The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: reverse engineering

NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool

NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool
April 04, 2019Swati Khandelwal
Update (4/4/2019) — Great news. NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository . GHIDRA  is agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications. GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux. Reverse engineering a program or software involves disassembling, i.e. converting binary instructions into assembly code when its source code is unavailable, helping software engineers, especially malware analysts, understand the functionality of the code and actual design and implementation information. The existence of GHIDRA was first publicly revealed by WikiLeaks in CIA Vault 7 leaks , but the NSA today publicly released t

NSA to release its GHIDRA reverse engineering tool for free

NSA to release its GHIDRA reverse engineering tool for free
January 07, 2019Wang Wei
The United States' National Security Agency (NSA) is planning to release its internally developed reverse engineering tool for free at the upcoming RSA security conference 2019 that will be held in March in San Francisco. The existence of the framework, dubbed GHIDRA, was first publicly revealed by WikiLeaks in CIA Vault 7 leaks, but the tool once again came to light after Senior NSA Adviser Robert Joyce announced to publicly release the tool for free in his RSA Conference session description. Reverse engineering tool is a disassembler, for example, IDA-Pro, that help researchers identify certain portions of a program to see how they work by reading information like its processor instructions, instruction lengths, and more. GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux operating systems, and also supports a variety of processor

Most LokiBot samples in the wild are "hijacked" versions of the original malware

Most LokiBot samples in the wild are "hijacked" versions of the original malware
July 06, 2018Swati Khandelwal
Hacker himself got hacked. It turns out that most samples of the LokiBot malware being distributed in the wild are modified versions of the original sample, a security researcher has learned. Targeting users since 2015, LokiBot is a password and cryptocoin-wallet stealer that can harvest credentials from a variety of popular web browsers, FTP, poker and email clients, as well as IT administration tools such as PuTTY. The original LokiBot malware was developed and sold by online alias "lokistov," a.k.a. "Carter," on multiple underground hacking forums for up to $300, but later some other hackers on the dark web also started selling same malware for a lesser price (as low as $80). It was believed that the source code for LokiBot was leaked which might have allowed others to compile their own versions of the stealer. However, a researcher who goes by alias " d00rt " on Twitter found that someone made little changes (patching) in the original Lok

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

Pre-Installed Keylogger Found On Over 460 HP Laptop Models
December 09, 2017Wang Wei
HP has an awful history of 'accidentally' leaving keyloggers onto its customers' laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings. A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details. The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers. Although the keylogger component is disabled by default, hackers can make use of available open source tools for bypassing User Account Control (UAC) to

w00t! Google OnHub Router actually Runs on Chrome OS; Here's How to Root it

w00t! Google OnHub Router actually Runs on Chrome OS; Here's How to Root it
October 12, 2015Khyati Jain
Are you intrigued with the idea of disassembling things and making them work your ways? Then you'll find this coverage to be one of its kind! Google OnHub Router runs ChromiumOS ( Chrome OS ), the same Linux-based operating system that powers Google Chromebook laptops and desktops. Yeah, It's True. A Group of researchers has revealed that Google OnHub Router is actually a modified Chromebook in Cylindrical form and without screen. OnHub is a modern dual-band wireless router, designed by Google and TP-Link, operates networks on both the 2.4GHz & 5GHz frequency bands simultaneously and offers the speed of up to 1900 Mbps. Unlike traditional Broadband Routers, Google OnHub is designed to support " The Internet of Things " as well as other Smart devices, including Smartphones, Connected TVs and Computers. A Team of Modders at Exploitee.rs , also famous as GTVHacker , have successfully managed to root Google OnHub device, in the same way, they

Uber's Android app is Literally Malware?

Uber’s Android app is Literally Malware?
November 29, 2014Swati Khandelwal
The popular ride-sharing service Uber has been hit by various controversies lately, but now the things gone even worse for the company when a security researcher made a worrying discovery this week and claims, " Uber's app is literally malware. " The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users' data is being collected by the company's mobile application for Android. Researcher, who runs a cyber security firm in Arizona , just reverse-engineered the code of Uber's Android application and come to the conclusion that it is a malware. He discovered that the app " calls home " and sends data back to the company. But this excessive amount of access to users' data is not the sort of app data a taxi company should have access to in the first place. It really seems strange and unnecessary to collect. " Christ man! Why the hell woul

Student Decrypts Simplocker Android Ransomware that Encrypts Files

Student Decrypts Simplocker Android Ransomware that Encrypts Files
June 17, 2014Swati Khandelwal
In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users' phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu

Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers

Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers
October 19, 2013Mohit Kumar
Last week Craig Heffner, specialized on the embedded device hacking exposed a serious backdoor in number of D-Link routers allows unauthorized backdoor access. Recently he published his another researcher, Titled ' From China, With Love ', exposed that D-Link is not only the vendor who puts backdoors in their products. According to him, China based networking device and equipment manufacturer - Tenda Technology  (www.tenda.cn) also added potential backdoors into their Wireless Routers. He unpacked the software framework update and locate the httpd binary an found that the manufacturer is using GoAhead server, which has been substantially modified. These routers are protected with standard Wi-Fi Protected Setup (WPS) and WPA encryption key, but still by sending a UDP packet with a special string , an attacker could take over the router. Routers contain a flaw in the httpd component, as the MfgThread() function spawns a backdoor service that listens fo
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.