What is Reverse Engineering?
Before proceeding any further, if you are unaware, Reverse Engineering is a process of decompiling an application mainly to obtain its source code. It doesn’t matter which language was used to create the application, the primary objectives of doing this are to improve the application, understand the actual design and code better, find bugs, etc.
GHIDRA is NSA’s own classified software reverse engineering tool that is designed to work on a variety of platforms including Windows, Linux, and macOS. It’s a Java-based reverse engineering tool which also features a graphical user interface (GUI). Read: Top 10 Kali Linux Tools for Ethical Hackers and Penetration Tester Though, NSA released the reverse engineering tool publicly at RSA conference a few days ago, the existence of GHIDRA was first leaked by WikiLeaks in CIA Vault 7 leaks. Overall, it’s a great alternative to other reverse engineering tools that are too expensive to afford. As per the official website of GHIDRA, “It helps analyze malicious code and malware like viruses, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems.” Robert Joyce, the senior NSA advisor also ensured that GHIDRA has no risks or backdoor. “This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart,” he added. Talking about the features, GHIDRA comes with all the advanced features just like any other commercial reverse engineering tool. It supports a variety of instruction sets, executable formats and can run in both automatic and manual modes. Joyce also unveiled the processor modules of GHIDRA. There are more than 15 modules including X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64, micro, 68xxx, PA-RISC, PIC 12/16/17/18/24, Java / DEX bytecode, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, etc.
First Bug Reported By GHIDRA Reverse Engineering Tool
After welcoming the GHIDRA reverse engineering tool, the security researchers and developers at the infosec community, have already started reporting the security holes and bugs available in the tool. The first issue was reported by Matthew Hickey (with alias HackerFantastic). He noticed that when a user launches GHIDRA in the debug mode, the tool opens JDWP debug port 18001 for all interfaces, and thus allow anyone within the network to execute code in analysts’ system remotely. However, the bug has been fixed now in the latest version of the software. If you are a security analyst looking for a cheap reverse engineering tool, start contributing to GHIDRA project so that it will become a useful tool for everyone.