Ghidra is out!

Dylan Thompson
Dylan Thompson

Ghidra is a static analysis/reverse engineering tool that is apparently very similar to big commercial offerings such as IDA Pro. It was developed internally by the NSA, but is just now being released to the public. They put it out there as Free Software under the Apache license. It is written in Java.

Site
ghidra-sre.org/
Source code
github.com/NationalSecurityAgency/ghidra

Attached: GHIDRA-1.png (185.37 KB, 1497x1015)

Other urls found in this thread:

github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions#where-is-the-complete-ghidra-source-code
ghidra-sre.org/releaseNotes.html
nsa.gov/ghidra
github.com/NationalSecurityAgency/ghidra
github.com/NationalSecurityAgency/ghidra/blob/master/DevGuide.md

Colton Gomez
Colton Gomez

How is it compared to Radare2?

Jonathan Hill
Jonathan Hill

literal glownigger code
What could possibly go wrong?

Blake Miller
Blake Miller

by NSA
i wouldn't even run this in a VM

Cooper Evans
Cooper Evans

github
botnet

Parker Hill
Parker Hill

Basically trash. Use if for the decompiler nothing else.

Jordan Wood
Jordan Wood

no such agency has a github account
they release code for their secret hack tools there
guthub is owned by microsoft
microsoft is run by a pajeet and likes oss/linux now
What the fuck even is this reality

Jack Morris
Jack Morris

If I remember correctly the US government commissioned an IDA replacement a while ago. Sounds like that is it. Knowing how government projects like these turn out, it's probably hilariously bad compared to the original.

Charles Rogers
Charles Rogers

Why would they try to replace something that works perfectly fine?

Logan Ward
Logan Ward

Why does a government agency waste shitloads of money on golden toilets?
Beats me, maybe they thought The Great And Powerful NSA (dog bless aberiga) could easily outdo whatever other product, even though their staff is mostly redditards.

Isaac Brooks
Isaac Brooks

even though their staff is mostly redditards.
Are they?

James Russell
James Russell

The leaks sure gave me that impression, especially the wiki. Gave off a similar air to googlefags in terms of being high on your own fumes.

Benjamin Walker
Benjamin Walker

They put it out there as Free Software under the Apache license. It is written in Java.
<no source code available (yet)
github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions#where-is-the-complete-ghidra-source-code

Daniel Hughes
Daniel Hughes

It is written in Java.
Wow, it's fucking retard garbage.

Oliver Sanders
Oliver Sanders

Drink bleach and shoot yourself in the mouth, you fucking failed abortion.

Samuel Wood
Samuel Wood

"ok"

Attached: did-you-cry.png (90.24 KB, 363x359)

Joseph Brown
Joseph Brown

In your own words, please explain your qualms with Java and tell me how the target language effects you, not as a contributing developer but as a user of the tool.

Oliver Wood
Oliver Wood

actually Java is pretty good and safe language and muh compile once, run everywhere is pretty comfy (when it's feasible)

Lincoln Wright
Lincoln Wright

It litterally has a backdoor. Don't use it.

Luke Cook
Luke Cook

Usually terrible UIs, poor performance compared to native, the mere existence of the JVM on your machine is a security risk given Java's poor track record.

Evan Miller
Evan Miller

Java is pretty good and safe language
Java isn't safe at all, there's a lot of exploits for it.

Proof?

Leo Gray
Leo Gray

Neck yourself you worthless nigger.

Attached: kill-yourself-faggot.png (189.29 KB, 480x255)

Daniel Williams
Daniel Williams

i'm as much of a java hater as the next guy but the 'poor track record' for java is primarily concerned with client-side exploits targeting the virtual machine.

keep in mind, default behavior in say C, is totally unchecked allocations.

Hunter Williams
Hunter Williams

It's probably clean. If they were to bug it they wouldn't release it as the NSA. The question then is why they'd release it. I think it's to attract talent, hoping a few shiny toys will make people ignore the fact they're working for the devil.

Attached: java.jpg (41.66 KB, 960x540)

Carter Jackson
Carter Jackson

Yep. They've even got a recruitment pitch in the README.

Brody James
Brody James

Only complaint i heard so far was from some poorly included debug mode bug that opened a port. Sensationalist, but it at least shows one issue. Be interesting to see if they push fixes once the source is posted. I might give it a spin since a lot are raving its comparable to IDA in some regards

Gabriel Hughes
Gabriel Hughes

Write once, run everywhere is sadly a meme.
t. victim of write once, debug everywhere

Jack Baker
Jack Baker

The NSA has open sourced software before. I can't remember the name of it. Oh yeah because it was fucking useless.

Security moralfags.

Sebastian Murphy
Sebastian Murphy

Isn't a bad security track record (somewhat ironically) a good thing? It means the issues have already been found and fixed earlier in the projects life cycle.

Bad UI's seems a bit unfair since that's going to differ on a program to program and even framework to framework basis.

Likewise with performance, that's mostly dependent on the platform it runs on. I'm not going to pretend like safe, runtime oriented languages are going to be faster but the difference should be negligible in most cases.
I can't imagine something like this, which will mostly be idle, being perf dependent. Unlike say, a video encoder trying to max out your CPU for the duration of the process lifetime.

You're obviously free to feel however you wish, but I myself don't think these are reasonable objections in this context. I feel like people see Java and instantly write something off and I don't understand that. Just because some programs written in Java are bad does not make all Java program inherently unusable imo.

Parker Jenkins
Parker Jenkins

Because old software is too correct and efficient. Nu-software is inclusive and has contributions by women, homosexuals and brown people.

Henry Allen
Henry Allen

Isn't a bad security track record (somewhat ironically) a good thing?
Not really since many discovered flaws don't mean few remaining flaws. However, it tells you something (bad) about the quality of the programmers and the program's design.

Charles Wright
Charles Wright

You forgot the transsexuals and fishmouth people. Please be more inclusive next time, it's very insensitive to leave out under represented degenerates.

Tyler Collins
Tyler Collins

Consider it, I might say it's moot then.
Regardless of the past, it's not indicative of the current state. Something is either exploitable or not and we cannot really know until after an exploit has been found.
Also audit and dev teams change so the quality could have gone in either direction as well.

That being said, my stance is that it's still unfair to judge a program based on the language alone, and even extending to Java here, it may not be fair to judge them based on their past versions, or make assumption about the current state of it without certainty.

The Java bullies will be stopped.

Jason Barnes
Jason Barnes

Not him, but here it goes.
Slow, every large java application I have used has been unresponsive and slow to the point where I don't want to use it. This includes net-simulators, UML graph tools, ide's. Once it might be retarded devs, but when it repeats then, no, it's java.

John Jones
John Jones

What else do you judge things on except their past?! It's not like they completely rewrite the thing or replace the entire team every time a new version comes around. Additionally, the problem with security exploits is that things can be failing horribly while you are none the wiser, so you necessarily have to rely on heuristics; what better heuristic is there than the project's past?

Just look at something like OpenSSL: Their code is awe-inspiringly terrible (no really, I was literally in awe at how bad it is), but you would be able to tell as much even if it was closed source, simply because they constantly have massive security problems. In a sanely designed program with good developers, these problems simply don't occur at that frequency. If you naively assume that every fixed bug was the last one for real this itme, you get fucked nonstop. Honestly, I'm kinda interested where this attitude comes from, because it seems completely batshit insane to me. Is it wishful thinking?

This also extends to language, e.g. because the language makes it very easy to make such mistakes (C etc) or because the language has a large pool of bad developers (PHP and JS are the primary examples of this, but it applies to Java as well). Or in this case, because the above stuff applies to its implementation. That said, I do agree that shitting on Java is a big meme on Zig Forums and mostly comes from people who couldn't program their way out of a paper bag. It's the cool thing to hate.

Gabriel Hall
Gabriel Hall

Remember when getting into the NSA was a challenge?

Jaxson Torres
Jaxson Torres

Remember when Whites were a super-majority? Everything today is degraded.

Cameron Lee
Cameron Lee

Look up IDA's licensing fees some time and you'll immediately understand why.

Isaac Thomas
Isaac Thomas

Why don't they just pirate it?

Julian Parker
Julian Parker

Why did you take the bait?

Thomas Garcia
Thomas Garcia

Blows IDA and Radare out of the park

Bentley Hughes
Bentley Hughes

Why would you install proprietary software

Bentley Rivera
Bentley Rivera

you're a shill
How is github abotnet that compares to foogle?

Nathaniel James
Nathaniel James

It's owned by kikerosoft

Dylan Hughes
Dylan Hughes

Is java really that bad?
The short answer is that large java applications open slowly, but then after that are as fast, if not faster, than anything else.

Taking 30-60 seconds to open wasn't that bad 10 years ago, but now people think that's terrible, as if it was really such a massive amount of time. The bad impression at opening the software sticks and retards then think it's always slow and never use it again, because they could opened 10 snapchat messages in the time to open. Java hate = short attention span

The NSA didn't backdoor the software
hahahahahahahahahahaha
You missed the news didn't you?

Grayson Taylor
Grayson Taylor

Does this mean they have something way better and this ghidra is obsolete?

Christian Perez
Christian Perez

What would be the point of backdooring a reverse engineering tool?

Brandon Thompson
Brandon Thompson

Wow Zig Forums is worse than /g/
muh backdoors in an open source program directed at reverse engineers
They release it because they want people to fix it for free and attract new talent at the same time

Attached: 1201635159.jpg (18.04 KB, 373x339)

Jacob Powell
Jacob Powell

It's not open source though since the code hasn't been released.
Anyway's not it's not /g/ to be weary of THE FUCKING NSA. Fuck off glow-in-the-dark.

Robert Martin
Robert Martin

If you find a backdoor in Ghidra I will unironically kill myself on stream.

Nathan Nelson
Nathan Nelson

Ok that makes sence come again

Aiden Baker
Aiden Baker

ghidra-sre.org/releaseNotes.html
It's still under development.

Maybe they forgot the backdoor.

Levi Miller
Levi Miller

proprietary software
written by nsa
shit, tyrone

Robert Wright
Robert Wright

LARPer detected. Nothing wrong with Java for this type of program.

Zachary Hill
Zachary Hill

Full source code was released today. This includes the source to the decompiler and sleigh parser which wasn't included in the initial release.

nsa.gov/ghidra
github.com/NationalSecurityAgency/ghidra

Thoughts?

Jordan Price
Jordan Price

What tf am I even supposed to do with it?

Christian Brown
Christian Brown

The UI feels pretty slow compared to IDA or radare but it works quite well.

Considering I always do REing in a VM anyways I don't see a reason not to use this.

Attached: 123713465273.png (253.92 KB, 2396x1616)

Lincoln Hughes
Lincoln Hughes

I’d set affinity to a single core, it wasn’t coded correctly and is probably less deterministic than the lottery.

William Gomez
William Gomez

You fools, the backdoor is not in Ghidra itself, but a backdoor is dynamically inserted into the code it decompiles so that if you compile it again it's botnet.

Jeremiah Gray
Jeremiah Gray

but cant you read the source to find any such things

Blake Diaz
Blake Diaz

I have a theory that the NSA knows we're all totally owned and with WWIII on the horizon really wants people to discover a lot about the different ways we're owned, and maybe JUUUST maybe, there are "totally not NSA security researchers and teams" who already have a bunch of these vulns which need to be released in a deniable way so the NSA doesn't reveal its capabilities?

That's what I'd do anyways.

Isaac Young
Isaac Young

You're thinking of RSA and DSA encryption

John Price
John Price

Well, I know they have a bad history, but there is plenty of bad blood between the CIA and the NSA. Also, I don't remember Terry Davis saying anything about glow in the dark "NSANiggers". We also have the NSA to thank, indirectly, for being able to shut off Israel Inside's ME bullshit.

Attached: 3e14a8d0f68612f21990d435a4ebadf5b3cbb127371e8a416aba37676320858c.png (591.79 KB, 1280x800)

Isaiah Lee
Isaiah Lee

Ghidra might be reverse engineered itself, at least in order for it to be version 9 and be horribly coded.

Carson Long
Carson Long

like version numbers mean anything these days. just look at chrome..

James Young
James Young

Now the source code is out, but I can't figure out how to fucking build it. Apparently it requires gradle, so I installed gradle and ran it in the root ghidra directory. Whoops. It requires an older gradle (5.0, specifically). Fine. I install that instead. Now it's complaining about something related to jython and that I don't have a repository set up. I installed jython, but apparently that's not what it's asking for.

I looked through the source tree for variations of *build* to see if there were some build instructions, but I couldn't find any. The README is useless. The wiki/FAQ on github has no info about building. Is there some obvious build documentation I'm missing? Has anybody actually build this?

Sebastian Gomez
Sebastian Gomez

lol brainlet

Ian Green
Ian Green

isnt there any build script like a makefile or something? just read it if there is

Nicholas Perez
Nicholas Perez

literal glow in the dark CIAnigger software
<not a botnet goyim

lol gtfo
<what was the point of systemd, what was the point of eternalblue, heartbleed(cia used for at least 2+ yrs prior to discovery) etc etc etc

Attached: 1550552501651.jpg (7.99 KB, 235x215)

Asher Nguyen
Asher Nguyen

Looks cool for me. I've scanned the source code with clamav. I'll check, if the code has any analitics shit, if not I'll try it. Not using the software your enemy uses is funny, especially if you have the source code.

Why would they try to replace something that works perfectly fine?
<nonfree software
<working perfectly fine
Lol
Because old software is too correct and efficient. Nu-software is inclusive and has contributions by women, homosexuals and brown people.
<nonfree software
<too correct and efficient
<Proprietary software is the best software goy!
Yeah, 100% straight male proprietary software is better that this dirty SJW free/libre software.

Brayden Hill
Brayden Hill

It's a Java project, Gradle is the build system.

Colton Bell
Colton Bell

Yeah, 100% straight male proprietary software is better that this dirty SJW free/libre software.
It is.
women, homosexuals, or brown people had anything to do with coding this software.
:^)

Robert Rogers
Robert Rogers

It's open source, and so the irony is that only a nigger like you won't be able to tell if its safe or not.

Carson Hughes
Carson Hughes

Yeah, 100% straight male proprietary software is better that this dirty SJW free/libre software.
Unironically true.

Attached: Lincucks.png (548.78 KB, 1200x756)

Easton Davis
Easton Davis

Lol that picrel.
powershell
slow as fuck
profit-driven innovation
innovation
funny
full hardware support
Last time I checked (month ago) windows couldn't find USB driver. Linux (kernel) is better at loading binary blobs, than windows.
full hardware performance
You mean when they don't install security patch for meltdown and spectre, so games can run smoothly, or when ton of spyware is running in the background?
just works
Just doesn't work it crashes all the time. Updates often break something.
WSL
Because Windows wasn't good enough so they had to put GNU/Linux inside.
IDEs
Implying there are no IDEs on GNU/Linux. Better pay for your monthly Visual Studio subscription.

On GNU/Linux
end user compilation
This is actually an advantage.
No flash
Why would I use this spyware?
shell scripts
that's a good thing
No hardware support
Why would I use nonfree drivers/firmware? I don't want to use malicious software on my computer.
systemdick etc.
There are some problems, but it is still better than being exploited and controlled.

When did Zig Forums became a place full of botnet lovers and windows useds?

Jonathan Butler
Jonathan Butler

windows couldn't find USB driver
lol stopped reading there

Kayden Green
Kayden Green

no flash
Why would I use this spyware?
objectively untrue as well.

Jaxon Garcia
Jaxon Garcia

No an argument

Liam Lewis
Liam Lewis

Did you follow the dev guide?
github.com/NationalSecurityAgency/ghidra/blob/master/DevGuide.md

Jaxson Harris
Jaxson Harris

Meant for

Jacob Foster
Jacob Foster

Why would I use nonfree drivers/firmware?
Here we see the loonix fag claiming a problem is a solution

Austin Jenkins
Austin Jenkins

Here we see the loonix fag claiming a problem is a solution
That's not because driver devs are retarded, but hardware manufacturers are - they won't tell how the hardware works, they'll just give you a binary blob. There are some backward engineering efforts, but it is hard and firmware is often signed with a crypto key, so you can't use your own software on that hardware.
The solution is to support only copmanies that produce libre hardware.

Parker Gray
Parker Gray

Libre hardware is great to have but not necessary. What's absolutely necessary is accurate technical documentation about the specifications of the hardware. When programmers have the proper specifications, then the programmer should be able to write the appropriate driver for the hardware device. Libre hardware should have this level of technical specification. However it's perfectly fine for a black box device as long as the interfaces and relevant internal knowledge are documented for the programmer.

Robert Moore
Robert Moore

HAPAS ARE SUPERIOR TO WHITES

Robert Roberts
Robert Roberts

HAPAS ARE SUPERIOR TO WHITES

Jordan Harris
Jordan Harris

HAPAS ARE SUPERIOR TO WHITES

Jose Butler
Jose Butler

HAPAS ARE SUPERIOR TO WHITES

Brayden Howard
Brayden Howard

HAPAS ARE SUPERIOR TO WHITES

Thomas Lee
Thomas Lee

Schizophrenia is one hell of a drug.

Alexander Lee
Alexander Lee

Masons, Masons everywhere...

Joshua Long
Joshua Long

Wow. Just wow.

David Robinson
David Robinson

Shit thread

Landon Moore
Landon Moore

I love eating kebabs. Why do you guys want to kill the Muslims?