Ghidra 11.3 Released – NSA’s Powerful Reverse Engineering Tool

The National Security Agency (NSA) has launched Ghidra 11.3, the latest version of its open-source software reverse engineering (SRE) framework. The National Security Agency (NSA) has developed Ghidra, a cutting-edge Software Reverse Engineering (SRE) framework designed to analyze compiled code across multiple platforms, including Windows, macOS, and Linux. This open-source tool offers disassembly, decompilation, debugging, […] The post Ghidra 11.3 Released – NSA’s Powerful Reverse Engineering Tool appeared first on Cyber Security News.

Feb 6, 2025 - 22:08

Ghidra 11.3 Released – NSA’s Powerful Reverse Engineering Tool

The National Security Agency (NSA) has launched Ghidra 11.3, the latest version of its open-source software reverse engineering (SRE) framework.

The National Security Agency (NSA) has developed Ghidra, a cutting-edge Software Reverse Engineering (SRE) framework designed to analyze compiled code across multiple platforms, including Windows, macOS, and Linux.

This open-source tool offers disassembly, decompilation, debugging, emulation, and scripting capabilities, making it a vital asset for cybersecurity professionals.

Ghidra supports various processor instruction sets and executable formats, allowing users to conduct in-depth software analysis. It also features a customizable API, enabling the development of plug-ins, automated analyzers, and new visualizations.

Built to tackle large-scale cybersecurity challenges, Ghidra helps analysts detect vulnerabilities, analyze malicious code, and strengthen system defenses.

This release introduces significant improvements, new features, and bug fixes to enhance its usability and performance for cybersecurity professionals.

Ghidra 11.3 requires Java Development Kit (JDK) 21 and Python 3 (versions 3.9–3.13) for debugging or source builds. It remains backward compatible with data from earlier versions but introduces features that may not work on older releases.

This release also addresses numerous bugs, including issues with decompiler handling of recursive structures and breakpoint toggling in LLDB. Documentation has also been modernized to Markdown format for easier navigation.

Some users may encounter crashes linked to XWindows server updates. Updating to xwayland 23.2.6 or xorg-server 21.1.13 is recommended to resolve these issues.

“Ghidra 11.3 is fully backward compatible with project data from previous releases. However, programs and data type archives which are created or modified in 11.3 will not be usable by an earlier Ghidra version.” As stated in the release notes.

Highlights of Ghidra 11.3

Enhanced Debugging: The debugger now supports macOS kernel debugging via LLDB and Windows kernel debugging in virtual machines using eXDI. Deprecated connectors like “IN-VM” have been replaced with the more robust TraceRMI-based implementation.

Accelerated Emulation: A new Just-in-Time (JIT) p-code emulator has been introduced for faster performance. While not yet integrated into the UI, it is available for scripting and plugin development.

Integration with Visual Studio Code: Users can now create module projects or edit scripts directly in Visual Studio Code, offering a modern alternative to Eclipse for development and debugging.

Improved Functionality: The function graph now includes new “Flow Chart” layouts for better visualization of code blocks. Additionally, users can toggle seamlessly between listing and function graph views.

String Translation and Decompiled Text Search: A LibreTranslate plugin enables offline string translation, while a new feature allows users to search decompiled text across all functions in a binary.

Processor Support: Updates include better support for x86 AVX-512 instructions, ARM VFPv2 disassembly, and Golang 1.23 binaries.

PyGhidra Integration: The PyGhidra library, providing native CPython 3 access to the Ghidra API, is now fully integrated, enhancing scripting capabilities.

Ghidra 11.3 continues to evolve as a leading tool for reverse engineering, offering enhanced performance, modern integrations, and expanded functionality for cybersecurity professionals worldwide.