The US National Security Agency (NSA) has released an agency-designed reverse engineering tool that will be used to hunt down malware in applications and software.
The NSA made the big announcement on their official website and at the RSA security conference in San Francisco as it disclosed that the tool, GHIDRA 9.0 is an open source framework.
Rob Joyce, an NSA cybersecurity advisor, who spoke at the event said the tool is a Java-based framework that includes a Graphical User Interface (GUI) and has been made to run several platforms including Linux, Windows, and MacOS.
The GHIDRA framework involves accepting malware and returns the source code that was used to create it, which had always remained unavailable.
This will assist malware analysts, software engineers to come to full knowledge of the code, its design, and implementation.
Joyce revealed that GHIDRA had all the expected features in a high-end commercial tool: processor modules: X86 16/32/64, ARM/AARCH64, with additional functionality that the NSA specially developed.
The tool also supports a wide range of executable formats, processor instruction and can operate in both automated and user-interactive modes.
Joyce disclosed that the NSA has been developing GHIDRA for years, putting into consideration their own priorities, further making it a power cybersecurity tool.
By releasing it to the public, the NSA sees the framework as a form of recruiting strategy, making new hires join the agency at a higher level.
Why this move by the NSA is a huge deal is that reverse engineering tools are very expensive to create and to obtain a license. For the NSA to release the GHIDRA framework to the public is a strong commitment of the agency to assist her citizens in the battle against cyber-attacks.
It is also a great alternative to other expensive reverse engineering tools like Hopper, Capstone, Radare, and IDA-Pro.
Since the framework is open source, any software developer and use and modify the tool for improvements.
GHIDRA (pronounced as Gee-Dra) was first publicly disclosed during the CIA Vault 7 Leaks in 2017, which revealed it as a cyber engineering tool created by the NSA.