[ / / / / / / / / / / / / / ] [ dir / baphomet / caco / choroy / christ / dbv / dempart / gfl / leandro ][Options][ watchlist ]

/tech/ - Technology

You can now write text to your AI-generated image at https://aiproto.com It is currently free to use for Proto members.
Email
Comment *
Verification *
File
Select/drop/paste files here
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Expand all images

File (hide): 0056efcf1c694ca⋯.png (185.37 KB, 1497x1015, 1497:1015, GHIDRA_1.png) (h) (u)

[–]

 No.1038525>>1038531 >>1038615 >>1038670 >>1038671 >>1038836 >>1039796 >>1049287 [Watch Thread][Show All Posts]

Ghidra is a static analysis/reverse engineering tool that is apparently very similar to big commercial offerings such as IDA Pro. It was developed internally by the NSA, but is just now being released to the public. They put it out there as Free Software under the Apache license. It is written in Java.

>Site

https://ghidra-sre.org/

>Source code

https://github.com/NationalSecurityAgency/ghidra

 No.1038531>>1038614 >>1039707

>>1038525 (OP)

How is it compared to Radare2?


 No.1038541>>1050562

>literal glownigger code

What could possibly go wrong?


 No.1038574>>1038806

>by NSA

i wouldn't even run this in a VM


 No.1038580>>1039720

>github

botnet


 No.1038614

>>1038531

Basically trash. Use if for the decompiler nothing else.


 No.1038615

>>1038525 (OP)

>no such agency has a github account

>they release code for their secret hack tools there

>guthub is owned by microsoft

>microsoft is run by a pajeet and likes oss/linux now

What the fuck even is this reality


 No.1038616>>1038617

If I remember correctly the US government commissioned an IDA replacement a while ago. Sounds like that is it. Knowing how government projects like these turn out, it's probably hilariously bad compared to the original.


 No.1038617>>1038621 >>1038855 >>1039625 >>1050195

>>1038616

Why would they try to replace something that works perfectly fine?


 No.1038621>>1038622 >>1038672

>>1038617

>Why does a government agency waste shitloads of money on golden toilets?

Beats me, maybe they thought The Great And Powerful NSA (dog bless aberiga) could easily outdo whatever other product, even though their staff is mostly redditards.


 No.1038622>>1038623

>>1038621

>even though their staff is mostly redditards.

Are they?


 No.1038623

>>1038622

The leaks sure gave me that impression, especially the wiki. Gave off a similar air to googlefags in terms of being high on your own fumes.


 No.1038670

>>1038525 (OP)

>They put it out there as Free Software under the Apache license. It is written in Java.

<no source code available (yet)

https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions#where-is-the-complete-ghidra-source-code


 No.1038671>>1038691 >>1038700

>>1038525 (OP)

>It is written in Java.

Wow, it's fucking retard garbage.


 No.1038672>>1038681 >>1038791 >>1048834

>>1038621

Drink bleach and shoot yourself in the mouth, you fucking failed abortion.


 No.1038681

File (hide): 4e1a80f3ccfd320⋯.png (90.24 KB, 363x359, 363:359, did you cry.png) (h) (u)


 No.1038691>>1038728 >>1038875 >>1039795

>>1038671

In your own words, please explain your qualms with Java and tell me how the target language effects you, not as a contributing developer but as a user of the tool.


 No.1038700>>1038734 >>1038831

>>1038671

actually Java is pretty good and safe language and muh compile once, run everywhere is pretty comfy (when it's feasible)


 No.1038725>>1038734

It litterally has a backdoor. Don't use it.


 No.1038728>>1038853

>>1038691

Usually terrible UIs, poor performance compared to native, the mere existence of the JVM on your machine is a security risk given Java's poor track record.


 No.1038734>>1038795

>>1038700

>Java is pretty good and safe language

Java isn't safe at all, there's a lot of exploits for it.

>>1038725

Proof?


 No.1038791

File (hide): e25c8460be27d36⋯.png (189.29 KB, 480x255, 32:17, kill_yourself_faggot.png) (h) (u)

>>1038672

Neck yourself you worthless nigger.


 No.1038795

>>1038734

i'm as much of a java hater as the next guy but the 'poor track record' for java is primarily concerned with client-side exploits targeting the virtual machine.

keep in mind, default behavior in say C, is totally unchecked allocations.


 No.1038806>>1038809 >>1039795

File (hide): 39d9e314df11f69⋯.jpg (41.66 KB, 960x540, 16:9, java.jpg) (h) (u)

>>1038574

It's probably clean. If they were to bug it they wouldn't release it as the NSA. The question then is why they'd release it. I think it's to attract talent, hoping a few shiny toys will make people ignore the fact they're working for the devil.


 No.1038809

>>1038806

Yep. They've even got a recruitment pitch in the README.


 No.1038825

Only complaint i heard so far was from some poorly included debug mode bug that opened a port. Sensationalist, but it at least shows one issue. Be interesting to see if they push fixes once the source is posted. I might give it a spin since a lot are raving its comparable to IDA in some regards


 No.1038831

>>1038700

Write once, run everywhere is sadly a meme.

t. victim of write once, debug everywhere


 No.1038836>>1049618

>>1038525 (OP)

The NSA has open sourced software before. I can't remember the name of it. Oh yeah because it was fucking useless.

Security moralfags.


 No.1038853>>1038860

>>1038728

Isn't a bad security track record (somewhat ironically) a good thing? It means the issues have already been found and fixed earlier in the projects life cycle.

Bad UI's seems a bit unfair since that's going to differ on a program to program and even framework to framework basis.

Likewise with performance, that's mostly dependent on the platform it runs on. I'm not going to pretend like safe, runtime oriented languages are going to be faster but the difference should be negligible in most cases.

I can't imagine something like this, which will mostly be idle, being perf dependent. Unlike say, a video encoder trying to max out your CPU for the duration of the process lifetime.

You're obviously free to feel however you wish, but I myself don't think these are reasonable objections in this context. I feel like people see Java and instantly write something off and I don't understand that. Just because some programs written in Java are bad does not make all Java program inherently unusable imo.


 No.1038855>>1038863 >>1050195 >>1050272

>>1038617

Because old software is too correct and efficient. Nu-software is inclusive and has contributions by women, homosexuals and brown people.


 No.1038860>>1038865

>>1038853

>Isn't a bad security track record (somewhat ironically) a good thing?

Not really since many discovered flaws don't mean few remaining flaws. However, it tells you something (bad) about the quality of the programmers and the program's design.


 No.1038863

>>1038855

You forgot the transsexuals and fishmouth people. Please be more inclusive next time, it's very insensitive to leave out under represented degenerates.


 No.1038865>>1038893

>>1038860

Consider it, I might say it's moot then.

Regardless of the past, it's not indicative of the current state. Something is either exploitable or not and we cannot really know until after an exploit has been found.

Also audit and dev teams change so the quality could have gone in either direction as well.

That being said, my stance is that it's still unfair to judge a program based on the language alone, and even extending to Java here, it may not be fair to judge them based on their past versions, or make assumption about the current state of it without certainty.

The Java bullies will be stopped.


 No.1038875

>>1038691

Not him, but here it goes.

Slow, every large java application I have used has been unresponsive and slow to the point where I don't want to use it. This includes net-simulators, UML graph tools, ide's. Once it might be retarded devs, but when it repeats then, no, it's java.


 No.1038893

>>1038865

What else do you judge things on except their past?! It's not like they completely rewrite the thing or replace the entire team every time a new version comes around. Additionally, the problem with security exploits is that things can be failing horribly while you are none the wiser, so you necessarily have to rely on heuristics; what better heuristic is there than the project's past?

Just look at something like OpenSSL: Their code is awe-inspiringly terrible (no really, I was literally in awe at how bad it is), but you would be able to tell as much even if it was closed source, simply because they constantly have massive security problems. In a sanely designed program with good developers, these problems simply don't occur at that frequency. If you naively assume that every fixed bug was the last one for real this itme, you get fucked nonstop. Honestly, I'm kinda interested where this attitude comes from, because it seems completely batshit insane to me. Is it wishful thinking?

This also extends to language, e.g. because the language makes it very easy to make such mistakes (C etc) or because the language has a large pool of bad developers (PHP and JS are the primary examples of this, but it applies to Java as well). Or in this case, because the above stuff applies to its implementation. That said, I do agree that shitting on Java is a big meme on /tech/ and mostly comes from people who couldn't program their way out of a paper bag. It's the cool thing to hate.


 No.1038901>>1038919

Remember when getting into the NSA was a challenge?


 No.1038919

>>1038901

Remember when Whites were a super-majority? Everything today is degraded.


 No.1039625>>1039626 >>1039630

>>1038617

Look up IDA's licensing fees some time and you'll immediately understand why.


 No.1039626>>1039708

>>1039625

Why don't they just pirate it?


 No.1039630

>>1039625

Why did you take the bait?


 No.1039707

>>1038531

Blows IDA and Radare out of the park


 No.1039708

>>1039626

Why would you install proprietary software


 No.1039720>>1039745

>>1038580

you're a shill

How is github abotnet that compares to foogle?


 No.1039745>>1039874

>>1039720

It's owned by kikerosoft


 No.1039795>>1039798

>>1038691

>Is java really that bad?

The short answer is that large java applications open slowly, but then after that are as fast, if not faster, than anything else.

Taking 30-60 seconds to open wasn't that bad 10 years ago, but now people think that's terrible, as if it was really such a massive amount of time. The bad impression at opening the software sticks and retards then think it's always slow and never use it again, because they could opened 10 snapchat messages in the time to open. Java hate = short attention span

>>1038806

>The NSA didn't backdoor the software

hahahahahahahahahahaha

You missed the news didn't you?


 No.1039796

>>1038525 (OP)

Does this mean they have something way better and this ghidra is obsolete?


 No.1039798>>1050078

>>1039795

What would be the point of backdooring a reverse engineering tool?


 No.1039810>>1039840

File (hide): 30a80629114a68d⋯.jpg (18.04 KB, 373x339, 373:339, 1201635159.jpg) (h) (u)

Wow /tech/ is worse than /g/

>muh backdoors in an open source program directed at reverse engineers

They release it because they want people to fix it for free and attract new talent at the same time


 No.1039840>>1039851

>>1039810

It's not open source though since the code hasn't been released.

Anyway's not it's not /g/ to be weary of THE FUCKING NSA. Fuck off glow-in-the-dark.


 No.1039851

>>1039840

If you find a backdoor in Ghidra I will unironically kill myself on stream.


 No.1039874

>>1039745

Ok that makes sence come again


 No.1048736

https://www.ghidra-sre.org/releaseNotes.html

It's still under development.

Maybe they forgot the backdoor.


 No.1048739

>proprietary software

>written by nsa

shit, tyrone


 No.1048834

>>1038672

LARPer detected. Nothing wrong with Java for this type of program.


 No.1049214>>1049289

Full source code was released today. This includes the source to the decompiler and sleigh parser which wasn't included in the initial release.

https://www.nsa.gov/ghidra

https://github.com/NationalSecurityAgency/ghidra

Thoughts?


 No.1049287

>>1038525 (OP)

What tf am I even supposed to do with it?


 No.1049289>>1049337

File (hide): 2d9144154418a2a⋯.png (253.92 KB, 2396x1616, 599:404, 123713465273.png) (h) (u)

>>1049214

The UI feels pretty slow compared to IDA or radare but it works quite well.

Considering I always do REing in a VM anyways I don't see a reason not to use this.


 No.1049337

>>1049289

I’d set affinity to a single core, it wasn’t coded correctly and is probably less deterministic than the lottery.


 No.1049343>>1049346

You fools, the backdoor is not in Ghidra itself, but a backdoor is dynamically inserted into the code it decompiles so that if you compile it again it's botnet.


 No.1049346

>>1049343

but cant you read the source to find any such things


 No.1049553>>1049628

I have a theory that the NSA knows we're all totally owned and with WWIII on the horizon really wants people to discover a lot about the different ways we're owned, and maybe JUUUST maybe, there are "totally not NSA security researchers and teams" who already have a bunch of these vulns which need to be released in a deniable way so the NSA doesn't reveal its capabilities?

That's what I'd do anyways.


 No.1049618

>>1038836

You're thinking of RSA and DSA encryption


 No.1049628

>>1049553

Well, I know they have a bad history, but there is plenty of bad blood between the CIA and the NSA. Also, I don't remember Terry Davis saying anything about glow in the dark "NSANiggers". We also have the NSA to thank, indirectly, for being able to shut off Israel Inside's ME bullshit.


 No.1049695>>1049702

Ghidra might be reverse engineered itself, at least in order for it to be version 9 and be horribly coded.


 No.1049702

>>1049695

like version numbers mean anything these days. just look at chrome..


 No.1050025>>1050037 >>1050038 >>1050831

Now the source code is out, but I can't figure out how to fucking build it. Apparently it requires gradle, so I installed gradle and ran it in the root ghidra directory. Whoops. It requires an older gradle (5.0, specifically). Fine. I install that instead. Now it's complaining about something related to jython and that I don't have a repository set up. I installed jython, but apparently that's not what it's asking for.

I looked through the source tree for variations of *build* to see if there were some build instructions, but I couldn't find any. The README is useless. The wiki/FAQ on github has no info about building. Is there some obvious build documentation I'm missing? Has anybody actually build this?


 No.1050037

>>1050025

lol brainlet


 No.1050038>>1050215 >>1050828

>>1050025

isnt there any build script like a makefile or something? just read it if there is


 No.1050078

File (hide): 6374c63b3c66fbe⋯.jpg (7.99 KB, 235x215, 47:43, 1550552501651.jpg) (h) (u)

>literal glow in the dark CIAnigger software

<not a botnet goyim

>>1039798

lol gtfo

<what was the point of systemd, what was the point of eternalblue, heartbleed(cia used for at least 2+ yrs prior to discovery) etc etc etc


 No.1050195>>1050272 >>1050577

Looks cool for me. I've scanned the source code with clamav. I'll check, if the code has any analitics shit, if not I'll try it. Not using the software your enemy uses is funny, especially if you have the source code.

>>1038617

>Why would they try to replace something that works perfectly fine?

<nonfree software

<working perfectly fine

Lol

>>1038855

>Because old software is too correct and efficient. Nu-software is inclusive and has contributions by women, homosexuals and brown people.

<nonfree software

<too correct and efficient

<Proprietary software is the best software goy!

Yeah, 100% straight male proprietary software is better that this dirty SJW free/libre software.


 No.1050215

>>1050038

It's a Java project, Gradle is the build system.


 No.1050272

>>1050195

>Yeah, 100% straight male proprietary software is better that this dirty SJW free/libre software.

It is.

>>1038855

>women, homosexuals, or brown people had anything to do with coding this software.

:^)


 No.1050562

>>1038541

It's open source, and so the irony is that only a nigger like you won't be able to tell if its safe or not.


 No.1050577>>1050606

File (hide): 5748b4880f5527f⋯.png (548.78 KB, 1200x756, 100:63, Lincucks.png) (h) (u)

>>1050195

>Yeah, 100% straight male proprietary software is better that this dirty SJW free/libre software.

Unironically true.


 No.1050606>>1050770 >>1050771 >>1050843

>>1050577

Lol that picrel.

>powershell

slow as fuck

>profit-driven innovation

>innovation

funny

>full hardware support

Last time I checked (month ago) windows couldn't find USB driver. Linux (kernel) is better at loading binary blobs, than windows.

>full hardware performance

You mean when they don't install security patch for meltdown and spectre, so games can run smoothly, or when ton of spyware is running in the background?

>just works

Just doesn't work it crashes all the time. Updates often break something.

>WSL

Because Windows wasn't good enough so they had to put GNU/Linux inside.

>IDEs

Implying there are no IDEs on GNU/Linux. Better pay for your monthly Visual Studio subscription.

On GNU/Linux

>end user compilation

This is actually an advantage.

>No flash

Why would I use this spyware?

>shell scripts

that's a good thing

>No hardware support

Why would I use nonfree drivers/firmware? I don't want to use malicious software on my computer.

>systemdick etc.

There are some problems, but it is still better than being exploited and controlled.

When did /tech/ became a place full of botnet lovers and windows useds?


 No.1050770

>>1050606

>windows couldn't find USB driver

lol stopped reading there


 No.1050771>>1050802

>>1050606

>>no flash

>Why would I use this spyware?

objectively untrue as well.


 No.1050802

>>1050771

No an argument


 No.1050828>>1050831


 No.1050831


 No.1050843>>1050889

>>1050606

>Why would I use nonfree drivers/firmware?

Here we see the loonix fag claiming a problem is a solution


 No.1050889>>1050920

>>1050843

>Here we see the loonix fag claiming a problem is a solution

That's not because driver devs are retarded, but hardware manufacturers are - they won't tell how the hardware works, they'll just give you a binary blob. There are some backward engineering efforts, but it is hard and firmware is often signed with a crypto key, so you can't use your own software on that hardware.

The solution is to support only copmanies that produce libre hardware.


 No.1050920

>>1050889

Libre hardware is great to have but not necessary. What's absolutely necessary is accurate technical documentation about the specifications of the hardware. When programmers have the proper specifications, then the programmer should be able to write the appropriate driver for the hardware device. Libre hardware should have this level of technical specification. However it's perfectly fine for a black box device as long as the interfaces and relevant internal knowledge are documented for the programmer.




[Return][Go to top][Catalog][Screencap][Nerve Center][Cancer][Update] ( Scroll to new posts) ( Auto) 5
82 replies | 8 images | Page ?
[Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / baphomet / caco / choroy / christ / dbv / dempart / gfl / leandro ][ watchlist ]