As good as SELinux and TrustedBSD are, I wouldn't expect them to be any sort of defense against the NSA. I wouldn't expect them to publish anything that they can't already own when they want to.
The only thing that can protect you from state actors is a one-way data diode, and/or a complete air gap system with rigorous physical security AKA another state...and even then...spies ;)
You might be familiar with NSA as an offensive agency interested in subverting security systems, but it's actually composed of two separate and often warring divisions, the second of which is defensive in nature and is interested in securing systems. It is this second division which has a history of contributing in good faith to security projects, public and otherwise.
Ghidra is powerful. The only thing I miss is the ability to actually do versioned (=Git) collaboration, or at least to publish stuff to Github or whatever without needing to either host Ghidra Server myself or depend on someone else.
Purely out of ignorance - what's the context here? I'm not in this space, but afaik Ghidra was released years ago so I'm guessing this post was triggered by a recent development, but it's not clear what that might be.
As someone who is in this space, I’m not aware of any recent major developments so it’s most likely someone just thought it’s cool and hasn’t been talked about on HN in sufficiently long
Yesterday Joe Grand put up a video explaining how he used Ghidra to find the password generator pattern and helped someone recover 43 BTC. For some folks, that was probably their first time seeing Ghidra in action and I imagine it sparked the curiosity flame again.
People post random stuff on here all the time. Often it is just a Wikipedia link to some topic with no context, no discussion or anything. I think it is lazy karma whoring and it works because people upvote it if they know what it is an like it. I might go ahead and submit the Wiki page for Rust :)
I think the effect on pirated debuggers might have been bigger. When I was young and dabbled in this space one fun part of the experience was finding a cracked version of Olly that didn't have custom trojans in it. I'm sure this tradition continued after I sort of dropped out, at least until Ghidra and WinDbg and low-threshold gdb-facades made it less relevant.
V1 is still shareware, but wasn't it always free to use? I mean, not that it matters in the long run, now I guess Olly was superseded by x64dbg anyway, but as a person who migrated from SoftICE to Olly, I've never had to find a cracked version for it. But the again, I was one of those "last men standing" when it came to migration, so I could migrate relatively late compared to others.
What's annoying in IDA Pro price system is that for every OS you need a separate license. Every other tool - Binary Ninja, JEB, etc - has just a license for particular edition and add-ons but it is valid for every operating system.
Most of leaked copies in recent years were specifically bought to be pirated (except Keen Lab one, rip), and as Windows binaries are the actually portable executables now because of ABI stability and Wine, they almost always buy the Windows version.
I've never seen a single leaked Linux IDA Pro and it's immensely useful to have IDA on a real OS without headaches caused by Wine.
I don't think anything changed commercially. In security companies, know hows, scripts, support, feature set, is all IDA, not Ghidra. Especially the feature set is not yet the same (IDA has more bells and whistles).
Personally, I've switched to Ghidra for most of the things, IDA only when Ghidra doesn't handle something. But then again, personally I never was an IDA customer, beacuse it's too expensive for hobbyist use (and IDA Free is too limited).
From my experience, the muscle memory is strong with ida. Once you’re used to it, it’s hard to switch. So I don’t expect that there was a dramatic plunge as soon as ghidra was released.
I have no inside knowledge but I expect the sales drop slowly as new users start with ghidra instead of ida.
Ghidra is an amazing tool, and indeed the fact that the NSA contributed this to the public is amazing, but understandable if your goal is to enhance cyber-security: it is the perfect swiss knife to figure out if there's nasty things embedded in binary blobs.
The one thing I would love to see come to Ghidra is an ML powered assistant that adds two features:
- AI-powered automated, semantically relevant, routine and variable naming
- AI-powered compiler recognition and improved recovery of loop structure
Both things should be possible using LLMs and the fact that compilers can be used to generate an infinite size training set for almost free.
Ghidra's data model, analyzers and UI gave me a framework that allowed me to experiment and focus on the specifics of delinking, which is the key to make this idea work. Without that, I would not have been able to pull it off and I would've given up on my decompilation project a long time ago, for lack of a means to divide and conquer it.
Maybe I missed it but it seems like he used it like anyone familiar with reverse engineering would? The video just shows the use of the decompiler, briefly, right?
Perhaps, I've just never seen Ghidra used like this. For me, the clever part was putting together that the password generator method used time. Then putting together a wrapper app to batch produce passwords from the timeframe the client would have generated the passwords.
Just looking at what AI can do with a simple error message should tell you heaps and bounds how much help it could be in analysis for reverse engineering.
You can tweak the arguments given to the JVM by editing the support/launch.properties file. In particular, you can change the UI scale with the sun.java2d.uiScale property, which is set by default to 1.
There's a simple broad-spectrum fix for that. For the odd occasion I want to view high definition photos in Linux I just switch screen mode temporarily, for the rest it is sooo not worth the hassle
Ghidra could use a Swing refresh, but its UI/UX has more to do with the lack of
a UI/UX designer than Swing itself.
Additionally, all of IntelliJ products use Swing and I consider their UI's to be beautiful. So, it's not the UI toolkit, but rather the implementation.
> Please remember that the NSA is run by a bunch of nerds and Ghidorah in Japanese cinema is a movie about a three headed monster. In the film, an extraterrestrial from Venus, possessing the body of a princess, warns humanity of the pending destruction by the alien-dragon King Ghidorah-with Godzilla, Rodan, and Mothra being their last hope for survival.
> The "Ghidorah" part of King Ghidorah's name comes from the pronunciation of the word "hydra" (Гидра, ˈɡʲidrɐ) in Russian, written as ヒドラ (Hidora) in Japanese.
Good eye, looks like the name does originate from that.
66 comments
[ 4.4 ms ] story [ 146 ms ] threadThey contributed SELinux too and sponsored the TrustedBSD Project.
https://en.wikipedia.org/wiki/Dual_EC_DRBG
defensive in the sense that the block access into (American gov & private sector) systems via things like SELinux
[1] https://rizin.re
[2] https://cutter.re
https://rada.re
Well, unless it was due to ideological reasons, I remember Rubocop (linter for Ruby) had some ideological forks at some point in time.
Not that it disappeared completely, but there's less of a need :)
Most of leaked copies in recent years were specifically bought to be pirated (except Keen Lab one, rip), and as Windows binaries are the actually portable executables now because of ABI stability and Wine, they almost always buy the Windows version.
I've never seen a single leaked Linux IDA Pro and it's immensely useful to have IDA on a real OS without headaches caused by Wine.
Personally, I've switched to Ghidra for most of the things, IDA only when Ghidra doesn't handle something. But then again, personally I never was an IDA customer, beacuse it's too expensive for hobbyist use (and IDA Free is too limited).
I have no inside knowledge but I expect the sales drop slowly as new users start with ghidra instead of ida.
The one thing I would love to see come to Ghidra is an ML powered assistant that adds two features:
Both things should be possible using LLMs and the fact that compilers can be used to generate an infinite size training set for almost free.[0] https://www.rsaconference.com/Library/presentation/USA/2019/...
Ghidra's data model, analyzers and UI gave me a framework that allowed me to experiment and focus on the specifics of delinking, which is the key to make this idea work. Without that, I would not have been able to pull it off and I would've given up on my decompilation project a long time ago, for lack of a means to divide and conquer it.
There's a simple broad-spectrum fix for that. For the odd occasion I want to view high definition photos in Linux I just switch screen mode temporarily, for the rest it is sooo not worth the hassle
https://www.jgoodies.com/downloads/demos/
Ghidra could use a Swing refresh, but its UI/UX has more to do with the lack of a UI/UX designer than Swing itself.
Additionally, all of IntelliJ products use Swing and I consider their UI's to be beautiful. So, it's not the UI toolkit, but rather the implementation.
Cheekiness aside, I did find their .jnlp handy for getting the right invocation args
Ghidra sounds Russian (Гидра) for Hydra.
Was it considered cool to use Russian words for hacker/spy things?
Good eye, looks like the name does originate from that.