Anti-malware company Avast announces the release of RetDec, a retargetable machine code, as open-source software designed to enhance the fight against malicious code.
RetDec is an abbreviation of Retargetable Decompiler, originally developed by Brno University of Technology Institute of Information Technology and AVG Technologies. Avast had acquired AVG Technologies in 2016.
RetDec is now available on GitHub under the MIT license, which means that security professionals can modify their source code and republish it.
RetDec is an LLVM-based, retargetable machine code decompiler that allows experts to perform platform-independent analysis of executables and decompile various ransomware such as Apocalypse, BadBlock, Bart, CrySiS, TeslaCrypt, and more. To revoke unnecessary encryption of victim files.
Avast’s open-source Retargetable decompiler provides “a common tool for converting platform-specific code, such as x86 / PE executables, into higher forms, such as C source code.
At Botconf 2017 in France earlier this month, RetDec provided an approximation of converting machine code – the binary executable – into the original source code.
Disassembly Converting Binary Code to Assembly Code – Some Readable Representation of Machine Code – An anti-compiler attempts to go back to a higher-level source code language than to a specific processor – more like C The code is readable.
He said that the existing open source anti-compiler provides an alternative, but these do not always achieve the proper stability, code readability, and quality.
RetDec is not only helpful to security researchers, but also to developers who are interested in working on their code compilation and reverse engineering projects.
RetDec stands for Retargetable Decompiler, which means that it can be used to code different 32-bit architectures such as Intel x86, ARM, MIPS, PIC32 and PowerPC in different formats – ELF, PE, Mach-O, COFF, Original machine code.
As a machine code decompiler, RetDec is not suitable for decompiling bytecode from Java, Python, or .Net source files.
Because the code compilation process discards useful information, the inversion process tends to be far from the original information, just as the lossy algorithm compresses the image and then re-amplifies it.
If the author of the code tries to obfuscate it, decompilation can become more difficult.
This utility includes support for multiple platforms, different architectures, file formats, and compilers.
“The decompiler is not limited to any particular target architecture, operating system or executable file format:
• Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
• Supported Architecture (32b Only): Intel x86, ARM, MIPS, PIC32, and PowerPC.
This tool currently only supports Windows (7 or later) and Linux, but prebuilt packages are only for Windows.
RetDec features are:
- Static analysis of executable files for details.
- Compiler and wrapper detection.
- Load and instruction decode.
- Signature-based static link library code removal.
- Extract and use debugging information (DWARF, PDB).
- Rebuild teaching language.
- Detect and rebuild C ++ class hierarchies (RTTI, vtables).
- Remove symbols from C ++ binaries (GCC, MSVC, Borland).
- Refactoring functions, types, and advanced constructs.
- Integrated Disassembler.
- Output in two high-level languages: C and Python languages.
- Generate call graphs, control flow graphs, and various statistics.
Provided by the IDA (Interactive Disassembler) plug-in, the tool can decompile files directly from the IDA disassembler.
RetDec is a powerful utility that allows you to optimize the reconstruction of your original source code by using a large number of supported architectures and file formats, as well as internal heuristics and decoding and refactoring applications. “
Avast also provides web services decompiled in the browser, an IDA plug-in, and a REST API that allow you to create applications that can interact with RetDec via HTTP requests.
The decompiler can use retdec-python through the API.
The original curated post is from Safe Harbor on Cyber.com
Merry Xmas, fellow code nerds: Avast open-sources decompiler
RetDec will turn binaries into something more legible Malware hunting biz and nautical jargon Avast has released its machine-code decompiler RetDec as open source, in the hope of arming like-minded haters of bad bytes and other technically inclined sorts with better analytical tools.…… Merry Xmas, fellow code nerds: Avast open-sources decompiler
Avast releases open sources Machine-Code Decompiler (RetDec) to fight malware
RetDec is the retargetable machine-code decompiler (RetDec) released by the anti-malware firm Avast to boost the fight against malicious codes. The anti-malware company Avast announced the release of retargetable machine-code decompiler (RetDec) as open source in an effort to boost the fight against malicious codes. RetDec, short for Retargetable Decompiler, was originally created as a joint project by the Faculty of Information… Avast releases open sources Machine-Code Decompiler (RetDec) to fight malware
If like to receive more of these curated news alerts then subscribe to my mailing list.