Ghidra is a static analysis/reverse engineering tool that is apparently very similar to big commercial offerings such as IDA Pro. It was developed internally by the NSA, but is just now being released to the public. They put it out there as Free Software under the Apache license. It is written in Java.
Ghidra is out!
Dylan Thompson
Colton Gomez
How is it compared to Radare2?
Jonathan Hill
What could possibly go wrong?
Blake Miller
i wouldn't even run this in a VM
Cooper Evans
botnet
Parker Hill
Basically trash. Use if for the decompiler nothing else.
Jordan Wood
What the fuck even is this reality
Jack Morris
If I remember correctly the US government commissioned an IDA replacement a while ago. Sounds like that is it. Knowing how government projects like these turn out, it's probably hilariously bad compared to the original.
Charles Rogers
Why would they try to replace something that works perfectly fine?
Logan Ward
Beats me, maybe they thought The Great And Powerful NSA (dog bless aberiga) could easily outdo whatever other product, even though their staff is mostly redditards.
Isaac Brooks
Are they?
James Russell
The leaks sure gave me that impression, especially the wiki. Gave off a similar air to googlefags in terms of being high on your own fumes.
Benjamin Walker
...
Daniel Hughes
Wow, it's fucking retard garbage.
Oliver Sanders
Drink bleach and shoot yourself in the mouth, you fucking failed abortion.
Samuel Wood
"ok"
Joseph Brown
In your own words, please explain your qualms with Java and tell me how the target language effects you, not as a contributing developer but as a user of the tool.
Oliver Wood
actually Java is pretty good and safe language and muh compile once, run everywhere is pretty comfy (when it's feasible)
Lincoln Wright
It litterally has a backdoor. Don't use it.
Luke Cook
Usually terrible UIs, poor performance compared to native, the mere existence of the JVM on your machine is a security risk given Java's poor track record.
Evan Miller
Java isn't safe at all, there's a lot of exploits for it.
Proof?
Leo Gray
Neck yourself you worthless nigger.
Daniel Williams
i'm as much of a java hater as the next guy but the 'poor track record' for java is primarily concerned with client-side exploits targeting the virtual machine.
keep in mind, default behavior in say C, is totally unchecked allocations.
Hunter Williams
It's probably clean. If they were to bug it they wouldn't release it as the NSA. The question then is why they'd release it. I think it's to attract talent, hoping a few shiny toys will make people ignore the fact they're working for the devil.
Carter Jackson
Yep. They've even got a recruitment pitch in the README.
Brody James
Only complaint i heard so far was from some poorly included debug mode bug that opened a port. Sensationalist, but it at least shows one issue. Be interesting to see if they push fixes once the source is posted. I might give it a spin since a lot are raving its comparable to IDA in some regards
Gabriel Hughes
Write once, run everywhere is sadly a meme.
t. victim of write once, debug everywhere
Jack Baker
The NSA has open sourced software before. I can't remember the name of it. Oh yeah because it was fucking useless.
Security moralfags.
Sebastian Murphy
Isn't a bad security track record (somewhat ironically) a good thing? It means the issues have already been found and fixed earlier in the projects life cycle.
Bad UI's seems a bit unfair since that's going to differ on a program to program and even framework to framework basis.
Likewise with performance, that's mostly dependent on the platform it runs on. I'm not going to pretend like safe, runtime oriented languages are going to be faster but the difference should be negligible in most cases.
I can't imagine something like this, which will mostly be idle, being perf dependent. Unlike say, a video encoder trying to max out your CPU for the duration of the process lifetime.
You're obviously free to feel however you wish, but I myself don't think these are reasonable objections in this context. I feel like people see Java and instantly write something off and I don't understand that. Just because some programs written in Java are bad does not make all Java program inherently unusable imo.
Parker Jenkins
Because old software is too correct and efficient. Nu-software is inclusive and has contributions by women, homosexuals and brown people.
Henry Allen
Not really since many discovered flaws don't mean few remaining flaws. However, it tells you something (bad) about the quality of the programmers and the program's design.
Charles Wright
You forgot the transsexuals and fishmouth people. Please be more inclusive next time, it's very insensitive to leave out under represented degenerates.
Tyler Collins
Consider it, I might say it's moot then.
Regardless of the past, it's not indicative of the current state. Something is either exploitable or not and we cannot really know until after an exploit has been found.
Also audit and dev teams change so the quality could have gone in either direction as well.
That being said, my stance is that it's still unfair to judge a program based on the language alone, and even extending to Java here, it may not be fair to judge them based on their past versions, or make assumption about the current state of it without certainty.
The Java bullies will be stopped.
Jason Barnes
Not him, but here it goes.
Slow, every large java application I have used has been unresponsive and slow to the point where I don't want to use it. This includes net-simulators, UML graph tools, ide's. Once it might be retarded devs, but when it repeats then, no, it's java.
John Jones
What else do you judge things on except their past?! It's not like they completely rewrite the thing or replace the entire team every time a new version comes around. Additionally, the problem with security exploits is that things can be failing horribly while you are none the wiser, so you necessarily have to rely on heuristics; what better heuristic is there than the project's past?
Just look at something like OpenSSL: Their code is awe-inspiringly terrible (no really, I was literally in awe at how bad it is), but you would be able to tell as much even if it was closed source, simply because they constantly have massive security problems. In a sanely designed program with good developers, these problems simply don't occur at that frequency. If you naively assume that every fixed bug was the last one for real this itme, you get fucked nonstop. Honestly, I'm kinda interested where this attitude comes from, because it seems completely batshit insane to me. Is it wishful thinking?
This also extends to language, e.g. because the language makes it very easy to make such mistakes (C etc) or because the language has a large pool of bad developers (PHP and JS are the primary examples of this, but it applies to Java as well). Or in this case, because the above stuff applies to its implementation. That said, I do agree that shitting on Java is a big meme on Zig Forums and mostly comes from people who couldn't program their way out of a paper bag. It's the cool thing to hate.
Gabriel Hall
Remember when getting into the NSA was a challenge?
Jaxson Torres
Remember when Whites were a super-majority? Everything today is degraded.
Cameron Lee
Look up IDA's licensing fees some time and you'll immediately understand why.
Isaac Thomas
Why don't they just pirate it?
Julian Parker
Why did you take the bait?
Thomas Garcia
Blows IDA and Radare out of the park
Bentley Hughes
Why would you install proprietary software
Bentley Rivera
you're a shill
How is github abotnet that compares to foogle?
Nathaniel James
It's owned by kikerosoft
Dylan Hughes
The short answer is that large java applications open slowly, but then after that are as fast, if not faster, than anything else.
Taking 30-60 seconds to open wasn't that bad 10 years ago, but now people think that's terrible, as if it was really such a massive amount of time. The bad impression at opening the software sticks and retards then think it's always slow and never use it again, because they could opened 10 snapchat messages in the time to open. Java hate = short attention span
hahahahahahahahahahaha
You missed the news didn't you?
Grayson Taylor
Does this mean they have something way better and this ghidra is obsolete?
Christian Perez
What would be the point of backdooring a reverse engineering tool?
Brandon Thompson
Wow Zig Forums is worse than /g/
They release it because they want people to fix it for free and attract new talent at the same time
Jacob Powell
It's not open source though since the code hasn't been released.
Anyway's not it's not /g/ to be weary of THE FUCKING NSA. Fuck off glow-in-the-dark.
Robert Martin
If you find a backdoor in Ghidra I will unironically kill myself on stream.
Nathan Nelson
Ok that makes sence come again
Aiden Baker
ghidra-sre.org
It's still under development.
Maybe they forgot the backdoor.
Levi Miller
shit, tyrone
Robert Wright
LARPer detected. Nothing wrong with Java for this type of program.
Zachary Hill
Full source code was released today. This includes the source to the decompiler and sleigh parser which wasn't included in the initial release.
nsa.gov
github.com
Thoughts?
Jordan Price
What tf am I even supposed to do with it?
Christian Brown
The UI feels pretty slow compared to IDA or radare but it works quite well.
Considering I always do REing in a VM anyways I don't see a reason not to use this.
Lincoln Hughes
I’d set affinity to a single core, it wasn’t coded correctly and is probably less deterministic than the lottery.
William Gomez
You fools, the backdoor is not in Ghidra itself, but a backdoor is dynamically inserted into the code it decompiles so that if you compile it again it's botnet.
Jeremiah Gray
but cant you read the source to find any such things
Blake Diaz
I have a theory that the NSA knows we're all totally owned and with WWIII on the horizon really wants people to discover a lot about the different ways we're owned, and maybe JUUUST maybe, there are "totally not NSA security researchers and teams" who already have a bunch of these vulns which need to be released in a deniable way so the NSA doesn't reveal its capabilities?
That's what I'd do anyways.
Isaac Young
You're thinking of RSA and DSA encryption
John Price
Well, I know they have a bad history, but there is plenty of bad blood between the CIA and the NSA. Also, I don't remember Terry Davis saying anything about glow in the dark "NSANiggers". We also have the NSA to thank, indirectly, for being able to shut off Israel Inside's ME bullshit.
Isaiah Lee
Ghidra might be reverse engineered itself, at least in order for it to be version 9 and be horribly coded.
Carson Long
like version numbers mean anything these days. just look at chrome..
James Young
Now the source code is out, but I can't figure out how to fucking build it. Apparently it requires gradle, so I installed gradle and ran it in the root ghidra directory. Whoops. It requires an older gradle (5.0, specifically). Fine. I install that instead. Now it's complaining about something related to jython and that I don't have a repository set up. I installed jython, but apparently that's not what it's asking for.
I looked through the source tree for variations of *build* to see if there were some build instructions, but I couldn't find any. The README is useless. The wiki/FAQ on github has no info about building. Is there some obvious build documentation I'm missing? Has anybody actually build this?
Sebastian Gomez
lol brainlet
Ian Green
isnt there any build script like a makefile or something? just read it if there is
Nicholas Perez
Asher Nguyen
Looks cool for me. I've scanned the source code with clamav. I'll check, if the code has any analitics shit, if not I'll try it. Not using the software your enemy uses is funny, especially if you have the source code.
Brayden Hill
It's a Java project, Gradle is the build system.
Colton Bell
It is.
:^)
Robert Rogers
It's open source, and so the irony is that only a nigger like you won't be able to tell if its safe or not.
Carson Hughes
Unironically true.
Easton Davis
Lol that picrel.
slow as fuck
funny
Last time I checked (month ago) windows couldn't find USB driver. Linux (kernel) is better at loading binary blobs, than windows.
You mean when they don't install security patch for meltdown and spectre, so games can run smoothly, or when ton of spyware is running in the background?
Just doesn't work it crashes all the time. Updates often break something.
Because Windows wasn't good enough so they had to put GNU/Linux inside.
Implying there are no IDEs on GNU/Linux. Better pay for your monthly Visual Studio subscription.
On GNU/Linux
This is actually an advantage.
Why would I use this spyware?
that's a good thing
Why would I use nonfree drivers/firmware? I don't want to use malicious software on my computer.
There are some problems, but it is still better than being exploited and controlled.
When did Zig Forums became a place full of botnet lovers and windows useds?
Jonathan Butler
lol stopped reading there
Kayden Green
objectively untrue as well.
Jaxon Garcia
No an argument
Liam Lewis
Did you follow the dev guide?
github.com
Jaxson Harris
Meant for
Jacob Foster
Here we see the loonix fag claiming a problem is a solution
Austin Jenkins
That's not because driver devs are retarded, but hardware manufacturers are - they won't tell how the hardware works, they'll just give you a binary blob. There are some backward engineering efforts, but it is hard and firmware is often signed with a crypto key, so you can't use your own software on that hardware.
The solution is to support only copmanies that produce libre hardware.
Parker Gray
Libre hardware is great to have but not necessary. What's absolutely necessary is accurate technical documentation about the specifications of the hardware. When programmers have the proper specifications, then the programmer should be able to write the appropriate driver for the hardware device. Libre hardware should have this level of technical specification. However it's perfectly fine for a black box device as long as the interfaces and relevant internal knowledge are documented for the programmer.
Robert Moore
HAPAS ARE SUPERIOR TO WHITES
Robert Roberts
HAPAS ARE SUPERIOR TO WHITES
Jordan Harris
HAPAS ARE SUPERIOR TO WHITES
Jose Butler
HAPAS ARE SUPERIOR TO WHITES
Brayden Howard
HAPAS ARE SUPERIOR TO WHITES
Thomas Lee
Schizophrenia is one hell of a drug.
Alexander Lee
Masons, Masons everywhere...
Joshua Long
Wow. Just wow.
David Robinson
Shit thread
Landon Moore
I love eating kebabs. Why do you guys want to kill the Muslims?