SESSION ID: PNG-T09 GET YOUR FREE NSA REVERSE ENGINEERING TOOL Rob Joyce Senior Advisor for Cybersecurity National Security Agency #RSAC #RSAC Introducing: SOFTWARE REVERSE ENGINEERING TOOL SUITE 2 #RSAC Ghidra Purpose - What’s in Your Binary? 3 #RSAC Assembling the Puzzle RAW BINARY ANNOTATED ASSEMBLY C CODE 4 #RSAC Key Features: Collaborative Software Reverse Engineering Scalable / Extendable Generic Processor Model Interactive and non-GUI Powerful analysis to Understand Variants 5 #RSAC Key Features: Collaborative Software Reverse Engineering Scalable / Extendable Generic Processor Model Interactive and non-GUI Powerful analysis to Understand Variants Undo / Redo 6 #RSAC Why Did We Release Ghidra? Improve cybersecurity tools Build a community Educational Use Your tax dollars at work 7 #RSAC A product of NSA’s Research Organization 8 #RSAC Get Started in the Project Manager Open a new project Drag your binary into the project 9 #RSAC Configurable Environment 10 #RSAC Many Views All in Sync 11 #RSAC Multi-User Analysis and Collaboration Shared Repository Reverse Engineering Version Control Fine Grained Merge Speeds up analysis Share Knowledge #RSAC Generic Processor Model - Sleigh Memory Model Registers Addressing Modes Instructions Pcode – Intermediate representation 13 #RSAC Processors Supported: X86 16/32/64 Sparc 32/64 ARM/AARCH64 CR16C PowerPC 32/64, VLE Z80 MIPS 16/32/64,micro 6502 8051 68k MSP430 Java / DEX bytecode AVR8, AVR32 PA-RISC Others + variants PIC 12/16/17/18/24 14 #RSAC Decompiler 15 #RSAC Decompiler 16 #RSAC In-line Assembler 17 #RSAC Function Graphs 18 #RSAC Annotated Differences 19 #RSAC Version Tracking Matches functions and data from one version to another Multiple algorithms for finding matches Easily port annotations and analysis from one version to another 20 #RSAC File System Viewing/extracting/importing nested components Support wide range for formats: tar, zip, gzip, iso9660, apk, etc. 21 #RSAC Powerful Scripting Extends Ghidra Tightly integrated 22 #RSAC Automating Analysis Batch run Ghidra scripts without the GUI 23 #RSAC And More Features Including: 24 #RSAC Learning Ghidra 25 #RSAC What’s Next For Us? Integrated Debugger 26 #RSAC What's Next for You? Get the software: www.nsa.gov/ghidra Talk to experts at RSA: NSA Booth, 1753 South Hall 27 #RSAC What’s in Your Binary? www.nsa.gov/ghidra 28.