NSA GHIDRA Disassembler Vault7
The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.
I first used a "disassembler" in late 1980, a program that disassembled 8080 machine code into 8080 assembly language. ( it was called "Resource"). I recall my first (comic) "disappointment" was that it didn't somehow regenerate the original labels and comments...!!! This sounds like it: https://gopherproxy.meulie.net/gopher.floodgap.com/0/archive/walnut-creek-cd... "RESOURCE Disassembler Overall structure Sample of RESOURCE usage Disassembly steps Description of commands Watch for... (tips) Quick command summary ZESOURCE: Extension of RESOURCE RESOURCE: disassembler for 8080 programs by Ward Christensen (312) 849-6279 " RESOURCE commands are inconsistent at best. - RESOURCE is a kludge based on years of disassembler experience and hacking, and was never "planned" - just coded sitting at a tube, and modified over 2 years before being contributed to the CP/M UG (1/80). For example, to kill a symbol: k.label but to kill a control value: caddr,k and to kill a comment: ;addr, but RESOURCE does the job like no other I have seen. N-O-T-E: Pardon the editorial, but I feel hardware without good software is useless to 99% of us. Most good software has to be paid for. I strongly support the legitimate purchase of licensed software. I do not regularly use any programs which I have not purchased. (Yes, I do occasionally "try" one, but then buy it if I plan on using it). I have been asked by software businesses to NOT distribute RESOURCE - because of it's ability to produce good .asm source quickly. But, there are so many disassemblers out, why not a good, conversational one? Please use it in the spirit in which it was contributed: to enlarge your understanding of the micro- computer world around you, and to allow you to customize programs which you legitimately own, for your own use. "Semper non rippus offus" "========================================================= Ward Christensen built what I understand was the first computer bulletin-board system, which he called "CBBS", in Chicago.I became friends with the owner and operator of the second (?) CBBS, called "CBBS-NW", Jim Willing, who lived in Beaverton Oregon in 1980. Jim Bell On Sunday, January 6, 2019, 12:43:59 PM PST, grarpamp <grarpamp@gmail.com> wrote: The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.
participants (2)
-
grarpamp
-
jim bell