Qayb weyn oo ka mid ah wax ka qabashada fayrasyada cusub ayaa ogaanaya sida ay u shaqeeyaan. Si taas loo sameeyo, waxaad u baahan tahay inaad dib u noqoto-injineerkeeda. Hay'adda Nabadsugidda Qaranka^{(National Security Agency)} ( NSA ) sida cad waa in ay qabato shaqada noocaan ah in badan, sidaas darteed waxay sameeyeen qalab iyaga u gaar ah, oo loo yaqaan Ghidra si ay uga caawiyaan inay tan sameeyaan.

Jid ahaan, waxaa loogu dhawaaqaa Ghee-dra . Waxaa dadweynaha loogu sii daayay bilaash iyo il furan Maarso 5teedii ^{(March 5),} 2019, ee Shirka RSA^{(RSA Conference)} ee San Francisco . Waxaad xitaa arki kartaa qoraallada soo jeedinta Ghidra ee Robert Joyce^{(view the Ghidra presentation notes from Robert Joyce)} , Lataliyaha Sare^{(Senior Advisor)} ee Hay'adda Amniga Qaranka^{(National Security Agency)} ( NSA ).

 Si aad runtii u fahamto sababta sii deynta Ghidra ay muhiim u tahay, waxaan u baahanahay inaan fahanno waxa dib-u-ingineering yahay iyo waxa loo isticmaalo.

Waa maxay Injineerka^{(Engineering)} Dib-u-dejinta iyo sababta loo isticmaalo?

Guud ahaan, dib-u-injineernimada (RE) waxaa loola jeedaa habka wax loo kala saaro si loo ogaado sida loo sameeyay. Waxaa laga yaabaa inaad tan laftaadu ku samaysay qalab yar oo guriga ah, kaliya isku day inaad ogaato sidaad adigu u hagaajin lahayd. Laakiin waxaan ka hadleynaa barnaamijka RE. Waa kood kaliya, sax? Waa maxay sababta aynaan u eegin koodka ka dambeeya?

Marka aad ku qorto barnaamijka luqadda sida C ama Java , waxaa jira tallaabo u dhaxaysa qorista iyo in aad awood u leedahay inaad ku isticmaasho kumbuyuutarka. Luuqadda aad ku program-garaynayso waa mid adiga laguu akhriyi karo, laakiin daruuri ma aha in kombuyuutarku akhriyo. Waa in loo tarjumaa wax uu kumbiyuutarku ku shaqayn karo. Habkan waxa loo yaqaan ururinta.

Marka barnaamijka la sameeyo, ma sii akhrin karo dadka.

Haddii aad rabto in aad ogaato sida uu barnaamijkaasi u shaqeeyo, waxa aad u baahan tahay in aad kala saartid heer aad ka arki karto waxa ku jira. Waxaad u baahan tahay qalabkii, sida aad ugu baahan tahay qalab kaashawiito iyo wiishyo si aad u qaadato qalab yar ama mishiin.

Taasi waa meesha Ghidra u soo gashay inuu ku ciyaaro. Waa sanduuqa lagu kala saaro software si loo arko sida uu u saxayo. Waxa jira qalabyo kale oo la mid ah sida IDA , Radare , iyo Binary Ninja .

NSA waxay isticmaashaa Ghidra si ay wax uga qabato fayrasyada, malware, iyo barnaamijyada kale ee khatarta ku ah amniga qaranka. Dabadeed, iyagoo ka duulaya waxa ay helaan, waxay dejiyaan qorshe hawleed ay kaga hortagayaan khatarta. Iyada oo tirada dhacdooyinka jabsiga ee ay dawladdu maalgalisay ee wararka dhawaanahan, waxaad ogtahay in tani ay tahay heshiis weyn.

Qof ma isticmaali karaa Ghidra?

Sax maaha. Waxa aad u baahan tahay in aad aqoon u leedahay barnaamijyada ugu yaraan. Uma baahnid inaad noqoto injineer software ah, laakiin haddii aad dhowr kooras jaamacadeed ku samaysay barnaamijka waxaad geli kartaa Ghidra oo baro sida loo isticmaalo.

Intaa waxaa dheer, mareegta rasmiga ah ee Ghidra waxa kale oo ay leedahay hagaha rakibaadda, tixraacyo degdeg ah, wiki, iyo raadraaca arrimaha. Ujeedada bixinta dhammaan waxa ay tahay in qof kastaa uu barto, oo si wada jir ah looga dhigo adduunka mid ka badbaadsan tuugada xaasidnimada ah.

NSA waxay tan u samaynaysaa, “…u hagaajinta aaladaha amniga internetka…”, iyo, “...dhisidda bulsho…” cilmi-baarayaasha aadka u yaqaana Ghidra oo gacan ka geysta koboceeda, sida ku qoran bandhigga Robert Joyce.

Haddaba waa maxay sababta Ghidra u tahay heshiis weyn?

Waxay ka timid NSA . Shirkaddee haysata nooca kheyraadka ay leedahay hay'adda federaalka ee Mareykanka? Waaya-aragnimada noocee ah ayaa xitaa shirkadda ugu wanaagsan ee amniga ay yeelan kartaa marka la barbardhigo hay'ad u xilsaaran badbaadada qaranka ugu awoodda badan Dunida?

Markaa, haa, waa qalab aad u awood badan. Cilmi-baaraha amniga ^(Security)Joxen Coret ayaa bartiisa twitter- ka ku soo qoray “So, Ghidra s**ts all over any other RE tool out there with the only exception of IDA.”

Markaa waxa jira dhinaca xorta ah. Adigoo awood u leh inaad hesho waxa la odhan karo waa aaladda RE-ga ugu awoodda badan ee bilaashka ah, barta gelitaanka cilmi-baarista amniga ayaa hadda hoos loo dhigay si fudud u lahaanshaha kombuyuutarka iyo helitaanka Internetka^(Internet) .

Tani waa qayb ka mid ah sababta ay NSA u sii daysay. Waxay rajeynayaan in jiil cusub oo cilmi-baarayaal ah ay ku fiicnaan doonaan oo ay tixgelin doonaan shaqooyinka NSA .

Markaa waxa jira dhinaca isha furan. Laamaha ammaanka laguma yaqaan inay dadka daaha gadaashiisa eegaan sabab wanaagsan. Haddii aad ogtahay sida ay u sameeyaan waxay sameeyaan, way sahlanaan doontaa in la fashiliyo. Hase yeeshee, dhammaan koodhka isha ee Ghidra waa la daah-furay si guud si qof kastaa u shaandheeyo oo u arko sida saxda ah ee ay u shaqeyso.

Oo, maya, ma jiraan warar sheegaya in dawladu gadaal ka taagan tahay. Ron Joyce ayaa taas si degdeg ah uga hadashay, iyadoo leh, beesha cilmi-baarista amniga, "...waa beesha ugu dambeysa ee aad rabto inaad wax ku sii daayso iyada oo albaab danbe lagu rakibay, dadka ugaadhsada walxahan si ay u kala gooyaan."

Marka laga eego dhinaca waxbarashada, Ghidra waxa kale oo ay u ogolaataa injineerada soogalootiga ah in ay qaataan barnaamijyo kala duwan si ay u arkaan sida ay u shaqeeyaan ka dibna u bartaan sida loo sameeyo wax la mid ah mashruucyadooda. Fiirinta koodka qof kale ayaa muddo dheer ahaa dhaqan la aqbali karo oo ka dhex jira barnaamijyada iyo kuwa horumariya si ay u noqdaan barnaamijyo wanaagsan. Haddii koodkaas si furan loo wadaagay, dabcan.

Waxaa laga yaabaa in heshiiska ugu weyn uu yahay in Ghidra loo qorsheeyay in si wada jir ah loo isticmaalo. Waxaad la wadaagi kartaan bakhaar la wadaago asxaabtaada ama asxaabtaada si aad dhammaantiin hal mar uga wada shaqeysaan mashruuc. Taasi waxay dedejisaa habka falanqaynta si weyn.

Maxaa hadda?

Dowladda federaalka ee Mareykanka ayaa ballan qaaday in ay sii dayn doonto barnaamijyo badan oo amniga la xiriira. Qaar ka mid ah waxay noqon doonaan kuwo aad u farsamo dabiiciga ah, sida Ghidra , iyo qaar ka mid ah waxay noqon doonaan kuwo aad u saaxiibtinimo leh, sida nooca ammaanka ee Android^{(security-enhanced version of Android)} .

Dhammaan waxa ay soo bandhigaan wakhti gaar ah oo dawlad iyo rayid ah oo iskaashanaya si loo ilaaliyo kaabayaasha xogta sida ugu macquulsan.

Adeegga sirta ee Mareykanka - https://www.secretservice.gov/data/press/reports/USSS_FY2013AR.pdf

https://media.defense.gov/2012/Apr/27/2000157039/-1/-1/0/120417-F-JM997-405.JPG

What is Ghidra and Why is it Important?

A large part of tackling new viruses is figuring out how they work. Τo do that, you need to reverse-engineer it. The National Security Agency (NSA) obviously must do this sort of work a lot, so they created their own tool, called Ghidra to help them do this.

By the way, it’s pronounced Ghee-dra. It was released to the public for free and as open source on March 5^th, 2019, at the RSA Conference in San Francisco. You can even view the Ghidra presentation notes from Robert Joyce, Senior Advisor to the National Security Agency (NSA).

 To really understand why releasing Ghidra was important, we need to understand what reverse-engineering is and what it’s used for.

What is Reverse Engineering and Why is it Used?

Generally, reverse-engineering (RE) refers to the process of taking something apart to figure out how it was made. You may have done this yourself with a small appliance at home, just trying to figure out how to fix it yourself. But we’re talking about RE a program. It’s just code, right? Why don’t we just look at the code behind it?

When you write a program in a language like C or Java, there’s a step between writing it and being able to use it on a computer. The language you’re programming in is readable to you, but not necessarily readable by the computer. It must be translated into something that the computer can work with. This process is called compiling.

Once a program is compiled, it’s no longer readable by humans.

If you want to figure out how that program works, you need to take it apart to the level where you can see what’s in it. You need a toolkit for that, just like you need a toolkit of screwdrivers and wrenches to take about a small appliance or engine.

That’s where Ghidra comes in to play. It’s a toolbox for taking software apart to see how it ticks. There are already other similar tools like IDA, Radare, and Binary Ninja.

The NSA uses Ghidra to take about viruses, malware, and other programs that may pose a threat to national security. Then, based on what they find, they develop a plan of action to deal with the threat. With the number of state-sponsored hacking events in the news recently, you know this is a big deal.

Can Anyone Use Ghidra?

Not exactly. You do need to have some proficiency with programming at the very least. You don’t need to be a software engineer, but if you’ve done a few college courses in programming you can get into Ghidra and teach yourself how to use it.

Plus, the official Ghidra website also has an installation guide, quick references, a wiki, and an issue tracker. The point of providing all that is so that everyone can learn, and together make the world safer from malicious hackers.

The NSA is doing this to, “…improve cybersecurity tools…”, and, “…build a community…” of researchers proficient with Ghidra and contributing to its growth, as written in Robert Joyce’s presentation.

So Why is Ghidra a Big Deal?

It’s from the NSA. What company has the kind of resources that a US federal agency has? What kind of experience could even the best security company have compared to an agency tasked with the safety of the most powerful nation on Earth?

So, yes, it’s a very powerful tool. Security researcher Joxen Coret tweeted “So, Ghidra s**ts all over any other RE tool out there with the only exception of IDA.”

Then there’s the free aspect. By being able to get what is arguably the most powerful RE tool for free, the entry bar into security research has just been lowered to simply owning a computer and having Internet access.

This is part of the reason why the NSA released it. They hope that a new generation of researchers will become proficient with it and consider careers with the NSA.

Then there’s the open source aspect. Security agencies aren’t known for letting people look behind the curtain for a good reason. If you know how they do what they do, it becomes easier to thwart them. Yet, the entire source code for Ghidra is being made public so anyone can comb through it and see exactly how it works.

And, no, there are no reports of government backdoors being in it. Ron Joyce addressed that quickly, saying, the security research community, “…is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart.”

From an education standpoint, Ghidra also allows budding software engineers to take apart programs to see how they work and then learn how to do something similar with their own projects. Looking at another person’s code has long been an accepted practice among programmers and developers to become better programmers. If that code was openly shared, of course.

Perhaps the biggest deal is that Ghidra was designed to be used collaboratively. You can have a shared repository with your co-workers or friends so you can all work on a project at once. That speeds up the analysis process dramatically.

What Now?

The U.S. federal government has pledged to release more and more security related software. Some of it will be very technical in nature, like Ghidra, and some of it will more user-friendly, like a security-enhanced version of Android.

It all heralds a unique time of government and civilian collaboration towards keeping our data infrastructure  as safe as possible.

U.S. Secret Service – https://www.secretservice.gov/data/press/reports/USSS_FY2013AR.pdf

https://media.defense.gov/2012/Apr/27/2000157039/-1/-1/0/120417-F-JM997-405.JPG

Related posts

• Waa maxay Adeegga Wicida Shirka ugu Fiican - Apps-ka ugu Wanaagsan marka la barbardhigo

• Si Toos ah u Dhaqaaq, Tirtir, ama Nuqul faylalka ku jira Windows

• Sida loo hubiyo in heerkulka CPU-gaagu uu aad u sarreeyo

• 5-ta Apps ee ugu Fiican ee Shaandhaynta Iftiin Buluugga ah ee loogu talagalay Windows, Mac iyo Linux

• Sida loo Isticmaalo Maamulaha Xidhmada Windows si loo rakibo Barnaamijyada Windows

• Isticmaal Camer Shabakad duug ah si aad ula socoto hantidaada lacag la'aan

• 9 Siyaabood Oo Looga Duubi Karo Ciyaarta Kubada Cagta

• 4-ka ugu Wacan ee Soo Gudbinta Barnaamijyada Software-ka iyo Sida Loo Isticmaalo

• Isticmaal HP Print and Scan Doctor si aad u xalliso dhibaatooyinka daabacaadaha caadiga ah

• Waa maxay Chatbot-ka iyo sida loogu isticmaalo mid ka mid ah boggaaga

• 7-da Qalab ee ugu Wacan ee loogu talagalay Chromebook

• 7 Siyood Oo Loo Furo Faylka MDB Iyadoon Microsoft Gelin

• 7-da Aaladaha ugu Fiican ee ka saarida Bloatware ee Daaqadaha

• Parser-ka Iimayl-ka Zapier: 3 Hab oo Hal-abuur leh oo Loo Isticmaalo

• 4ta Bedel ee ugu Wanaagsan Google Chromecast

• Kordhinta Amniga ee Avast Online: Ma mudan tahay in la isticmaalo?

• Tifaftirayaasha Markdown-ka ugu Fiican: Dhammaan Platforms iyo Online

• 5 Windows Alternatives ee Linux sudo Command

• Waa maxay Microsoft Power Automate iyo Qaababka bilaashka ah ee la soo dejiyo

• 10ka Qarsoon ee ugu Fiican Chrome (2022)