• Stars
    star
    7,957
  • Rank 4,708 (Top 0.1 %)
  • Language
    C++
  • License
    MIT License
  • Created almost 7 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

RetDec is a retargetable machine-code decompiler based on LLVM.

Warning

The RetDec project is currently in a limited maintenance mode due to a lack of resources:

  • Pull Requests are welcomed. They are reviewed with priority, if possible without delays.
  • Issues are reacted on with delays up to one quarter. Issues are not actively solved unless they relate to a basic project maintenance.
  • The basic project maintenance continues.
  • Only a very limited development is carried on.

RetDec

Travis CI build status TeamCity build status RetDec CI

RetDec is a retargetable machine-code decompiler based on LLVM.

The decompiler is not limited to any particular target architecture, operating system, or executable file format:

  • Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code
  • Supported architectures:
    • 32-bit: Intel x86, ARM, MIPS, PIC32, and PowerPC
    • 64-bit: x86-64, ARM64 (AArch64)

Features:

  • Static analysis of executable files with detailed information.
  • Compiler and packer detection.
  • Loading and instruction decoding.
  • Signature-based removal of statically linked library code.
  • Extraction and utilization of debugging information (DWARF, PDB).
  • Reconstruction of instruction idioms.
  • Detection and reconstruction of C++ class hierarchies (RTTI, vtables).
  • Demangling of symbols from C++ binaries (GCC, MSVC, Borland).
  • Reconstruction of functions, types, and high-level constructs.
  • Integrated disassembler.
  • Output in two high-level languages: C and a Python-like language.
  • Generation of call graphs, control-flow graphs, and various statistics.

For more information, check out our

Installation

There are two ways of obtaining and installing RetDec:

  1. Download and unpack a pre-built stable or bleeding-edge package and follow instructions in the Use section of its retdec/share/retdec/README.md file after unpacking.
  2. Build RetDec by yourself from sources by following the Build and Installation section. After installation, follow instructions below.

We currently support Windows (7 or later), Linux, macOS, and (experimentally) FreeBSD. An installed version of RetDec requires approximately 5 to 6 GB of free disk space.

Use

Please, ensure that you reading instructions corresponding to the used RetDec version. If unsure, refer to the retdec/share/retdec/README.md file in the installation.

Windows

  1. After installing RetDec, install Microsoft Visual C++ Redistributable for Visual Studio 2017.

  2. Install the following programs:

    • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
    • Graphviz (Optional: if you want to generate call or control flow graphs)
  3. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR\bin\retdec-decompiler.exe test.exe
    

    For more information, run retdec-decompiler.exe with --help.

Linux

  1. After installing RetDec, install the following packages via your distribution's package manager:

    • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
    • Graphviz (Optional: if you want to generate call or control flow graphs)
  2. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe
    

    For more information, run retdec-decompiler with --help.

macOS

  1. After installing RetDec, install the following packages:

    • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
    • Graphviz (Optional: if you want to generate call or control flow graphs)
  2. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe
    

    For more information, run retdec-decompiler with --help.

FreeBSD (Experimental)

  1. There are currently no pre-built "ports" packages for FreeBSD. You will have to build and install the decompiler by yourself. The process is described below.

  2. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe
    

    For more information, run retdec-decompiler with --help.

Use of RetDec libraries

You can easily use various RetDec libraries in your projects - if they are build with CMake. RetDec installation contains all the necessary headers, libraries, and CMake scripts.

If you installed RetDec into a standard installation location of your system (e.g. /usr, /usr/local), all you need to do in order to use its components is:

find_package(retdec 5.0 REQUIRED
   COMPONENTS
      <component>
      [...]
)
target_link_libraries(your-project
   PUBLIC
      retdec::<component>
      [...]
)

If you did not install RetDec somewhere where it can be automatically discovered, you need to help CMake find it before find_package() is used. There are generally two ways to do it (pick & use only one):

  1. Add the RetDec installation directory to CMAKE_PREFIX_PATH:

    list(APPEND CMAKE_PREFIX_PATH ${RETDEC_INSTALL_DIR})
  2. Set the path to installed RetDec CMake scripts to retdec_DIR:

    set(retdec_DIR ${RETDEC_INSTALL_DIR}/share/retdec/cmake)

See the Repository Overview wiki page for the list of available RetDec components, or the retdec-build-system-tests for demos on how to use them.

Build and Installation

This section describes a local build and installation of RetDec. Instructions for Docker are given in the next section.

Requirements

Linux

On Debian-based distributions (e.g. Ubuntu), the required packages can be installed with apt-get:

sudo apt-get install build-essential cmake git openssl libssl-dev python3 autoconf automake libtool pkg-config m4 zlib1g-dev upx doxygen graphviz

On RPM-based distributions (e.g. Fedora), the required packages can be installed with dnf:

sudo dnf install gcc gcc-c++ cmake make git openssl openssl-devel python3 autoconf automake libtool pkg-config m4 zlib-devel upx doxygen graphviz

On Arch Linux, the required packages can be installed with pacman:

sudo pacman --needed -S base-devel cmake git openssl python3 autoconf automake libtool pkg-config m4 zlib upx doxygen graphviz

Windows

  • Microsoft Visual C++ (version >= Visual Studio 2017 version 15.7)
  • CMake (version >= 3.6)
  • Git
  • OpenSSL (version >= 1.1.1)
  • Python (version >= 3.4)
  • Optional: Doxygen and Graphviz for generating API documentation

macOS

Packages should be preferably installed via Homebrew.

FreeBSD (Experimental)

Packages should be installed via FreeBSDs pre-compiled package repository using the pkg command or built from scratch using the ports database method.

  • Full "pkg" tool instructions: handbook pkg method
    • pkg install cmake python37 git autotools OR
  • Full "ports" instructions: handbook ports method
    • portsnap fetch
    • portsnap extract
  • For example, cmake would be
    • whereis cmake
    • cd /usr/ports/devel/cmake
    • make install clean

Process

Note: Although RetDec now supports a system-wide installation (#94), unless you use your distribution's package manager to install it, we recommend installing RetDec locally into a designated directory. The reason for this is that uninstallation will be easier as you will only need to remove a single directory. To perform a local installation, run cmake with the -DCMAKE_INSTALL_PREFIX=<path> parameter, where <path> is directory into which RetDec will be installed (e.g. $HOME/projects/retdec-install on Linux and macOS, and C:\projects\retdec-install on Windows).

  • Clone the repository:
    • git clone https://github.com/avast/retdec
  • Linux:
    • cd retdec
    • mkdir build && cd build
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
    • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
    • make install
  • Windows:
    • Open a command prompt (e.g. cmd.exe)
    • cd retdec
    • mkdir build && cd build
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path> -G<generator>
    • cmake --build . --config Release -- -m
    • cmake --build . --config Release --target install
    • Alternatively, you can open retdec.sln generated by cmake in Visual Studio IDE
  • macOS:
    • cd retdec
    • mkdir build && cd build
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
    • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
    • make install
  • FreeBSD:
    • sudo pkg install git cmake
    • git clone https://github.com/avast/retdec
    • cd retdec
    • mkdir build && cd build
    • # FreeBSD (and other BSDs) do need cmake, python3, git, autotools. OpenSSL is pre-installed in the OS but check its version.
      # Later versions may be available for each of the packages.
      # See what is installed:
      sudo pkg info cmake python37 autotools
      # Install/upgrade them:
      sudo pkg install cmake python37 autotools
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
    • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
    • make install

You have to pass the following parameters to cmake:

  • -DCMAKE_INSTALL_PREFIX=<path> to set the installation path to <path>. Quote the path if you are using backslashes on Windows (e.g. -DCMAKE_INSTALL_PREFIX="C:\retdec").
  • (Windows only) -G<generator> is -G"Visual Studio 15 2017" for 32-bit build using Visual Studio 2017, or -G"Visual Studio 15 2017 Win64" for 64-bit build using Visual Studio 2017. Later versions of Visual Studio may be used.

You can pass the following additional parameters to cmake:

  • -DRETDEC_DOC=ON to build with API documentation (requires Doxygen and Graphviz, disabled by default).
  • -DRETDEC_TESTS=ON to build with tests (disabled by default).
  • -DRETDEC_DEV_TOOLS=ON to build with development tools (disabled by default).
  • -DRETDEC_COMPILE_YARA=OFF to disable YARA rules compilation at installation step (enabled by default).
  • -DCMAKE_BUILD_TYPE=Debug to build with debugging information, which is useful during development. By default, the project is built in the Release mode. This has no effect on Windows, but the same thing can be achieved by running cmake --build . with the --config Debug parameter.
  • -D<dep>_LOCAL_DIR=<path> where <dep> is from {CAPSTONE, GOOGLETEST, KEYSTONE, LLVM, YARA, YARAMOD} (e.g. -DCAPSTONE_LOCAL_DIR=<path>), to use the local repository clone at <path> for RetDec dependency instead of downloading a fresh copy at build time. Multiple such options may be used at the same time.
  • -DRETDEC_ENABLE_<component>=ON to build only the specified component(s) (multiple such options can be used at once), and its (theirs) dependencies. By default, all the components are built. If at least one component is enabled via this mechanism, all the other components that were not explicitly enabled (and are not needed as dependencies of enabled components) are not built. See cmake/options.cmake for all the available component options.
    • -DRETDEC_ENABLE_ALL=ON can be used to (re-)enable all the components.
    • Alternatively, -DRETDEC_ENABLE=<comma-separated component list> can be used instead of -DRETDEC_ENABLE_<component>=ON (e.g. -DRETDEC_ENABLE=fileformat,loader,ctypesparser is equivalent to -DRETDEC_ENABLE_FILEFORMAT=ON -DRETDEC_ENABLE_LOADER=ON -DRETDEC_ENABLE_CTYPESPARSER=ON).

Build in Docker

Docker support is maintained by community. If something does not work for you or if you have suggestions for improvements, open an issue or PR.

Build Image

Building in Docker does not require installation of the required libraries locally. This is a good option for trying out RetDec without setting up the whole build toolchain.

To build the RetDec Docker image, run

docker build -t retdec - < Dockerfile

This builds the image from the master branch of this repository.

To build the image using the local copy of the repository, use the development Dockerfile, Dockerfile.dev:

docker build -t retdec:dev . -f Dockerfile.dev

Run Container

If your uid is not 1000, make sure that the directory containing your input binary files is accessible for RetDec:

chmod 0777 /path/to/local/directory

Now, you can run the decompiler inside a container:

docker run --rm -v /path/to/local/directory:/destination retdec retdec-decompiler /destination/binary

Note: Do not modify the /destination part is. You only need to change /path/to/local/directory. Output files will then be generated to /path/to/local/directory.

Nightly Builds

We generate up-to-date RetDec packages from the latest commit in the master branch in two ways:

  • Using our TeamCity servers
  • Using Github Actions.

The builds are mostly meant to be used by RetDec developers, contributors, and other people experimenting with the product (e.g. testing if an issue present in the official release still exists in the current master).

You can use these as you wish, but keep in mind that there are no guarantees they will work on your system (especially the Linux version), and that regressions are a possibility. To get a stable RetDec version, either download the latest official pre-built package or build the latest RetDec version tag.

TeamCity

Github Actions

You can find builds for macOS, Linux and Windows in the latest RetDec CI workflow run.

Project Documentation

See the project documentation for an up to date Doxygen-generated software reference corresponding to the latest commit in the master branch.

Related Repositories

  • retdec-idaplugin -- Embeds RetDec into IDA (Interactive Disassembler) and makes its use much easier.
  • retdec-r2plugin -- Embeds RetDec into Radare2 and makes its use much easier.
  • retdec-regression-tests-framework -- A framework for writing and running regression tests for RetDec and related tools. This is a must if you plan to contribute to the RetDec project.
  • retdec-regression-tests -- A suite of regression tests for RetDec and related tools.
  • retdec-build-system-tests -- A suite of tests for RetDec's build system. This can also serve as a collection of demos on how to use RetDec libraries.
  • vim-syntax-retdecdsm -- Vim syntax-highlighting file for the output from the RetDec's disassembler (.dsm files).

License

Copyright (c) 2017 Avast Software, licensed under the MIT license. See the LICENSE file for more details.

RetDec incorporates a modified PeLib library. New modules added by Avast Software are licensed under the MIT license. The original sources are licensed under the following license:

RetDec uses third-party libraries or other resources listed, along with their licenses, in the LICENSE-THIRD-PARTY file.

Contributing

See RetDec contribution guidelines.

Acknowledgements

This software was supported by the research funding TACR (Technology Agency of the Czech Republic), ALFA Programme No. TA01010667.

More Repositories

1

android-butterknife-zelezny

Android Studio plug-in for generating ButterKnife injections from selected layout XML.
Java
3,383
star
2

retry-go

Simple golang library for retry mechanism
Go
2,380
star
3

android-styled-dialogs

Backport of Material dialogs with easy-to-use API based on DialogFragment
Java
2,147
star
4

retdec-idaplugin

RetDec plugin for IDA
C++
753
star
5

pytest-docker

Docker-based integration tests
Python
426
star
6

gradle-docker-compose-plugin

Simplifies usage of Docker Compose for integration testing in Gradle environment.
Groovy
412
star
7

ioc

Threat Intel IoCs + bits and pieces of dark matter
C
368
star
8

scala-server-toolkit

Functional programming toolkit for building server applications in Scala.
Scala
198
star
9

hdfs-shell

HDFS Shell is a HDFS manipulation tool to work with functions integrated in Hadoop DFS
Java
150
star
10

apkparser

APK manifest & resources parsing in Golang.
Go
123
star
11

yaramod

Parsing of YARA rules into AST and building new rulesets in C++.
C++
114
star
12

topee

Google Chrome Extension API for Safari
JavaScript
104
star
13

yari

YARI is an interactive debugger for YARA Language.
Rust
85
star
14

apkverifier

APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.
Go
81
star
15

gradle-dependencies-viewer

A simple web UI to analyze dependencies for your project based on the text data generated from "gradle dependencies" command.
JavaScript
78
star
16

yls

YARA Language Server
Python
67
star
17

yarang

Alternative YARA scanning engine
C++
66
star
18

pelib

PE file manipulation library.
C++
62
star
19

datadog4s

Making great monitoring easy in functional Scala
Scala
62
star
20

pe_tools

A cross-platform Python toolkit for parsing/writing PE files.
Python
62
star
21

k8s-admission-webhook

A general-purpose Kubernetes admission webhook to aid with enforcing best practices within your cluster.
Go
54
star
22

grpc-java-jwt

JWT based authentication for gRPC-Java.
Java
46
star
23

yaracpp

C++ wrapper for YARA.
C++
45
star
24

hexrays-demo

IDA SDK tech demo
C++
35
star
25

rabbitmq-scala-client

Scala wrapper over standard RabbitMQ Java client library
Scala
35
star
26

marathon-vault-plugin

Marathon plugin which injects Vault secrets via environment variables
Scala
30
star
27

android-lectures

Class material for lectures about Android development
Kotlin
27
star
28

avast-ctu-cape-dataset

Jupyter Notebook
25
star
29

retdec-regression-tests-framework

A framework for writing and running regression tests for RetDec and related tools.
Python
24
star
30

capstone-dumper

Utility for dumping all the information Capstone has on given instructions.
C++
24
star
31

libdwarf

Library to provide access to DWARF debugging information.
C
23
star
32

PurpleDome

Simulation environment for attacks on computer networks
Python
21
star
33

llvm

An LLVM clone modified for use in RetDec and associated tools.
LLVM
19
star
34

wanna-ml

Complete MLOps framework for Vertex-AI
Python
18
star
35

grpc-json-bridge

Library for exposing gRPC endpoints via HTTP (JSON) API
Scala
18
star
36

authenticode-parser

Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.
C
16
star
37

ep-stats

Statistics for Experimentation Platform
Python
15
star
38

elfio

Library for reading and generating ELF files.
C++
14
star
39

vuei18n-po

transform gettext .po files for vue-i18n
JavaScript
14
star
40

retdec-regression-tests

A collection of regression tests for RetDec and associated tools.
Python
12
star
41

safariextz

Safari extension packer for node.js
JavaScript
9
star
42

cactus

Library for easy conversion between GPB and Scala case classes.
Scala
9
star
43

hermes

SMTP honeypot built on top of the Salmon mail server
Python
8
star
44

kafka-tests

Integration test of Apache Kafka 0.9.0+ and Java clients.
Java
8
star
45

bytes

Library providing universal interface for having an immutable representation of sequence of bytes.
Java
7
star
46

genrex

Generator of regular expressions
Python
7
star
47

ctf-aca-brno-2020

Tasks from Avast Cyber Adventure 2020 Brno
Objective-C
6
star
48

metrics

Java/Scala library defining API for metrics publishing
Java
6
star
49

slog4s

Structured and contextual logging for Scala
Scala
6
star
50

Stor

HTTP API for SHA256 objects
Perl
5
star
51

clockwork

An adoption of the map-reduce paradigm based on the concept of coroutines to the world of stream data processing.
Java
5
star
52

covid-19-ioc

HTML
5
star
53

asio-mutex

Awaitable Mutex compatible with Boost.Asio
C++
5
star
54

tlshc

TLSH library in C
C
5
star
55

decryptor-keys

Decryption keys for our ransomware decryptors
5
star
56

scala-hashes

Case-classes representing MD5, SHA1 and SHA256.
Scala
5
star
57

bytecompressor

Java and Scala abstractions for some compression algorithms.
Java
5
star
58

retdec-support

Support packages for the RetDec decompiler.
5
star
59

hackcambridge-ccleaner-app

A custom build of CCleaner that enables the integration of Avast Secure Browser
Visual Basic
5
star
60

mongodb-oplog-stats

A tool for obtaining statistics about a MongoDB replica-set oplog
Rust
5
star
61

hackcambridge-ccleaner-extension

A stub for the CCleaner extension for Avast Secure Browser
JavaScript
5
star
62

machine-learning-python

Machine learning in Python Workshop
Jupyter Notebook
4
star
63

syringe

Syringe - Dependency Injection and Configuration Library from AVAST Software
Java
4
star
64

labmanager-unit-vsphere

REST service for vmWare vSphere virtual machine control
Python
4
star
65

syringe-maven-plugin

Supporting Maven plugin for Syringe
Java
3
star
66

cargo-depdiff

Inspecting what changed around dependencies between versions
Rust
3
star
67

ndisdump

A no-dependencies network packet capture tool for Windows
C++
3
star
68

webtrails

Svelte
3
star
69

BigMap

Scala Map that uses binary search in memory mapped sorted file. It makes possible usage of data sets bigger than available memory as a Map.
Scala
3
star
70

management-console-config

Sample configuration for Avast Business management console
2
star
71

hackcambridge-challenge

Integrate the Avast Secure Browser (ASB) and CCleaner products to improve user privacy, prevent website tracking, and reduce the userโ€™s online footprint.
2
star
72

storage-client

Scala
2
star
73

boost-python-examples

Examples that show capabilities of Boost Python
C++
2
star
74

docker-centos_perl_cpanm

2
star
75

adblock

JavaScript
2
star
76

retdec-build-system-tests

Tests of RetDec build system. This can also serve as RetDec component usage examples.
C++
2
star
77

eslint-plugin-apklab-frida

ESLint plugin & config for the Frida scripts used in the apklab.io platform.
JavaScript
2
star
78

VSArchConv

Converts .sln/.vcxproj to support different architecture
C++
2
star
79

stor-client

Go
2
star
80

stepdance

Functional iterators for easy and elegant parsing, scanning, iterating etc. Written Scala.
Scala
1
star
81

docker-flume-hdfs

Shell
1
star
82

vsphere-instaclone

Really quickly clone machines to be used as TeamCity agents
Kotlin
1
star
83

jmx-publisher

Tool to get properties and methods published via JMX easily.
Java
1
star
84

browser-extension-messaging-sample

JavaScript
1
star
85

continuity

Library for passing context between threads in multi-threaded applications
Scala
1
star
86

instaprofiles-sync

application is used to regularly synchronize defined cloud profiles for [TeamCity plugin vsphere-instaclone](https://github.com/avast/vsphere-instaclone)
Java
1
star
87

jasmine-class-mock

Create a mock class for the Jasmine framework
JavaScript
1
star
88

jfrog-verisign

JFrog plugin to verify deploying artifacts signatures. It supports both JAR and RPM (PGP) verification
Java
1
star
89

https-encryption

Avast HTTPS Encryption powered by HTTPSEverywhere
JavaScript
1
star
90

kluzo

Library for passing tracing ID between threads in multi-threaded applications
Scala
1
star
91

firefox-xpi

Firefox extension packer for node.js
JavaScript
1
star
92

fairy-tale

Toolbox for functional programming in Scala using Finally Tagless approach
Scala
1
star
93

ResolveTest

Simple dns resolve utility.
C++
1
star
94

mdevcamp-workshop

Kotlin Multiplatform - Unleash the Power of Shared Code
Kotlin
1
star
95

gossip-bot

Find out what is happening within the company
Go
1
star