Ghidra is an open source tool that helps security researchers better understand programs. The tool was launched and released today at the RSA Conference in San Francisco.
Ghidra is a reverse engineering tool
But what does Reverse Engineering actually mean? When developing software, what the program should do is set in a human-understandable programming language (e.g., Java or Python). This so-called source code is converted by a translator, the compiler, into machine code, that is to say computer-readable instructions.
Reverse engineering is an attempt to reverse this step and see how a program works and runs. Manufacturers are trying to protect themselves, but reverse engineering is an important tool in IT security.
Why are there tools like Ghidra?
Reverse engineering is an important step for safety. With the help of reverse engineering, for example, weak spots in password safes are found and can be closed. Another use case for the tool is the analysis of malware. Malware is often analyzed to understand how it works. If a computer is encrypted after a ransomware attack, it can eventually be decrypted with a “master key” or program This is mostly due to reverse engineering. The blog post by Digital Media Women describes the work of a Malware Reverse Engineer at GData Advanced Analytics from Bochum.
Why is Ghidra so exciting?
The world became really aware of Ghidra in the course of the Vault7 releases in 2017 through Wikileaks code. Ghidra has a graphical interface and has been developed by the NSA since the early 2000s. The exciting thing is that there has been little movement in the reverse engineering market so far. Almost all tools are associated with enormous financial expenses which meant a high entry barrier. Ghidra makes it much easier for those interested, students and teachers to learn reverse engineering.
Installation and first impression
This post is also available in: Deutsch (German)