An Open-Source Machine-Code Decompiler

Presented at REcon 2018, June 16, 2018, 3 p.m. (30 minutes)

We present our machine-code decompiler called RetDec (Retargetable Decompiler). We have been developing RetDec in Avast for several years, and open-sourced it a few months ago under the MIT license. Its primary goal is, of course, decompilation of (malicious) binary applications, but its components can be also used for other tasks such as initial assessment of samples, pattern matching, disassembly, extraction of control flow, or translation into a well-known intermediate representation. We will demonstrate both decompilation and other reversing applications of our tools on several real-world examples.

Presenters:

• Peter Matula
  Peter Matula is a senior software developer at Avast Software. He focuses on reverse-engineering research and is currently the main developer of the RetDec decompiler. He received his MSc. degree from the Faculty of Information Technology, Brno University of Technology, Czech Republic. His interests are rock climbing and beer.
• Marek Milkovič
  Marek Milkovič is software engineer at Avast Software. He works on preprocessing stage of RetDec decompiler and YARA related tools. His interests are C++, reverse engineering and compilers.

Links:

• https://recon.cx/2018/montreal/schedule/events/112.html

Similar Presentations:

• DeepSec 2019 „Internet of Facts and Fears“ / RevEngE is a dish served cold: Debug-Oriented Malware Decompilation and Reassembly
• REcon Brussels 2018 / Decompiler internals: microcode
• Black Hat USA 2018 / Decompiler Internals: Microcode