Avast makes 'RetDec' machine-code decompiler open source on GitHub
Open source is the future of computing. Don't believe me? Three of the most important technology companies -- Microsoft, Apple, and Google -- not only license open source software, but they contribute to open source projects too. While closed source will likely never go away, it is becoming less important.
Today, popular anti-virus and security company, Avast, announces that it too is contributing to the open source community. You see, it is releasing the code for its machine-code decompiler on GitHub. Called "RetDec," the decompiler had been under development since 2011, originally by AVG -- a company Avast bought in 2016.
"The goal behind open sourcing RetDec is to provide a generic tool to transform platform-specific code, such as x86/PE executable files, into a higher form of representation, such as C source code. By generic, we mean that the tool should not be limited to a single platform, but rather support a variety of platforms, including different architectures, file formats, and compilers. At Avast, RetDec is actively used for analysis of malicious samples for various platforms, such as x86/PE and ARM/ELF," says Avast.
The company further says, "The source code of the decompiler and other related tools is now available on GitHub under the MIT license. By open-sourcing the decompiler, we would like to make its use more widespread and invite others to cooperate with us on its continued development."
Avast shares the following features of the decompiler.
- Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
- Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.
- Static analysis of executable files with detailed information.
- Compiler and packer detection.
- Loading and instruction decoding.
- Signature-based removal of statically linked library code.
- Extraction and utilization of debugging information (DWARF, PDB).
- Reconstruction of instruction idioms.
- Detection and reconstruction of C++ class hierarchies (RTTI, vtables).
- Demangling of symbols from C++ binaries (GCC, MSVC, Borland).
- Reconstruction of functions, types, and high-level constructs.
- Integrated disassembler.
- Output in two high-level languages: C and a Python-like language.
- Generation of call graphs, control-flow graphs, and various statistics.
- IDA plugin that allows decompilation of files directly from the IDA disassembler.
While this may not be the most significant software to switch from closed source to open, it could have big benefits for some researchers and developers. If you are interested in Avast's "RetDec" machine-code decompiler code, you can access it here now. It is designed to be compiled and installed on both Windows and Linux.