NSA Ghidra

Ghidra logo

NSA's Ghidra is a software reverse engineering (SRE) tool, that converts assembly code back into C code--at least approximately.

Ghidra is a free and open-source tool developed by the National Security Agency's Research Directorate in support of the Cybersecurity mission. The binaries were released at RSA Conference in March 2019; the sources are on GitHub .

Disassembly of a file in Ghidra. NSA video.

Ghidra is seen by many security researchers as a competitor to IDA Pro and JEB decompiler. It is used by both white hat security researchers and sometimes by black hat hackers.

Now that Apple is transitioning the Mac line of computers to ARM64, developers may need to reverse engineer the MacOS Assembly Language to see how stuff works.

Fast switching between write and execute (never both at the same time).

MacOS Big Sur leverages a unified memory architecture for CPU and GPU tasks, Apple Silicon can do JIT using API to switch memory from write to execute. Expect developers will need to learn how to tune for drivers that emphasize different priorities. Set security for drivers to optimize for native unification (imagine a quad processor threads in different states). page

The full release build can be downloaded from our project homepage here .


Should have titled this page 'ARM wrestling with Ghidra'.