A big part of fighting new viruses is figuring out how they work. To do this, you need to redesign it. The National Security Agency (NSA) obviously has to do a lot of this kind of work, so they created their own tool called Ghidra to help them do that.
By the way, this is pronounced Ghee-dra. It was released to the general public for free and open source on March 5 th , 2019 at the RSA conference in San Francisco. You can even view the Ghidra presentation notes from Robert Joyce, senior adviser to the National Security Agency (NSA).
To really understand why the release of Ghidra was important, we need to understand what reverse engineering is and what it is used for.
What is reverse engineering and why is it used?
Generally, reverse engineering (RE) refers to the process of taking something apart to figure out how it was done. You may have done this yourself at home with a small device, just trying to figure out how to fix it yourself. But we’re talking about the RE program. It’s just code, right? Why don’t we just take a look at the code behind this?
When you write a program in a language like C or Java, there is a step between writing it and being able to use it on a computer. The language you program in is readable, but not necessarily computer readable. It needs to be converted into something the computer can handle. This process is called compilation.
When a program is compiled, people stop reading it.
If you want to understand how this program works, you need to take it apart to a level where you can see what it contains. To do this, you will need a set of tools, just like you will need a set of screwdrivers and wrenches to work with a small appliance or motor.
This is where Hydra comes into play. This is a set of tools to disassemble software to see how it works. Other similar tools already exist, such as IDA, Radare and Binary Ninja.
The NSA uses Ghidra to combat viruses, malware and other programs that can pose a threat to national security. Then, based on what they find, they develop an action plan to eliminate the threat. You know that there have been a lot of reports of government sponsored hacker attacks in the news lately.
Can anyone use Ghidra?
Not really. You should at least have some programming experience. You don’t need to be a software engineer, but if you’ve completed a few college programming courses, you can get into Ghidra and learn how to use it.
In addition, the official Ghidra website also has an installation guide, quick references, wiki, and issue tracker. The point of providing all of this is so that everyone can learn and together keep the world safe from malicious hackers.
The NSA is doing this to â€œâ€¦ improve cybersecurity toolsâ€¦â€ and â€œâ€¦ build a communityâ€¦â€ by researchers who know Ghidra and contribute to its growth, as written in a presentation by Robert Joyce.
So. Why is Hydra a big deal?
This is from the NSA. Which company has the resources that the US federal agency has? What experience could even the best security company have compared to an agency tasked with keeping the most powerful nation on Earth safe?
So yes, it is a very powerful tool. Security researcher Joxen Coret tweeted, “So Ghidra shit on every other RE tool except IDA.”
Then there is the free aspect. With the ability to get what is arguably the most powerful RE tool for free, the bar for security research has been lowered to just having a computer and Internet access.
This is one of the reasons the NSA released him. They hope that a new generation of researchers will master it and consider a career at the NSA.
Then there is the open source aspect. Security agencies don’t let people look behind the curtain for nothing. If you know how they do what they do, it becomes easier to stop them. However, all of the Ghidra source code is published, so anyone can browse it and see exactly how it works.
And no, there are no reports of government loopholes in it. Ron Joyce quickly responded to this question by telling the security research community, ” the last community you want to release something with a backdoor installed is for people who are after it to rip it apart.”
In terms of education, Ghidra also allows novice programmers to take apart programs to see how they work, and then learn how to do something similar in their own projects. Learning someone else’s code has long been a common practice among programmers and developers aspiring to become better programmers. If this code were, of course, open source.
Perhaps the biggest deal is that Ghidra was designed to be shared. You can have a common repository with your colleagues or friends so that you can all work on a project at the same time. This greatly speeds up the analysis process.
The US federal government has pledged to release more and more security-related software. Some will be technical in nature, such as Ghidra, and some will be more user-friendly, such as a security-enhanced version of Android
All of this marks a unique time for government and civil society to work together to maximize the security of our data infrastructure.
United States Secret Service – https://www.secretservice.gov/data/press/reports/USSS_FY2013AR.pdf