Ghidra – NSA’s reverse engineering tool is now available to the public for free.

NSA cybersecurity advisor Rob Joyce announced the public release at the RSA Conference 2019 in San Francisco.

Earlier, we had reported that the National Security Agency (NSA) was going to open source Ghidra. It was spotted from the senior NSA advisor, Robert Joyce’s session description on the official RSA conference website.

Here’s what it mentioned:

Image Credits: Twitter

In case the text in the image isn’t properly visible, let me quote the description here:

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHISDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed. and will be released for free public use at RSA.

The speculations have turned to be true as Ghidra is now available for the public.

What is Ghidra?

Ghidra is a software reverse engineering framework developed by NSA that is in use by the agency for more than a decade.

Basically, a software reverse engineering tool helps to dig up the source code of a proprietary program which further gives you the ability to detect virus threats or potential bugs. You should read how reverse engineering works to know more.

The tool is is written in Java and quite a few people compared it to high-end commercial reverse engineering tools available like IDA.

A Reddit thread involves more detailed discussion where you will find some ex-employees giving good amount of details before the availability of the tool.

Ghidra was a secret tool, how do we know about it?

The existence of the tool was uncovered in a series of leaks by WikiLeaks as part of Vault 7 documents of CIA.

Ghidra is open source

Yes, Ghidra is completely open source. It is using the open source license Apache version 2.0.

The source code of Ghidra is available on GitHub. You can browse the source code on its GitHub repository.

NSA is definitely targeting the open source community to help improve their tool while also reducing their effort to maintain this tool. This way the tool can remain free and the open source community can help improve GHIDRA as well.

If you want to contribute to the project, please read the guideline.

How to get Ghidra

Ghidra is a Java-based application and is available for Linux, Windows and macOS.

You can download it for free from its official website. It’s around 270MB in size.

There is no installation method for Gidhra. It’s simply an executable so all you need to do is to extract the downloaded file and run it.

Since it is a Java application, make sure to install Java on Ubuntu or any other Linux distribution you are using.

Wrapping Up

NSA has a few good open source project under its name. Not all of them garner praise though thanks to the not-so-good reputation of the security agency. Recently, the inclusion of NSA’s Speck encryption algorithm in Linux kernel created a huge controversy. It was removed from the kernel in the subsequent release.

A free and open source Ghidra would definitely help a lot of researchers and students and on the other side – the competitors will be forced to adjust their pricing.

What are your thoughts about it? Is it a good thing? What do you think about the tool going open source? Let us know what you think in the comments below.