Coreboot Project Is Leveraging NSA Software To Help With Firmware Reverse Engineering

It's not often the National Security Agency (NSA) can be thanked for their contributions to society, but in the case of one of their public open-source projects it's going to be used to help the Coreboot folks in reverse-engineering system firmware.

Ghidra is an open-source project maintained by the National security Agency as a reverse engineering tool that was originally outed by WikiLeaks only to be declassified earlier this year by the agency. The code was just open-sourced earlier this year as an alternative to IDA Pro and other disassemblers/decompilers. Those interested in this NSA software reverse engineering suite can find it hosted at Ghidra-SRE.org.

How this ties into firmware reverse engineering is that student developer Alex James is working on Ghidra modules for Google Summer of Code 2019 to assist with the firmware reverse-engineering. These modules will allow loading PCI option ROMs into Ghidra along with firmware images and scripts to aide in UEFI binary reverse engineering.

The GSoC project is just getting started so at this point it's unknown how well Ghidra will work out for helping in firmware reverse engineering, but you can track the progress here and the new code is being worked on at GitHub.