Avast Launches Open-Source Decompiler For Machine Code (techspot.com) 13
Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. In addition to the open-source version found on GitHub, RetDec is also being provided as a web service.
Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.
Wow! So many architectures! (Score:1)
PIC32 and MIPS!
It's like a PIC32 isn't actually a MIPS based MCU.... oh wait, it is.
Re: (Score:2)
...but no x86_64.
Re: (Score:3)
Or any other 64 bit arch.
A debugger does this (Score:1)
The killer was when I debugged my TRS-80 BASIC interpreter in ROM. You'd have some 3 byte instruction, "jump here", then somewhere else you'd have a 3 byte instruction "jump into the middle of this 3 byte instruction to do something completely different". My understanding is Bill did those, but for all the evil he
Re: (Score:2)
I'm guessing the reverse engineered C++ code is gonna cost a hella amount of time to reverse engineer the reverse engineered code the tool generates.
I've reversed engineered C. C++? Not seeing how a tool is gonna be a lot of help. Basing this on going from C to ASM is pretty straightforward. Going from C++ to C is problematic, especially as you are going C++ -> ASMas opposed to C++ -> C.
Should crossref with github. (Score:2)
Perhaps if you built a fingerprint based on the structure of calls across functions, you could map it back to source code from github. Not that malware is generally posted to github, but I'd be surprised if they didn't use a TON of third_party libraries, and factoring all of those out would make what's left easier to understand and also let you focus better.
doesnt work (Score:1)
i uploaded a file containing several c files into a lib. everything seems to work as i would expect. i selected the c file i wanted but then it failed saying file wasnt found.