I would be curious if anyone knows what their filter, reasoning, etc - for open sourcing X vs Y. In case of Ghidra, think its existence was originally revealed to the public via WikiLeaks in 2017; might be wrong, but think the software was posted too — for sure though was open sourced two years later in 2019.
If their reasoning was to spur on development in the reverse engineering space they've done amazing things by releasing this.
The obvious step 1) Lots of people use & improve ghidra, write plugins etc. It is good now, but in 5 years it could be best in class.
step 2) their biggest & bestest competitor IDA has massively accelerated the rate of their development, engagement & community responsiveness. IDA was this slow moving dinosaur that had good ideas and people that has been poked to life by a proper competitor.
If the NSA wants a robust RE scene, with experience engineers and good tools, then I think they've done themselves a massive favour by releasing and stewarding the development of ghidra as an OSS tool.
Ghidra was already best-in-class, and the goal isn't to build a community around Ghidra -- it's to spur recruiting by giving people a taste of how far ahead the NSA is of what's commercially available. If this is what they can give away for free, imagine what you can use if you go work there.
The version they (and their partner agencies) use internally is even better. Some of these additional plugins will likely never see the light of day publicly as they're either too tied into internal systems or otherwise deemed too sensitive, but they're very impressive.
What are you using it for that you think it is best in class?
For everything I use it for IDA is still well ahead.
I only do x86 work, so maybe in other areas, but I doubt it? The decompiler is getting better, but still has quite a ways to go, the plugin support is way behind, etc etc.
Maybe they meant the class of open source reverse engineering tools
Just as others have mentioned, it can be problematic to even buy IDA Pro, so if Jane Haqor is able to get started with Ghidra and then develops a passion for the space, then that makes Ghidra best for that class, also
> I would be curious if anyone knows what their filter, reasoning, etc - for open sourcing X vs Y.
NSA is both red team and blue team. This is a blue team tool used by reverse engineers to analyze malware, so it was NSA's little gift to researchers, an agency known for hoarding secrets for our 'security'.
> This is a blue team tool used by reverse engineers to analyze malware
It's also a red team tool for binary exploitation.
EDIT: The cynic in me posits it was used far more for exploit development than for analyzing malware, unless that had offensive applications too. But I don't know anything, I never worked there.
They open source stuff that is no longer a differentiated capability (hence no harm in releasing it to the public), and the goal is recruiting. Same as any tech company that open sources projects because it'll attract positive attention from hiring prospects.
Which is prescient... this is a tool by the NSA after all. I would be disappointed if it wasn't back-doored... Anybody working on a feature-parity FOSS alternative from scratch?
What would a back door look like in a tool like this? Silently returning incorrect results for certain binaries?
Perhaps I lack imagination but I’m having trouble picturing what that could be good for or how it could even be hidden. This isn’t like a crypto constant that you can pretend is random but secretly has known factors.
Like, come on. How it's can be back-doored if it can work just fine in offline VM?
Also there are only small percent of specialists who even know this tool exist let alone have know-how to use it. And since it heavily used for mailware reverse engineering it's gonna be laughtable to put any "secret backdoors and exploits" in it.
Might be worth it as hacker contest for finding good hiring candidates, but certainly not at spying attempt. No sane person who able to use this software gonna run it on PC containing some important secrets.
Like any other organization NSA needs to attract talent and compete for it with US corporations. Releasing Ghidra as open source they solve multiple problems.
1. Show everyone in reverse engineering and cybersecurity community what cool toys NSA have to play with.
2. Make sure there is huge pool of talent trained to work with NSA tools.
3. Get countless contributions towards processors / architecture support, etc.
Chris Delikat presented iirc mostly practical reasons for open sourcing Ghidra, like interoperability with other agencies or non-government groups, at Black Hat 2019: https://youtu.be/kx2xp7IQNSc?t=1838
If the reasons presented were actually decisive can of course be questioned.
Okay I haven't seen this speech before. I guess we can actually trust the guy who worked at NSA at time to know their reason for releasing it. I mean Chris Delikat.
And yeah he does mention recruitment benefits on second slide.
Yep. The NSA was solving a universal problem (nobody wants to pay for IDA Pro licenses) and it makes more sense to pool their efforts with the community than to divide them. That, and it's also great PR. But mostly the first one, I reckon.
What worse before Ghidra was released it was actually damn hard to even buy IDA license and I not even sure if situation changed at all. I cant even imagine that someone can "secretly" buy an IDA license and it obvious thing that NSA would want to do.
I guess people who come up with conspiracy theories simply don't know that all around the world there might be like 10,000 good reverse engineering experts. Might be even less of them. It's very small talent pool and it does make sense for NSA to do everything to make hiring easier.
If there is a set of organizations that would consider using this tool that could be the justification for releasing it. It's a tool to reverse engineer binaries so it's likely to also reverse engineer whoever is foolish enough to run it in a production environment against an adversary thus putting the NSA in the driver's seat.
Are you familiar with how Ghidra works? You run it own your own computer on a binary that you feed it. It’s not like it talks to the NSA to exfiltrate things.
He's not completely wrong though, you do want to be careful when your using something developed by someone like the NSA. It's the same reason you want to be careful using cracked versions of IDA since the guys that can crack IDA can probably do other stuff to it.
I think thats part of the reason NSA open sourced the code for it so people could see no backdoor are in there. So in this particular case maybe less of a concern
I’m curious, is it known how far the NSA goes in hacking computers and phones? Is there any NSA proof setup?
For example, do they have a surveillance system that remotely monitors or can remotely every Apple’s device (they are all closed source)? If small companies can do it, surely nsa does it too!
Or a system through which they can login to anyone’s account linked to American companies (eg, existence of a software system through which they login to anyone’s Gmail or AWS account when needed, without subpoena or request to those companies).
This basic means complete mass or targeted surveillance. Encryption seems futile against such actors that can hack end points easily.
I would assume that NSA could totally do targeted surveillance on anyone as even if we assume that NSA couldn't do anything, they clearly have money and contact to buy everything from Israel, which has proven technology to hack phones with 0 click.
For mass surveillance, the problem is not technical but more legal. It is almost plain and clear illegal for any agency to do in US to do it on all data so they have to come up with loopholes for things like metadata or risk the agency.
Mass surveillance has been on for more than a decade. You can assume that all non encrypted communication is logged. Snowden's leak showed that NSA was tapping internal Google fiber at the transcontinental connection points. Google immediately switched to encrypted communication within Google's data center.
The legality applies to American residents. I assume the surveillance can be uncontrolled with foreign citizens.
This then brings up the question about intellectual property. How do weaker nations protect their IP on important technologies against more powerful nations such U.S. or China?
This seems to lead to a widening information gap between nations.
Pegasus was detected by sending sample devices to Citizen Lab[0]. Currently there is no known evidence of an NSA 'backdoor' in iPhones, and if there is, it's very well hidden. And it's not like we can't inspect traffic going in and out of iPhones. If you are concerned about data being sent to Fort Meade, MITM all the traffic and then blow the whistle to alert others.
- https://github.com/NationalSecurityAgency
Prior HN coverage is here:
- https://hn.algolia.com/?q=https%3A%2F%2Fgithub.com%2FNationa...
I would be curious if anyone knows what their filter, reasoning, etc - for open sourcing X vs Y. In case of Ghidra, think its existence was originally revealed to the public via WikiLeaks in 2017; might be wrong, but think the software was posted too — for sure though was open sourced two years later in 2019.