issue that the released java bytecode doesn't match the released source :)

    2. redpawn Silver badge

      It would be a good test as it is a bajillion lines long and complex. You could compare it to its source code which you compiled it from.

    3. jake Silver badge

      Running it on itself ...

      ... wouldn't prove anything. Read Ken Thompson's ACM Turing Award lecture "Reflections on Trusting Trust". It's a good read for anybody interested in this kind of thing.

    4. Steve Channell
      Facepalm

      Doesn't support Java

      Reflection of Java bytecode has been available for twenty years.. all managed languages have rich code analysis

      This one is for machine code

    5. Fungus Bob Silver badge

      "would it be sensible/prudent to run Ghidra on itself"

      Probably not. The resulting paradox could cause a black hole that would swallow the universe.

  2. Anonymous Coward
    Anonymous Coward

    why on Earth give this away for free to everyone on the planet

    Because that's what the 'cool kidz' the NSA hope to hire have been brainwashed to believe 'open good, close baaaad'. Sheep are always sheep. So give them something....

    1. Bronek Kozicki Silver badge

      Re: why on Earth give this away for free to everyone on the planet

      Actually I think "Perhaps the NSA's enemies are assumed to have better or similar tools" pretty much this.

    2. DCFusor Silver badge

      Re: why on Earth give this away for free to everyone on the planet

      One of the worst parts of working for the oxymoronically named "Intelligence Community" is that if you succeed in doing something cool, it has to be kept utterly secret - if the "bad guys" know (how) they've been pwned, they fix it. It's why sources and methods are the real secrets, though most things that are classified are simply done to hide some misfeasance.

      On the other hand, if you screw up and it gets out, it's on the front page of every paper on earth.

      This makes job satisfaction - and talent retention, as well as acquisition, much more difficult.

      All smart nerds like props when they do something cool. No matter their politics.

      So you're partly right.

      1. jake Silver badge

        Re: why on Earth give this away for free to everyone on the planet

        "All smart nerds like props when they do something cool."

        Not all. And those that do, not always.

    3. martinusher Silver badge

      Re: why on Earth give this away for free to everyone on the planet

      Two things....

      -- The toolset is probably last year's model so its safe to release from a national security perspective

      -- The NSA is a publicly funded entity and so all of its work belongs to the public.

      This latter provision has proved very useful in the past, more so than many people realize. It could be said that its where the notion of open source came from.

      1. overunder

        Re: why on Earth give this away for free to everyone on the planet

        "It could be said that its where the notion of open source came from."

        I would say the inverse could be true...

        "The private entity is a privately funded entity and so all of its work belongs to the private entity."

        ... now disagree with that by inversion. Of course today, companies are trying to invert the inversion by making open source private.

        1. jake Silver badge

          Re: why on Earth give this away for free to everyone on the planet

          Strangely enough, we used to get the source code to virtually every bit of code that we ran on corporate computers. It wasn't until Redmond and Cupertino started jealously guarding their source code that it became de rigueur in corporations world wide.

          1. ST Silver badge
            Linux

            Re: why on Earth give this away for free to everyone on the planet

            > [ ... ] we used to get the source code to virtually every bit of code that we ran on corporate computers.

            No, you didn't.

            Microsoft's shit has never, ever, been open source. Neither has Oracle, or Sybase, or Informix, or any of the so-called proprietary UNIX-es. Neither was Apple.

            Apple put out a fake open source project by the name of Darwin in the early 2000's. Nothing ever came of it, because it was designed to fail from the outset.

            AT&T spent a lot of money in the '90's trying to destroy the BSD's, by suing them, simply because they were open source.

            So no, the idea that corporate computing has always been open source is pure bullshit.

            1. jake Silver badge

              Re: why on Earth give this away for free to everyone on the planet

              I wasn't talking about those later-day corporations. Re-read mine. The time-frame I was referring to was pre mid 1970s, or thereabouts. Look up Bill Gates "Open Letter to Hobbyists", should give you a rough idea of when the notion that all source should be proprietary started. Apple resisted this at first, but was soon sucked in ...

            2. Arthur Daily

              Re: why on Earth give this away for free to everyone on the planet

              Before Microsoft and the ilk, IBM source code was held by nearly everyone, and control blocks of course. IBM part relied on others to fix their code, and often sent smart ones free gifts or bottles.

              Pretty sure ICL, Fujitsu, and DEC/PDP gave out source code. Too young to remember CRAY and CDC. Bottom line was that there were no 'memory leaks' and orphaned junk, and one off errors when real SE's could hunt them down.

              Then IBM started covering up control blocks and VSAM, and making source code available to SE's where locked up - just in case the OS went into a deadly embrace /loop that could be fixed on the spot - rather than 2-3 days of no ATM's.

              Rolling on - the Atari, TRS80, and AppleII had very tight and efficient code, with chess programs under 1K! Now Microsoft is bloatware riddled with poor coding, unchecked parameters, unchecked recursion, and unreviewed code. If it is done inhouse, you have to wonder from the company that retitled machine attendants to 'systems engineers' .

          2. Anonymous Coward
            Anonymous Coward

            Re: why on Earth give this away for free to everyone on the planet

            Yes. I remember working on a minicomputer back in the 80s. For business continuity reasons, the company that developed the software was contractually obliged to give us the source code, so they did.

            But not the compiler. The source would only compile with their specially tweaked compiler.

        2. Anonymous Coward
          Anonymous Coward

          Re: why on Earth give this away for free to everyone on the planet

          (sarcasm)Hey Baby, can I open source your privates?(/sarcasm)

      2. jake Silver badge

        Re: why on Earth give this away for free to everyone on the planet

        "its where the notion of open source came from"

        Uh ... no. See this, from early 1998.

    4. Anonymous Coward
      Anonymous Coward

      Re: why on Earth give this away for free to everyone on the planet

      The NSA are saying that Huawei has built in backdoors for the Chinese govt.

      Releasing this is saying that US phone companies don't put in backdoors, the NSA uses this software to find vulnerabilities.

  3. johnrobyclayton

    Perhaps they have moved on

    Once you have pwned the compilers and other elements of the toolchains that build the toolchains that build the toolchains that ....

    To get a clean from start you would have to wire up the processor from transistors, design and build your chip fabricators, code your compilers and bootstrap yourself into the modern age.

    Not many people or organisations have the patience, ability or resources to go through such a process.

    One iteration of Linux from Scratch was enough for me.

    There is no way to fully trust that any technology today has not been pwned to some degree or another.

    The only defense is to get as many different individuals and groups investigating and testing in as many different ways as possible.

    It is probable that the NSA's largess is not something that is a significant threat to the NSA itself.

    It will be though, something that can increase the exposure of their counterpart's efforts along with those of non-state threat sources.

    1. Ken Hagan Gold badge

      Re: Perhaps they have moved on

      "To get a clean from start you would have to wire up the processor from transistors, design and build your chip fabricators, code your compilers and bootstrap yourself into the modern age."

      Not true, if you use multiple sources for the entities at each level and compare their results.

      At least, assuming that the same enemy hasn't nobbled *every* supplier at a given level. Choose your suppliers carefully, though, and the probability of that must surely sink to a level that anyone can live with.

      1. overunder

        Re: Perhaps they have moved on

        "Choose your suppliers carefully..."

        I agree, but when a government chooses your suppliers? I think the notion of being too small for radar does exist like you think, but once you're on the radar? We already know the government has hush orders, but even without that, the government still has its "standards" to be met. Even if the FCC or whichever entity is _not_ involved, you still have government approved suppliers. This isn't coming out right like it is in my head, but maybe you can see it, you definitely see it with your foil hat on.

        Of course it could all be worse than that, maybe as implied above, all popular architectures are exploited. And as also mentioned above, good luck financing your own. Even if we're not to that point yet, how long?

      2. Arthur Daily

        Re: Perhaps they have moved on

        See Intels pre-execution pipeline hack (Not bug, because they knew and picked good-enough).

        Made its way into Intel chips, AMD, ARM and IBM chips. Just two makers of modem chips, both with onboard processors. Rather than correct the hardware, secret inefficient software semi-fixes are being chunked out. Only Linux people have fessed up into saying software remediation is slower than microcode hobbling). Rather than a fix, Intel is directing resources to encrypted code execution extensions that will make viruses undetectable..

  4. elDog Silver badge

    They'll be putting this in a github repository? Github - owned by microsoft?

    Let's see, who should we trust?

    And I suppose MS's version of github is not capable of being reverse-engineered, being a SaaS like Office 365.

    1. A.P. Veening

      Re: They'll be putting this in a github repository? Github - owned by microsoft?

      MS's version of github is capable of being reverse-engineered, the problem is connecting with it just like with Office 358.

  5. Anonymous Coward
    Anonymous Coward

    If nothing else ...

    it's nice to have tools like this to rip open software that's long deceased and recompile it for a more modern platform in the event the original vendor is also long gone.

    1. doublelayer Silver badge

      Re: If nothing else ...

      I think that, in most cases, the problem getting old code to run on something newer is all the old libraries it thinks it should be using that don't work the same, or exist, as they did so long ago. This wouldn't be able to help with that. It might be able to do some things, like taking a binary and making it run on a different architecture, but it's probably a lot more limited than we'd like.

  6. David Given
    Thumb Up

    Supported architectures?

    The github repository is a placeholder and I can't find much in the way of documentation --- anyone see a definitive list of which architectures it supports? I recently spent a tonne of time reverse engineering a piece of gnarly Z80 code, and would love some tool assistance for the next time this happens.

    1. g00se2

      Re: Supported architectures?

      <pre>

      foo@t410:/tmp$ jar tf ghidra_9.0_PUBLIC_20190228.zip | grep -P '/Processors/[^/]+/$'

      ghidra_9.0/Ghidra/Processors/Toy/

      ghidra_9.0/Ghidra/Processors/TI_MSP430/

      ghidra_9.0/Ghidra/Processors/PA-RISC/

      ghidra_9.0/Ghidra/Processors/6502/

      ghidra_9.0/Ghidra/Processors/PowerPC/

      ghidra_9.0/Ghidra/Processors/Z80/

      ghidra_9.0/Ghidra/Processors/8085/

      ghidra_9.0/Ghidra/Processors/CR16/

      ghidra_9.0/Ghidra/Processors/JVM/

      ghidra_9.0/Ghidra/Processors/6805/

      ghidra_9.0/Ghidra/Processors/MIPS/

      ghidra_9.0/Ghidra/Processors/PIC/

      ghidra_9.0/Ghidra/Processors/x86/

      ghidra_9.0/Ghidra/Processors/8051/

      ghidra_9.0/Ghidra/Processors/68000/

      ghidra_9.0/Ghidra/Processors/ARM/

      ghidra_9.0/Ghidra/Processors/DATA/

      ghidra_9.0/Ghidra/Processors/AARCH64/

      ghidra_9.0/Ghidra/Processors/Sparc/

      ghidra_9.0/Ghidra/Processors/Atmel/

      </pre>

      1. David Given

        Re: Supported architectures?

        Oh, awesome. Thanks!

        (Ooh, Z80 *and* 8085... and 8051! Now, there's an architecture which just Will. Not. Die.)

  7. GrapeBunch Bronze badge
    Coat

    There's gnupe in my soupe.

    I can imagine it will be attacked. For example, commercial software houses wanting to find out if you've decompiled their software in contravention of a license. Replace a copyright text in the executable with a routine that sends them chapter and verse of your transgression. I guess this suggestion is so naive as to be laughable, but <replace with something that might work in 2019>. Might have something to do with repeated forking. Must be lunch time. Mine's the one with the dictaphone in the borscht and the runcible spoon.

  8. Petrea Mitchell

    Ancient Norse, really?

    Surely you mean Japanese? https://www.tohokingdom.com/kaiju/king_ghidorah_showa.htm

  9. Anonymous Coward
    Anonymous Coward

    Luddites

    it's interesting to note that when i tryed to download from link, that the nsa refused to connect,

    im in oz, with vpn when connected to usa same same

    1. jake Silver badge

      Re: Luddites

      I fail to see how the followers of General Ned have anything to do with it ...

  10. JimBob42

    But is is any good?

    How does this compare to IDA?

  11. NonSSL-Login

    Gift Horse...

    NSA checklist for Ghidra:

    1) Code Ghidra in such a way that it cannot see or decode new generation of NSA nastys

    2) Give it away free and try and make it the industry standard

    3) Profit!

    1. Arthur Daily

      Re: Gift Horse...

      Not needed.

      What is missing is a hardware grab tool, where all memory can be discovered and dumped, and bootloaders detected and some automation to unpack compressed or obscured blobs.

      That is a big hurdle.

      So everyone can unlock bootloaders and replace compromised certificates, when the vendors abandon product. The choices seem heavy for CPU's, and light for microprocessors such as in graphic cards and disk drives.

      With other options out there, this is harmless, and not increasing ease of discovery.

  12. Zuagroasta

    Am I really the first?

    Hail Ghidra!

  13. Zippy´s Sausage Factory

    why on Earth give this away for free to everyone on the planet?

    Because, as Clifford Stoll pointed out in "The Cuckoo's Egg", there are 2 parts to the NSA: the one that is paid to try and keep the world secure and unhackable, and the other bit that tries to intercept everyone's communications. And yes, it's a little bit of doublethink going on there, I'm sure.

    But I suspect the main reason is that this is useful enough in general, and not just for spying, that they think it should be widely available and further developed. To which I say, more power to Ghidra then...

  14. CountCadaver
    Black Helicopters

    Wonder how long it will take for

    UK Plod to cite finding Ghidra on someone's computer as evidence they are some cyber criminal kingpin, who likely had xxxxx (CSE images, extreme pron, bombmaking plans etc) on their system but we couldn't find it so they must have used some clever technical tricks to remove it m'lud, why else would they have this nefarious hacking software on their computer, they claim it came from the NSA, a laughable claim, why would an esteemed agency release something like this

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019