Get Your Free Nsa Reverse Engineering Tool

SESSION ID: PNG-T09 GET YOUR FREE NSA REVERSE ENGINEERING TOOL

Rob Joyce Senior Advisor for Cybersecurity National Security Agency

#RSAC #RSAC Introducing:

SOFTWARE REVERSE ENGINEERING TOOL SUITE

2 #RSAC Ghidra Purpose - What’s in Your Binary?

3 #RSAC Assembling the Puzzle

RAW BINARY ANNOTATED ASSEMBLY C CODE

4 #RSAC Key Features:

Collaborative Software Reverse Engineering Scalable / Extendable Generic Processor Model Interactive and non-GUI Powerful analysis to Understand Variants

5 #RSAC Key Features:

Collaborative Software Reverse Engineering Scalable / Extendable Generic Processor Model Interactive and non-GUI Powerful analysis to Understand Variants Undo / Redo

6 #RSAC Why Did We Release Ghidra?

Improve cybersecurity tools Build a community Educational Use Your tax dollars at work

7 #RSAC A product of NSA’s Research Organization

8 #RSAC Get Started in the Project Manager

Open a new project Drag your binary into the project

9 #RSAC Configurable Environment

10 #RSAC Many Views All in Sync

11 #RSAC Multi-User Analysis and Collaboration

Shared Repository Reverse Engineering Version Control Fine Grained Merge Speeds up analysis Share Knowledge #RSAC Generic Processor Model - Sleigh

Memory Model Registers Addressing Modes Instructions Pcode – Intermediate representation

13 #RSAC Processors Supported:

X86 16/32/64 Sparc 32/64 ARM/AARCH64 CR16C PowerPC 32/64, VLE Z80 MIPS 16/32/64,micro 6502 8051 68k MSP430 Java / DEX bytecode AVR8, AVR32 PA-RISC Others + variants PIC 12/16/17/18/24

14 #RSAC Decompiler

15 #RSAC Decompiler

16 #RSAC In-line Assembler

17 #RSAC Function Graphs

18 #RSAC Annotated Differences

19 #RSAC Version Tracking Matches functions and data from one version to another Multiple algorithms for finding matches Easily port annotations and analysis from one version to another

20 #RSAC File System

Viewing/extracting/importing nested components Support wide range for formats: tar, zip, gzip, iso9660, apk, etc.

21 #RSAC Powerful Scripting

Extends Ghidra Tightly integrated

22 #RSAC Automating Analysis

Batch run Ghidra scripts without the GUI

23 #RSAC And More Features Including:

24 #RSAC Learning Ghidra

25 #RSAC What’s Next For Us?

Integrated Debugger

26 #RSAC What's Next for You?

Get the software: www.nsa.gov/ghidra

Talk to experts at RSA: NSA Booth, 1753 South Hall

27 #RSAC What’s in Your Binary? www.nsa.gov/ghidra