What does HackerNews think of ghidra?

Ghidra is a software reverse engineering (SRE) framework

Language: Java

> RE'd ghidra

What, like, read the source code [1] or reverse engineered a binary? Would be easy(ish) to tell if the code in the binary was different from the source, probably.

[1]: https://github.com/NationalSecurityAgency/ghidra

This is posed as a pretty heavy counter, "[X] foils this," but it's only been to degrees so far, and the extent we've gone is radically different where we're headed. Certainly hacking modern webapps isn't always the most fun, but often it can be! Even if the app in question is pretty shitty & mean about how they distribute their bundles.

Backend APIs have often been one of the webs best points, not it's hinderances, in terms of explorability. Certainly it conceals what happens behind the scenes, but the "single page app" model leaves an intrepid DevTool user with at least as much power as whatever the webapps inbuilt capabilities are, and far less handcuffs. Huge numbers of sites have "unofficial" clients, since it's so stupidly easy to open devtools, look at network traffic, and write some instrumentation/alter stuff around a little and see what you get. Since the normal app behavior has to transit a network barrier, and that's quite visible, it very quickly lights up & shows the interface. Where-as in many native apps, state is just latent in the process, suffused everywhere, & deeply murky & unclear. There's a lot we don't know, but there's also so much clarity that the front-end/back-end client/server split has given us, that computing typically hasn't had.

Less web-ish things can be problematic. Folks who just open websockets & start speaking TCP protocols aren't very "web" (even though they use a tool the web happens to have). GraphQL is maybe somewhere inbetween: there's still enough regular evidence/it kind of fits the form, but everything is a little different & normal webdev tools need a lot of extra help to do ok. GraphQL is a partial stray from the core webdev path (for example, it doesn't use URLs for endpoint nor it's content).

Ideally everyone should ship source maps. But there's a lot of negative behaviors against this, mostly for no real good cause. Just turning on the pretty-printer for the mangled/uglified source code, & debugging some DOM events is often enough to figure out what a thing does pretty quickly, to get into the architecture pretty easily, even when it is all minified. Often the minification is only partial, only extends so far, as we talk to data sources & storage; we can start to see properties & json that look regular, that give us meaning & clues. Minification mainly serves the users, by being very mildly smaller than compression; rarely is it an active defense again comprehension, and rarely is that active defense effective; everything is too much the same, the patterns are all common, the platform is all normal.

How close or how far we stray from Babel matters. "The platform is all normal" is being put to the sword by these upstarts, with amazing zeal & excitement. There are absolutely going to be tons of good normal not too wild webassembly codebases out there that at least leave the web platform as primary, that are advanced & not javascript but are at least web-like, and that'll be a bit harder to understand & decrypt & learn about (to perform natural science on). Understanding these is going to require a more advanced capability. It'll feel a bit more like breaking out Ghidra & wandering in (https://github.com/NationalSecurityAgency/ghidra), than DevTools, even with the most minified websites we have today.

But there are also going to be countless new virtualizing universes of compute that simply do not care at all, that are micosms until themselves: Inland Empires, as Disco Elysium characterized. The level of Ghidra disassembly skills required to get anywhere is going to be expontentially higher in many wasm realms.

Wasm is a big turning point, is definitely a fall of Babel. Others have pointed out & absolutely right, many many wasm users will still embrace the web platform, it's higher level "text/html" mime-type underpinning, it's apis. Wasm will amplify the challenge, even here. Right now there's a ton of glue-code projects- Rust's wasm-bindgen is a big glue-maker, and simply wrapping our heads around the multi-verse of code-spaces running, wasm-bindgen bridging us between page space and wasm code space, is going to be an intense new experience, but in many cases it will be fine & managable. DevTools will help. Hopefully source-maps come into vogue somehow. But there will also be uncountable infinite reaches of virtualization, where people are just off doing something entirely different & else, where disassembly requires understanding mountains of virtual machine & rendering engines to get anywhere, where nothing makes sense, and reason & natural science & understandability of the world about us is truly lost.

There are challenges today, but it's overall ok, and tomorrow looks harder, but there's still lots of room for hope, but there are also spreading reaches of dark, where it's likely understanding what happens will converge with impossibility. The web today is murky, but in no way resembles that darkening. We've been exploring lands around Babel for a long time, but there are some quite severe marches into the far beyond, and in some ways, yea, I am excited to see what folks make when unconstrained, but the understandability of the universe about us also ranks high in my priorities, and the web still has a stunning truthfulness & earnest & directness far far surpassing anything else available in computing that is notable & alive (if maybe not exactly well), and I want to see that espoused & embraced if we do want to explore reaches beyond (and I don't see that value anywhere else presently).

NSA has been working hard to shift some of the culture of bureaucracy. They realize that opening certain parts of their toolchain will allow then to find candidates with experience before they apply. Ghidra, an open sourced reverse engineering tool, has become a very popular disassembler. It's nice to see this shift in culture, especially from a black box agency like the NSA.

https://github.com/NationalSecurityAgency/ghidra/

Also home to Ghidra, a very popular free open source reverse engineering tool: https://github.com/NationalSecurityAgency/ghidra

As far as I'm aware, there is only one tool that is better (IDA Pro), which requires a ~3k/year license.

A more recent open source tool, NSA Ghidra can also navigate sources, and decompile assembly back to C code. See https://github.com/NationalSecurityAgency/ghidra
In addition to IDA, I highly recommend looking into ghidra. It's open source, so you can peak under the hood and see how it does things.

https://github.com/NationalSecurityAgency/ghidra

Not a specialist in C and I'm not sure about the "suddenly" (it's always been a "powerful but dangerous" language), but for fuzzing look into AFL[1] (a fuzzing program which uses a genetic algorithm to search a massive space of all possible inputs, but gravitate towards interesting fuzz inputs once a crash is observed) and for recent reverse engineering, the NSA released Ghidra[2] (reverse engineering framework).

[1] http://lcamtuf.coredump.cx/afl/

[2] https://github.com/NationalSecurityAgency/ghidra

On the topic of tools, the National Security Agency (!) very recently open sourced (!) their tool for reverse engineering under the Apache 2.0 license (!) and it apparently does quite well against the closed source and expensive IDA. Check ghidra out. They are actively pulling in patches from the community, tracking issues, etc. I think this will progress forward quite quickly.

https://github.com/NationalSecurityAgency/ghidra

It looks like they managed to finally get the source code released 2 weeks ago.

https://github.com/NationalSecurityAgency/ghidra

I'm curious as to what prevented them from doing that on day one. Any legal issues presumably would have been worked out prior to the announcement. I guess timelines didn't line up :)

AFAICT all the source is there, beside every `.jar` there is a `.zip` with the corresponding source. The source in a more usable form should be posted here soon: https://github.com/NationalSecurityAgency/ghidra/

(And if not I'm sure the community will reconstitute it)