Computer security heavyweight Avast released its machine-code decompiler RetDec as an open source tool to the public recently.
The company worked on RetDec for seven years, and released the decompiler "to help the cybersecurity community fight malicious software". The decompiler can be used to analyze a program without running it.
Basically, what a decompiler does is take an executable file as input, to source code. It is pretty much the exact opposite of a compiler, a program that turns source code into executable files.
Decompilers cannot reconstruct the source code of a program with 100% accuracy usually, and the fact that most malware authors do use obfuscation techniques and other protective measures make it even harder.
RetDec supports different architectures and formats, and uses algorithms to improve the accuracy of the resulting code.
RetDec addresses the above mentioned issues by using a large set of supported architectures and file formats, as well as in-house heuristics and algorithms to decode and reconstruct applications. RetDec is also the only decompiler of its scale using a proven LLVM infrastructure and provided for free, licensed under MIT.
RetDec is freely available to anyone. You can download the source code from GitHub, or a 32-bit or 64-bit executable file for Windows instead. The release is quite big, the archive has a size of more than 250 Megabytes.
Avast notes that the decompiler supports Windows 7 and newer and Linux currently, and that Mac OS X is supported unofficially.
Setup is unfortunately not as easy as running a program on your machine. The installation instructions list other dependencies that you do need to install on the target machine.
On Windows, it is required to install the Microsoft Visual C++Redistributable for Visual Studio 2015 and other programs listed on the Windows Environment Wiki page. This is best done in a virtual machine or on a machine that is dedicated to that task in my opinion.
The feature set of RetDec according to Avast:
Avast released a web version of RetDec as well, but had to turn it off as it caused an "extremely high load" on company servers.
RetDec is a specialized tool that most computer users have no use for. The installation procedure is not super straightforward, but explained well enough on the Wiki. It is open source however, and it seems that Avast has mid and long term plans for the decompiler to improve it further. (via Born)
There are no comments on this post yet, be the first one to share your thoughts!
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
Leave a Reply