Ghidra: NSA's Reverse-Engineering Tool

Last month, the NSA released Ghidra, a software reverse-engineering tool. Early reactions are uniformly positive.

Three news articles.

Posted on April 8, 2019 at 9:50 AM • 21 Comments

Comments

Vesselin BontchevApril 8, 2019 11:18 AM

Not sure what you mean by "uniformly positive". I'm a long-time IDA user. I've played with Ghidra a bit and the only real way it can compete with IDA is by price - IDA is prohibitively expensive (I'm still using a decade-old version which our company licensed), while Ghidra is free.

Yes, Ghidra has some gimmicks that IDA doesn't, like a synchronized display of the decompiled source with the disassembly, support of additional exotic CPU architectures, etc., but they aren't a game changer, at least not for me.

Ghidra also has plenty of annoyances. Its developers have managed to design a user interface that's even uglier than that of IDA; it's like something from the early 90s. I've also found outright bugs - like Ghidra being unable to load and diassemble files that IDA can, because of some discrepancy between the virtual and the raw size of the code section.

Etc., etc.

To summarize - yes, it's a very nice free tool that will help beginners but doesn't threaten to put IDA out of business. What it can compete efficiently with is things like Binary Ninja or the horrible crap that is radare2 (even with a GUI add-on).

MartinApril 8, 2019 1:31 PM

Uniformly positive means that most people have been pleasantly surprised by it, both as far as no definitive NSA backdoors found so far and while not feature complete, still very useful. Just because you don't like it, doesn't mean it isn't good. You say the only good thing is it's free. You could make that argument for R2 for years with R2 being free. But you say R2 is bad, when it simply isn't (maybe because its not IDA and doesn't hold your hand that you don't like it?). Ghidra can compete with IDA flat out though.

The only thing you can specify that you don't like about Ghidra is the GUI, but Ghidra is FOSS and you can just write your own GUI to your specifications... In fact, in the majority of reviews, the GUI has been a strength, saying it's far superior to IDA's. And the bugs, you can literally fix yourself because again, Ghidra is FOSS, something you can't do with IDA.

Seems to more of fear of NSA or fear that your excessively overpriced software might be obsolete soon. Or fear of needing to adapt to new software.

Markus April 8, 2019 2:20 PM

Summarizing, IDA could probably make a little difference after spending a considerable amount of money in terms of Licensing and Support, while Ghidra is totally free. This is uniformly agreed and more than positive, in my opinion. Even NSA was probably a bit tired of IDA "leading position" on the market...?

FaustusApril 8, 2019 5:49 PM

What are the chances that Ghidra won't tattle on you if you start using it for dubious purposes? Copyright protection removal, for example. Why else would the NSA want to make common a tool that makes dubious activities more financially viable for the average hacker? Education, they say. Hmm, I say.

TonyApril 8, 2019 6:53 PM

This would let relative novices to security figure out whether a Ken Thompson "Reflections on trusting trust" style exploit had been applied sometime in the history of their distribution.

wileyApril 8, 2019 11:45 PM

@Faustus
> Why else would the NSA want to make common a tool that makes dubious activities more financially viable for the average hacker?

The answer is actually quite obvious. They want more publicity. They want more people chatting about this "cool tool the guys at the NSA released" and more people talking positively about their organization. In fact, if you look at the README, you'll see they're trying to recruit people through Ghidra. Arguably nefarious given that they're essentially trying to recruit people into their criminal organization, but far from some sort of stupid plan to spy on people through Ghidra.

If anything, putting a backdoor in something that they admit is theirs would be the stupidest thing they could conceivably do.

WakApril 9, 2019 1:03 AM

@Vesselin Bontchev

Ghidra isn't meant to replace IDA Pro. It's meant to replace IDA Freeware.

WeatherApril 9, 2019 2:56 AM

But do you need structs unwound, or what some call to function does,no, if its running, you need snap shot, patch data ,regs and after go back to that point, if you are re , you need all that info as a large GUI map that ida tried to do, but when you write a asm program you realise that its 3-7 pages long tops, and no the human brain can't chain regs that deep.

If I ever get back into it, I might look at the program.

FaustusApril 9, 2019 5:13 AM

@ wiley

I know what they say it's for. Do you believe everything the NSA tells you? Backdoors are designed for deniability. We have bandied about quite a few backdoors connected to the NSA in this forum. (Cue to Clive and his prodigious memory and typing ability!)

The software doesn't even have to have a backdoor. All it has to do is send back encrypted telemetry, like almost every product does these days (though not always encrypted). Perhaps with the help of a some obscure functionality that the NSA has had placed in the JVM.

I am not that current on Java, which was a big security vulnerability back in the day. I don't think I'm the only one avoiding it. https://en.wikipedia.org/wiki/Java_security#Potential_sources_of_security_vulnerabilities_in_Java_applications

Golang gives me all the functionality I need with no need to install a bloated platform and keep it updated with a possibly subverted update system.

Yes, Java is a relatively easy way to create to GUI. And the Trojan Horse was a thoughtful housewarming gift.

Clive RobinsonApril 9, 2019 3:24 PM

@ Faustus, Wiley,

We have bandied about quite a few backdoors connected to the NSA in this forum. (Cue to Clive and his prodigious memory and typing ability!)

Hmmm not sure what to make of the later part of that from a person who has selected Faustus[1] as a handle ;-)

But as you note potentially there is rather more to it than @Wiley's,

The answer is actually quite obvious. They want more publicity. They want more people chatting about this "cool tool the guys at the NSA released" and more people talking positively about their organization.

Which to a playwrite or stage magician would be known as "misdirection" of directing the audience to see what you want them to see, not what you don't.

As I've noted numerous times in the past the nature of "attack over defence" as an "operational defence strategy" which appears to be the NSA's behaviour over the latter part of the last century and up untill the Ed Snowden revelations --the little we have seen-- is actually not their prefered methods. It is with good reason that some say jokingly NSA stands for "Never Say Anything". In the game of "smoke and mirrors" they want to remain hidden behind the mirror sight unseen blowing smoke if required as a distraction. Idealy they want to be not the fly on the wall, but the fly under the table, hearing all whilst out of sight. They are by nature where possible "passive observers" as are most SigInt agencies.

In the past prior to the formation of th NSA one trick was to have mechanical cipher machines that had both a small percentage of strong keys, with some very weak keys but about half breakable without "plaintext" by methods known to certain cryptographers only (a policy William Friedman continued with Crypto AG).

The assumption being that if the crypto mechanics were found via captured equipment or "given over to the enemy by traitors" then one of three things would happen.

1, The enemy would be wise to the issue, thus treat a traitor as a "dangle" or "double agent" thus treat them and any further information from them with deep suspicion, effectively neutralizing the traitor.

2, The enemy would learn little of the cryptograhers skills, thus would gain little knowledge about their methods.

3, The enemy if lacking sufficient crypto skills would copy the designs thus incorporate the weaknesses, thus make their own systems vulnerable.

This worked because the cryptographers who designed the weaknesses into the systems also issued the keying material, so did not issue weak keys unless there was a reason to.

Importantly breaking crypto is way way easier when you have more than just the ciphertext to work with. One such is "probable plaintext", one thing the US learnt from Bletchly was the power of the card index library combined with traffic analysis. The result of which along with a few other tricks was good quality "probable plaintext" to form "cribs" etc. Without which even the "bombs" would not work effectively or at all.

In fact after WWII both Britain and the USA were way more concerned about the knowledge of "traffic analysis" becoming known than the already known "use of probable plaintex" as an aid in cryptanalysis. Plaintext tended to be depreciated by many of a "millitary mind" on the assumption of "If you know the plaintext why do you need to break the bl**dy code"... Which in these days of "collect it all" appears somewhat of a "quaint viewpoint".

The upside trick of the weak and strong keys, is if your enemy don't know it's there then probability says they will use the weak keys as well as the strong as they don't know the difference. Thus each weak key the enemy uses quickly gives plaintext that gets indexed into the library along with updating the traffic analysis information. Thus giving better probable plaintext to break other messages used under stronger or strong keys. Thus with say 80% of the enemy messages recovered most if not all of their "order of battle" is known.

When Robert Morris senior (father of the Morris Worm writer) retired from the NSA as part of his leaving speech he revealed that "plaintext" was what the NSA lived for and was their key mission requirement. Whilst true it was also a bit disingenuous because it hid a greater truth with a lesser truth, which is just another part of "finessing".

It's been suggested more than once that Microsofts slightly odd behaviour in having a lot of static plaintext in known positions in their file formats is due to NSA influance. If it's true or not it certainly would help against the majority of "homemade ciphers". The sort of thing a criminal or terrorist boss might come up with or even a nation state where education and knowledge is not respected sufficiently for which ever of many reasons.

However as I pointed out last century here and other places plaintext alone is not enough. Thus if I was the NSA I would target both protocols and standards to introduce covert side channels. In part because you don't need insiders or liaison with individual companies when you get at protocols and standards. Thus you in effect stay behind the mirror out of sight.

The NSA had a major advantage with their influance over NIST thus both protocols and standards. If you go back and look at the AES competition rules they were in effect "got at". The NSA most definately knew about time based covert side channels though it was not widely known in the open community at the time. The rules were such that it was almost guarenteed that the worst code for such channels would get used by developers everywhere. Oh and the NSA have subsequently effectively "given the game away" if you look at things they make such as "In line Media Encryptors" you will see thay say that AES is clasified as sutable for "secret" material but only when the data is at rest...

Basically the reason is it's the old "Efficiency-v-Security" trade off. Unless you realy know all the ways covert channels can be made --and the open community is still way behind on this-- then making your implementation "more efficient" makes it have more side channels thus reduce security to virtually nothing. Thus "fast code" that was written into the AES competition rules was going to be likewise riddled with loop unroling and time imbalances on branching instructions etc. Which the NSA knew would be copied by developers of programs and code libraries, thus in turn riddling any program using AES with "time based side channels" that leak key information across the network for quite a distance. Which obviously allowed the NSA etc to stay behind the mirror and passive monitor traffic flowing across data networks. Thus the NSA and other clued-in SigInt agencies in the Five-Eyes ect to use extended TEMPEST techniques to be easily able to "recover keys" thus decrypt to get plaintext.

Why would we think the NSA did this? Well it's an old established technique is one very good reason. We know from Peter Wrights "Spycatcher" book of the early 1980's that MI5/GCHQ were using back as early as the 1950's acoustic time based side channels against mechanical cipher systems. In amongst others the Egyption Embassy Cipher room that had a phone in the "cipher-cell".

The book also talks of the "flooding device" which could be used to turn on the microphone on in a phone and thus "listen-in" to what was happening in such a cipher-cell even though the phone was "on-hook" (it used an MF oscillator in a bridge circuit to jump across the hook switch contacts that had a small capacitance, the microphone in the handset thus envelop/amplitude modulated the signal with the noises it picked up). It was almost certain that the trick was passed onto the US under the BRUSA later UKUSA agreement. So it was a racing certainty that one of the things the NSA/GCHQ would have encoraged William Friedman to get Crypto AG to have included in the crypto kit supplied to most countries, the UN and many commercial organisations.

The same accoustic side channels appeared along with electrical ones in electromechanical ciphers where relay pull in / drop back times would give away both inputs to an XOR gate used in One Time Tape Cipher machines that would be otherwise theoretically unbreakable. Hence the point people make that "mathmatical proofs" of security with regards algorithms are worth little in practice with regards implementations, which is what AES fell to by the design of the NSA through their "usefull idiots" NIST...

But we now also know through the Dual Eliptic Curve supposadly Crypto Secure Digital Random Bit Generator that NIST was finessed into standardising, that they attack Standards as well as implementations and protocols. They even went on to pay RSA to make the ineficient DRNG the default RNG to use, and then there was the interesting story of Juniper Networks routers somehow ending up with a weakened RNG in their products...

So now it's accepted the NSA has done the "backdoor thing" on Plaintext, Protocols and Standards and put side channels in as much as they can before most of the rest of the world woke up you would think they were kind of happy with what it was getting them. Well they probably were, despite others ringing the bell quite loudly the world was not waking upto what was going on, thus the data which was mainly unencrypted at that point in time was firehosing off of the phone and Internet faster than they could store it away, so apart from the inability to handle the data back then --Utah was not yet built-- it was kind of good times.

Then Ed Snowden did a runner with a still unknown quantity of Five-Eye secrets that he chose to give to journalists to disclose to the public. The result the world kind of woke up briefly and all of a sudden the good times were not as good, with "lets encrypt" and similar going on all of a sudden things got a lot lot more difficult, or did they?

Probably not as much as some people think. As I've pointed out in the past information security ultimately rests on Key Managment (KeyMan) specifically Key Generation (KeyGen), Key Distribution and importantly Key and plaintext destruction.

Poorly designed RNGs are a god-send to the Five-Eyes which I've mentioned in the past, embedded systems such as routers and any and all IoT devices, are virtually guaranteed to have "low entropy" on start up when they generate their asymetric keys. As I've mentioned before that is an area I would expect the NSA to have expended considerable resources. That 1024bit RSA key cracking system they had would easily be repurposed into chasing embedded systems PrivKeys.

But the NSA reputation of "hunting sysadmins" why break the encryption when you can break the accounts of the SysAdmin tasked with KeyMan as just another part of the job they could do without... As a matter of self interest, SysAdmins are just not going to do Key Destruction properly and are also likely to do Key Audit etc in flat files, that are at best CSV formated so they can be used flexibly, including hand rebuilding if they get a sys-crash or equivalent breaking them. Also just to be safe they will also be on backup tapes and all sorts of other places. All of which have the equivalent security strength of over boiled wet noodles. What's the betting some SysAdmins have such a file on a USB key on their key chain along with their car and house keys?

The NSA again has a reputation not for hacking user machines or servers but routers. How often do SysAdmins check routers? Trick question that's the NetAdmins job... As a general rule of thumb a SysAdmins security perimeter is "the box before" not the router or anything upstream of it. Thus the router is the NSAs mirror to hide behind... Few if any organisations "instrument" that no-mans-land between the organisational gateway router and their service providers upstream router. Thus will miss any nasty trafic coming down for their gateway router... As it's the gateway, it does not get taken off line to be checked in ways that might reveal implants and malware. Which is why the NSA love them so much.

The thing is many of those side channel attacks can be seen from that gateway router thus some key-leakage is going to happen.

So the question remains of "Do the NSA and other Five-Eye SigInt agencies actually need exploits in user or server computers?"

The answer is not realy, it's the network devices such as routers, bridges, data diodes, switches and IoT devices that are going to be their targets of choice.

So the question you have to ask is are security people investigating these devices with the likes of IDA Pro? Probably not as many as you would first think. It's not the debug tool of choice for embeded systems device designers.

Thus how much real harm is the release of Ghidra going to be to the SigInt agencies missions?

Simple answer very little at all. Infact if the NSA is shifting it's focus from "mindless attack" of certain War Hawk types to "thoughtful defence" then having other people mainly investigate user and server OS's and their applications very benificial. It kind of helps the "thousand eyes" paradigm along where as IDA-Pro's pricing and that of some other tools acts as real impediment to constructive thoughtful defence.

Thus I can see the less militaristic minds in the SigInt agencies actually welcoming more eyes on user machines and servers. Especially as everything is "moving onto the network". Microsoft 365, Googles and many others are shifting their finance models from "one off licence fees" to "monthly rental" via "Cloud Services".

It will probably not be more than a couple of years before what is currently happening with mobile phones and the cloud happens to user computers, and the only servers around will be the specialized ones of the cloud providers.

That is your user computing device will be little more than a slightly fat "thin client" with application "front ends" being web-based pulled into your local browser, but the backend data handeling for storage and similar will be a local very limited capacity mirror updated to the cloud with increasing frequency as the price of data communications makes even the cost of the lowest cost local storage comparatively prohibitively expensive. 100USD for an SSD in thirty user computers is a lot more than the cost of providing comms to a cloud service for them in the anual budget. There are also other cost saving benifits, such as non fixed location working those thirty workers won't need thirty desks, floor space, heating and lighting or even toilets that you need now, maybe only fascilities for five or six. Add reliable comms and they can work anywhere, the notepad/tablet camera, mic, and keystroke sensor alowing the AI Office Manager to monitor time "at work". It's the view of the future for a number of entrepreneurs who aim to revolutionise the way software is produced by contract. Likewise other "knowledge workers" oh and students have been getting it for some time now not just with online exams but course work where background apps check for online searching or data uploading to spot plagiarism...

Such "network living" is a god-send to the SigInt agencies along with "walled garden" devices "being owned" not by the purchasor, but by who ever has a copy of the code signing key. But as with IoT the manufacturer forcing the user online just to use the device so the manufacturer can sell the user data... Thus the SigInt agencies just "free-ride" as the data goes by "on the networks they own".

Thus in that near future model the better the defence from enemies the better, cyber-attacking is rapidly becoming "oh so yesterday" anyway as various people start to wake up to stronger defence.

It's not "owning the apps" that interest the SigInt agencies it's "owning the data", it's manufacturers that want to "own the apps, to own the data" and as long as the data flows across their network the SigInt agencies will be happy. Have a think back to CarrierIQ and mobile phones. CarrierIQ's software was a "test harness" that recorded every action of the user and them "Phoned it back to the mothership" at the data center. All the NSA had to do to collect all of those users actions was sit on the otherside of the upstream router from the data center teeing the data off to be recorded in their systems for ever more. It's bot even as though CarrierIQ used any real security protection...

That is the world we are moving into thus fixing apps on user computers and the servers the user data is stored in is in the NSA's interests. After all if you think those apps are secure, --as we have seen with the supposadly secure messaging apps,-- you will "over trust" and that's in the NSA and corporate interests. You can be sure that if a corporate can access your data then the SigInt agencies will already have it...

[1] Strangely perhaps Dr Fsustus is the name of the protagonist in a play by Christopher Marlowe, his also known to have been involved in earky cryotography, the down fall of Queens and an untimely death by stabbing that might have been state sanctioned...

Some time in the 1590's Christopher Marlowe wrote the play about Dr Faustus the necromancer, based on earlier German tales. Faustus was capable of summoning devils and the attention of Mephistophilis, a condemned soul pressed by the devil to close deals and collect souls on others. Part of Mephistophilis punishment was that he was allowed in fact encoraged to warn others of their fate before closing the bargin, few ever headed thus Mephistophilis had to further suffer the torment of collecting their souls for the bargins that actually were nothing.

In Act.1 Dr Fautus has a soliloquy, about the vanity of human science, having previously described himself as having mastered every piece of knowledge he has come across... Thus revealing himself to be both vain and egotistical to the audiance and thus setting the tone for his eventual fate via hubris and Mephistophilis's administrations. Thus setting the required moral tones of the time. A time when an ill written word could lead to not just the author's metaphorical downfall but literall downfall of their head from their shoulders on "Tower hill green", when even Queen's were not safe from such fates.

Indead it's been suggested more than a few times that this fate happened to Christopher Marlowe. He was warranted to appear befor the Queen's Privy councill but there is no record of him actually attending. Effectively on charges of atheism. Which at that time was a charge of such seriousness to be the equivalent of treason. This was because the previous English monarch Henry VIII after his reforms had made himself thus all subsequent English monarchs the head of the Church of England. So to be against the church was, to be against the monarch, ergo treason for which there could only be one fate "Death by the Monarchs command" or execution. As atheism is a charge easy to fabricate and well neigh impossible to defend against, it was also used as an effective way "to deal with the politically troublesome".

But Marlowe's story then gets very curious, just days later, a man of distinct ill repute one Ingram Frizer who's "master" was Thomas Walsingham stabbed Christopher Marlowe to death in the home of Eleanor Bull. Also in attendance were Nicholas Skeres and Robert Poley, both of whom along with Christopher Marlowe and Thomas Walsinghan had been associated with Sir Francis Walsingham's earlier intelligence operations that led to the execution of Mary Queen of Scots, by Queen Elizabeth the 1st of England. Of note is that Robert Poley was a member of the Privy Council and would certaibly have known of the warrant against Marlowe. More currious as "murder was done" nobody paid with their neck, in fact the Queen pardoned Frizer a short while later.

If the fatal stabbing was connected to Marlowe's allegrd arrest warant remains unknown, however it has been pointed out that it might have been "Expedient for the Crown" to have him dealt with this way rather than by trial etc. Some believe Christopher Marlowe as both a philosopher-scientist and translator of some repute was also a member of what would have been Queen Elizabeth's "black chamber" responsible for amongst other things cryptography. Thus he probably had a lot of secrets in his head that might easily come out at trial including what some have indicated was the fabrication of evidence and the setting up of Mary Queen of Scotts for her execution.

Here the story divides between two different theories, which depend on what Christopher Marlowe might have been upto. He along with a number of others including Sir Walter Raleigh were members of a group of what were later called "The School of Atheism" and also "The School of Night". Was he there as friend or spy?

Why would Marlowe be suspected of talking? Well one theory is that Marlowe was "friend" to Sir Walter Raleigh had "fallen out of favour" with the Earl of Essex who was plotting Sir Walter's down fall and it has been suggested Marlowe was aware of this and was going to warn Sir Walter. Thus the meeting at the house was to purswade Marlowe not to talk, it went failed and Marlowe was stabbed in the eye, whilst Friezr had very minor wounds, possibly as a cover story.

The other theory is Marlowe was "spy" thus had to "disappear" so that the others could be executed. Thus Marlowe's death was faked and Marlowe assumed a new identity and became the oh so secretive William Shakespeare... Who in the Merry Wives of Windsor also writes of Mephistophilis.

Of interest both Marlowe and Shakespeare were both realy bad spellers of words, often using three different spellings of the same word on a single page... Not that anyone actually cared back in Elizabethan times where "the spoken word was King" as it were ;-)

And people think history is "Oh so dull", but the story pales in comparison to what followed, you should see the venomous behaviour between the two theory followers, it's downright "Crossed words and pens at dawn" ;-)

65535April 9, 2019 9:11 PM

I have a fairly obvious question. Is Ghidra a Trojan in any way?

That would be from the initial download of the zip file to installing and using it. Has anyone seen any Indicators of Compromise (IOC)?

Has anybody done pcaps on it to see if there is something nasty entering or leaving their machine?

wileyApril 10, 2019 1:38 AM

@Clive Robinson

There very well may be more to it, but it's almost certainly not backdoored. Are there extant bugs which were not fixed in the public release? Perhaps, but bugdoors of that sort can be a lot harder to exploit than the stereotypical network-based backdoors that everyone fantasizes about. You aren't going to run Ghidra and suddenly see it scan your filesystem and upload everything it can to some Russian mailserver-turned-C2 pwnt by TAO. That kind of silly thinking is why people need to learn how to create less ridiculous threat models. The NSA (and anyone else in FVEY/SSEUR or involved in the greater IC) sure like dragnet surveillance, and they sure like targeted, precision attacks against their victims' networks, but they aren't going to use all of the same exact techniques for both.

@65535

It's too early to tell given that the source code was just released, but I'd wager that it is not. As I mentioned earlier, that would be downright silly for them to do that. You should be more worried about bugdoors in your system malloc or your router's Netfilter implementation than you should be about some new FOSS disassembler. In 20 years, assuming Ghidra becomes the dominant FOSS disassembler, will join the ranks of SELinux (NSA), onion routing (Navy), and the computer mouse (DARPA) as having potentially ugly sources but no longer having any actual ties to them.

Jonathan WilsonApril 10, 2019 6:03 AM

Just because its not as good as IDA pro right now doesn't mean it can't be as good as IDA pro in the future.
With the full source code available, anyone with the skills can improve the UI or the decompiler or any other parts of the program and make their changes available for everyone to use.

If there is a feature in IDA that is keeping you from using Ghidra, write some code or submit a request. For example Ghidra doesn't have a debugger right now but there is no reason someone can't write one and contribute it.

MJApril 10, 2019 9:08 PM

The most significant feature that Ghidra brings to the table that IDA does not is collaboration.

Ghidra allows for multiple users to annotate and modify disassembled files and provides a way for them to version control the annotated disassembly. That is a significant game changer that matters substantially when you have a team of reverse engineers working in a collaborative fashion to reverse a set of binaries from a target system.

Another key thing about the collaborative ability is that users can define and share struct information across binaries in the project and the struct stuff is also version controlled.

Another important thing is that Ghidra allows newcomers to the field (e.g. college students) to sharpen RE skills on a very powerful tool. One of the historic bottlenecks for newcomers is the barrier to entry being the cost of IDA Pro.

FaustusApril 11, 2019 12:46 PM

@ wiley

You aren't going to run Ghidra and suddenly see it scan your filesystem and upload everything it can to some Russian mailserver-turned-C2 pwnt by TAO.

Of course you won't see an obvious scan from Ghidra. That would be ineffective and unnecessary. Number one, you are already loading into Ghidra a lot of what the NSA is looking for: whatever program you are trying to analyze, hack or subvert. Besides that there are a million ways to surreptitiously gather information from a system. Or perhaps subvert the effectiveness of encryption on that machine. Or communicate with hardware or software implants through side channels. And, as we see often with malware, certainly most spying functionality would remain dormant until it was activated by the NSA's targeting criteria.

The NSA has publicly stated that its goal is to gather everything. From the Snowden incident we know that it lies to the American people and is unembarassed when those lies are revealed. We also know it targeted sysadmins. Targeting security researchers and hackers is an obvious extension of this.

I'm not sure if you are simply new to the game, resistant to learning or actually working for the NSA.

The NSA must have social media sock puppets. Isn't it likely they are among us?

In the first case you might want to check out the excellent cyber security classes from University of Maryland on Coursera. The hardware security class includes really interesting material on hardwire backdoors.

If you think it is I that is resistant to learning perhaps you could flesh out your reasoning beyond saying it is silly for the NSA to do what it has already been caught doing many times?

wileyApril 12, 2019 3:43 PM

@Faustus

I'm honored that you think I might be an NSA sock puppet. Sadly no one is paying me to post on security blogs. It's all done in my free time.

I understand the intelligence community well (though perhaps not as well as Clive here), and I know how they operate. I also know that releasing malware in something with their name on it would be the most foolish thing they could possibly do. It would be safer for them to backdoor IDA (you think it would be hard for them to do that if they wanted?) than to release it in something that is open source with code that thousands of people are actively reading right now.

It's for the same reason that you don't have to fear a WebKit 0day while visiting nsa.gov nearly as much as when visiting some website you've visited a dozen times before with no affiliation to the IC.

The NSA is evil, and they make mistakes, but they're not THAT stupid.

So tell me this: What could the NSA possibly gain by backdooring Ghidra (which people would notice quickly) that they could not gain by other more subtle, effective, and sustainable means?

FaustusApril 12, 2019 5:28 PM

@ wiley

"What could the NSA possibly gain by backdooring Ghidra (which people would notice quickly) that they could not gain by other more subtle, effective, and sustainable means?"

You are not really asking what they could gain, right? The same advantages they get from targeting sysadmins, for example. Additionally they could get intelligence on copyright breakers, malware writers, and security researchers on the trail of NSA hacks, among other things.

So, I guess you are asking why not use other means? I'm sure the NSA is using other means. Why shouldn't they use this means too? It's not like they haven't been caught spying before with hardly a blush on their cheeks.

I don't think you understand the subtlety of side channel exfiltration of data. If you read this blog you must be aware that there are a million ways to surreptitiously gather data and extract it. Quite possibly it would work in conjunction with other subverted software and hardware. Just because you don't know how to do it doesn't mean it can't be done. Just because you can't think of how to hide it doesn't mean it can't be hidden.

Java is particularly attractive because of its platform independence. Here is a pdf that gives copious examples of how easy it is to make rootkit code look like perfectly innocent java code: https://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf

The real question is: Why install software from an organization dedicated to spying on you?

wileyApril 12, 2019 6:41 PM

@Faustus

I am well acquainted with side-channel attacks and covert exfiltration.

Ghidra is open source. Many people are reading it. Massive, dragnet spying done by this software is impossible to do undetected. You must think the NSA is really, really stupid to intentionally backdoor FOSS software that they themselves authored. Either that, or you don't understand how any entity in the intelligence community operates.

And right next to your keyboard as you type this is a device invented by DARPA. Who cares? What matters is the code.

FaustusApril 13, 2019 10:58 AM

@ wiley

You don't talk like you are familiar with side-channel attacks and covert exfiltration. Read the pdf. I specifically did not say dragnet spying. Read what I wrote.

There are many ways to subtly introduce java code that exfiltrates data. I gave you a pdf on it. You just repeat the "stupid" argument. The NSA has already been caught doing similar things, so stupid or not, there is no reason to rule it out offhand, and every reason to think they will continue as they have previously. All they have to say is "terrorist" and 90% of people will give them a pass whatever they do.

With Julian Assange in the news I think back to the "Collateral Murder" video. If soldiers laughing while they gun down innocent people does not raise many eyebrows, the complicated technical shenanigans of the NSA is even less likely to. Most people would say: "What would you expect running NSA software?" Exactly.

Anyhow, I am not trying to convince you. I am simply countering your argument to hopefully prevent some poor kid from being put in a can for five years for screwing around. Anybody of significance knows enough not to install this code anywhere important, or to use it on anything they want to keep confidential.

I don't think the NSA is evil. I don't think any of the players are evil. I don't think the helicopter crew in "Collateral Murder" is evil. All sides do the same things that they condemn. The "evil" argument is simply to fool people with poor reasoning skills by engaging their emotions and overriding any intellect they can muster.

DennisApril 15, 2019 3:12 AM

@wiley wrote, "Ghidra is open source. Many people are reading it. Massive, dragnet spying done by this software is impossible to do undetected. You must think the NSA is really, really stupid to intentionally backdoor FOSS software that they themselves authored."

It's quite possible they can do a combination of things thru the various OS automatic update processes where you install it on. The FOSS itself doesn't have to do anything at all. This is a practice commonly done on multiple marketing platforms as well. The whole world is intertwined, everything is connected and related one way or other.

wileyApril 16, 2019 11:10 PM

@Faustus

As someone acquainted with the intelligence community as well as operational threat modeling (both military and industry, with an emphasis on espionage), I'm afraid your current understanding and expectations are sorely lacking. If you genuinely think that the NSA is going to put malware in an open source product that they released under their own name, then your irrational paranoia is leading you to suspect harmless objects and completely gloss over the real, serious threats. Because you don't understand cost-benefit analysis, you project that onto your adversaries. That is a foolish mistake that will at best cause you to waste your time pondering nonsense threat models, and at worst will lead to a complete loss of your digital assets if you are ever operating in an adversarial environment of this nature with such a naive viewpoint.

I'm not trying to be condescending when I put it this way. This is my genuine response as someone familiar with threat actors like the NSA and how they operate. You may be convinced that I'm just some kid who thinks the world is all rosy, or you may be convinced that I've been hired by some "deep state" agency to discredit you personally. Neither of those are true, but you're free to accuse me of any malevolence you wish.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.