First Look at Ghidra (NSA Reverse Engineering Tool)

The NSA is taking notes on usability and UX for future hacking tools.

aortizc

1:40 IDA also parses the PE header, you just have to tick "Manual load" when loading the process into IDA.
2:59 That's not true, you can put them side by side in IDA just fine.
3:33 IDA doesn't highlight it, but you can press Tab to switch to the corresponding disassembly, or from disassembly to the corresponding pseudo code.
7:58 Rename Local Variable is right there in the Function Variables sub menu.

MulleDK

aye idk whats happening and idk what ur saying but that is very cool hacker stuff

EnergyOfQi

Hey, you did a good job. I would not call it fumbling, more like exploring. You do need to give yourself more credit and not call yourself an idiot. You showed you knew what to look for and did it with a very new product. Well done !

MichaelJenkin

"HOW DOES A CAT WEAR THAT HUMAN MASK?" chat comment. 🔥😂

heatvisuals

I thought Marcus was like....in prison? whut

pThorpy

aren't you the hacker hero who got arrested by the FBI xdd ? still my hero 😁

spiritedaway

He is also a security researcher, and looking to form a team :)

ligeskityler

When you use the get out of jail free card

i-use-arch-btw

you can access the java api via python as it runs Jython.

RealILOVEPIE

It looks like someone at NSA has been tacking stuff to this gee-d-rah bit by bit since early 90's. It sure looks like it. The question is how would it fare with an actual re work. Can you record that next time?

sentdc

I've read that the decompiler component is written in C++. Is this open source as well? C++ means the possibility of C, which means the possibility of inline assembly, which means the possibility that MSRs might be accessed. Even skilled REs aren't able to tell what's going on in SMM. Just thinking out loud - haven't checked out the github.

effsixteenblock

Hey... not sure if you already found your rename gripe for functions... in the context menu (right click) on a function name, and go down to Function -> Rename function ... or just use the quick key "L". There it is... Notice that in the C-code, you have the feature Edit Function Signature, where you can change the name too, and tweak the parameters)

freesoftwaretalk

binary protector devs probably are rolling out updates with ghidra disassembly confusion already.. It has no advantage it's just a OSS alternative so maybe more bug fixes and archs..

erikbreaman

Is this new tool under active development?

eduardabramovich

We Could put you're Skills to Work for the good guy's! if you're Interested of

smoothuncut

"I'm not paranoid", when evaluating a tool released by the NSA, is not a good mindset. Be paranoid.

palanthis

if they have released it they probs have a new app. probs the reason it looks so old because it was made back then and just added to.

richie

I tried to watch but the uptalk? Was annoying? Every statement? Was a question?

JB_inks

NANI?!?!?!? He's not in jail?!?!?!?!?!?!?

rehmanarshad