Convert Figma logo to code with AI

avast logoretdec

RetDec is a retargetable machine-code decompiler based on LLVM.

7,959
939
7,959
427
View on GitHub

Top Related Projects

radareorg's avatar

radare2

20,310

UNIX-like reverse engineering framework and command-line toolset

angr's avatar

angr

7,457

A powerful and user-friendly binary analysis platform!

capstone-engine's avatar

capstone

7,334

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

rizinorg's avatar

rizin

2,625

UNIX-like reverse engineering framework and command-line toolset.

NationalSecurityAgency's avatar

ghidra

50,446

Ghidra is a software reverse engineering (SRE) framework

Quick Overview

RetDec (Retargetable Decompiler) is an open-source machine-code decompiler based on LLVM. It supports multiple architectures, file formats, and can produce high-level language code from binary executables. RetDec is designed to be modular and extensible, making it suitable for both research and practical reverse engineering tasks.

Pros

  • Supports multiple architectures (x86, ARM, MIPS, PIC32, PowerPC)
  • Handles various file formats (ELF, PE, Mach-O, COFF, AR, Intel HEX, raw machine code)
  • Produces readable high-level language output (C, Python-like pseudocode)
  • Actively maintained and regularly updated

Cons

  • Complex setup process for building from source
  • Resource-intensive for large binaries
  • Output quality can vary depending on the input binary's complexity
  • Limited support for certain advanced obfuscation techniques

Getting Started

To use RetDec, follow these steps:

  1. Install RetDec:

    git clone https://github.com/avast/retdec
cd retdec
mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=<path>
make
make install

  2. Decompile a binary:

    retdec-decompiler <input-file>

  3. View the decompiled output:

    cat <input-file>.c

For more detailed usage instructions and options, refer to the official documentation on the RetDec GitHub repository.

Competitor Comparisons

radareorg logo

radare2

20,310

UNIX-like reverse engineering framework and command-line toolset

Pros of radare2

  • More comprehensive toolkit with a wider range of features for reverse engineering and binary analysis
  • Highly extensible with a plugin system and scripting capabilities
  • Active community and frequent updates

Cons of radare2

  • Steeper learning curve due to its complex command-line interface
  • Can be overwhelming for beginners or those seeking a more focused decompilation tool

Code comparison

radare2:

r2 -A binary
[0x00000000]> pdf @ main

RetDec:

retdec-decompiler binary -o output.c

Key differences

  • RetDec is primarily a decompiler, while radare2 is a comprehensive reverse engineering framework
  • radare2 offers more interactive analysis features, while RetDec focuses on generating readable C-like output
  • RetDec may provide more accurate high-level code reconstruction in some cases

Use cases

  • radare2: Ideal for in-depth reverse engineering, malware analysis, and complex binary analysis tasks
  • RetDec: Better suited for quick decompilation of binaries to readable C-like code, especially useful for initial analysis or when source code recovery is the primary goal

Both tools have their strengths and can be complementary in a reverse engineer's toolkit, depending on the specific task at hand.

angr logo

angr

7,457

A powerful and user-friendly binary analysis platform!

Pros of angr

  • More comprehensive analysis framework with symbolic execution capabilities
  • Actively maintained with frequent updates and large community support
  • Supports a wider range of architectures and file formats

Cons of angr

  • Steeper learning curve due to its complexity and extensive features
  • Can be slower for simpler analysis tasks compared to RetDec
  • Requires more system resources, especially for complex analyses

Code comparison

RetDec (C++):

retdec::config::Config config;
config.setInputFile("binary.exe");
auto decompiler = retdec::decompiler::createDecompiler(config);
decompiler->run();

angr (Python):

import angr
proj = angr.Project("binary.exe")
cfg = proj.analyses.CFGFast()
function = cfg.functions[0x400000]
decompiler = proj.analyses.Decompiler(function)

Both tools offer binary analysis capabilities, but angr provides a more flexible and powerful framework for advanced reverse engineering tasks. RetDec focuses primarily on decompilation, while angr offers a broader range of analyses, including symbolic execution and vulnerability discovery. The choice between them depends on the specific requirements of the analysis task and the user's expertise level.

capstone-engine logo

capstone

7,334

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

Pros of Capstone

  • Lightweight and fast disassembly framework
  • Supports multiple architectures (x86, ARM, MIPS, etc.)
  • Extensive language bindings (Python, Java, Go, etc.)

Cons of Capstone

  • Focused solely on disassembly, not a full decompilation suite
  • Less comprehensive analysis capabilities
  • Limited high-level language output

Code Comparison

RetDec (C++):

retdec::config::Config config;
config.setInputFile("input.exe");
auto decompiler = retdec::decompiler::createDecompiler(config);
decompiler->run();

Capstone (Python):

from capstone import *
md = Cs(CS_ARCH_X86, CS_MODE_64)
CODE = b"\x55\x48\x8b\x05\xb8\x13\x00\x00"
for i in md.disasm(CODE, 0x1000):
    print("%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

RetDec is a more comprehensive decompilation tool, offering full binary analysis and C-like output. Capstone, on the other hand, is a lightweight disassembly engine that provides low-level instruction decoding for multiple architectures. While RetDec is better suited for in-depth reverse engineering tasks, Capstone excels in scenarios requiring quick and efficient disassembly across various platforms.

rizinorg logo

rizin

2,625

UNIX-like reverse engineering framework and command-line toolset.

Pros of rizin

  • More active development with frequent updates and contributions
  • Broader feature set including debugging, analysis, and visualization tools
  • Supports a wider range of architectures and file formats

Cons of rizin

  • Steeper learning curve due to its extensive feature set
  • May be overkill for simpler reverse engineering tasks
  • Less focused on decompilation compared to RetDec

Code comparison

RetDec (C++):

retdec::config::Config config;
config.setInputFile(inputFile);
auto decompiler = retdec::decompiler::createDecompiler(config);
decompiler->run();

rizin (C):

RCore *core = r_core_new();
r_core_cmd_str(core, "aaa");
char *decompiled = r_core_cmd_str(core, "pdc");
r_core_free(core);

Both tools offer powerful reverse engineering capabilities, but they serve different purposes. RetDec focuses primarily on decompilation, while rizin provides a more comprehensive reverse engineering framework. RetDec may be easier to use for specific decompilation tasks, while rizin offers more flexibility and features for advanced reverse engineering workflows.

NationalSecurityAgency logo

ghidra

50,446

Ghidra is a software reverse engineering (SRE) framework

Pros of Ghidra

  • More comprehensive feature set, including a GUI and advanced analysis tools
  • Larger and more active community, leading to frequent updates and support
  • Better documentation and extensive user guides

Cons of Ghidra

  • Steeper learning curve due to its complexity
  • Heavier resource usage, which may impact performance on less powerful systems
  • Some users may have concerns about its association with the NSA

Code Comparison

Ghidra (Java):

public class SimpleDecompiler {
    public static void main(String[] args) {
        DecompInterface decompInterface = new DecompInterface();
        DecompileResults results = decompInterface.decompileFunction(function, 0, null);
    }
}

RetDec (C++):

#include <retdec/retdec.h>

int main(int argc, char* argv[]) {
    retdec::config::Config config;
    config.setInputFile(argv[1]);
    retdec::decompile(config);
}

Both Ghidra and RetDec are powerful reverse engineering tools, but they cater to different user needs. Ghidra offers a more comprehensive suite of features and a GUI, making it suitable for complex analysis tasks. RetDec, on the other hand, is more lightweight and focused on decompilation, which can be advantageous for specific use cases or integration into other tools.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Warning

The RetDec project is currently in a limited maintenance mode due to a lack of resources:

  • Pull Requests are welcomed. They are reviewed with priority, if possible without delays.
  • Issues are reacted on with delays up to one quarter. Issues are not actively solved unless they relate to a basic project maintenance.
  • The basic project maintenance continues.
  • Only a very limited development is carried on.

RetDec

Travis CI build status TeamCity build status RetDec CI

RetDec is a retargetable machine-code decompiler based on LLVM.

The decompiler is not limited to any particular target architecture, operating system, or executable file format:

  • Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code
  • Supported architectures:
    • 32-bit: Intel x86, ARM, MIPS, PIC32, and PowerPC
    • 64-bit: x86-64, ARM64 (AArch64)

Features:

  • Static analysis of executable files with detailed information.
  • Compiler and packer detection.
  • Loading and instruction decoding.
  • Signature-based removal of statically linked library code.
  • Extraction and utilization of debugging information (DWARF, PDB).
  • Reconstruction of instruction idioms.
  • Detection and reconstruction of C++ class hierarchies (RTTI, vtables).
  • Demangling of symbols from C++ binaries (GCC, MSVC, Borland).
  • Reconstruction of functions, types, and high-level constructs.
  • Integrated disassembler.
  • Output in two high-level languages: C and a Python-like language.
  • Generation of call graphs, control-flow graphs, and various statistics.

For more information, check out our

Installation

There are two ways of obtaining and installing RetDec:

  1. Download and unpack a pre-built stable or bleeding-edge package and follow instructions in the Use section of its retdec/share/retdec/README.md file after unpacking.
  2. Build RetDec by yourself from sources by following the Build and Installation section. After installation, follow instructions below.

We currently support Windows (7 or later), Linux, macOS, and (experimentally) FreeBSD. An installed version of RetDec requires approximately 5 to 6 GB of free disk space.

Use

Please, ensure that you reading instructions corresponding to the used RetDec version. If unsure, refer to the retdec/share/retdec/README.md file in the installation.

Windows

  1. After installing RetDec, install Microsoft Visual C++ Redistributable for Visual Studio 2017.

  2. Install the following programs:

    • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
    • Graphviz (Optional: if you want to generate call or control flow graphs)

  3. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR\bin\retdec-decompiler.exe test.exe

    For more information, run retdec-decompiler.exe with --help.

Linux

  1. After installing RetDec, install the following packages via your distribution's package manager:

    • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
    • Graphviz (Optional: if you want to generate call or control flow graphs)

  2. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe

    For more information, run retdec-decompiler with --help.

macOS

  1. After installing RetDec, install the following packages:

    • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
    • Graphviz (Optional: if you want to generate call or control flow graphs)

  2. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe

    For more information, run retdec-decompiler with --help.

FreeBSD (Experimental)

  1. There are currently no pre-built "ports" packages for FreeBSD. You will have to build and install the decompiler by yourself. The process is described below.

  2. To decompile a binary file named test.exe, run

    $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe

    For more information, run retdec-decompiler with --help.

Use of RetDec libraries

You can easily use various RetDec libraries in your projects - if they are build with CMake. RetDec installation contains all the necessary headers, libraries, and CMake scripts.

If you installed RetDec into a standard installation location of your system (e.g. /usr, /usr/local), all you need to do in order to use its components is:

find_package(retdec 5.0 REQUIRED
   COMPONENTS
      <component>
      [...]
)
target_link_libraries(your-project
   PUBLIC
      retdec::<component>
      [...]
)

If you did not install RetDec somewhere where it can be automatically discovered, you need to help CMake find it before find_package() is used. There are generally two ways to do it (pick & use only one):

  1. Add the RetDec installation directory to CMAKE_PREFIX_PATH:

    list(APPEND CMAKE_PREFIX_PATH ${RETDEC_INSTALL_DIR})

  2. Set the path to installed RetDec CMake scripts to retdec_DIR:

    set(retdec_DIR ${RETDEC_INSTALL_DIR}/share/retdec/cmake)

See the Repository Overview wiki page for the list of available RetDec components, or the retdec-build-system-tests for demos on how to use them.

Build and Installation

This section describes a local build and installation of RetDec. Instructions for Docker are given in the next section.

Requirements

Linux

On Debian-based distributions (e.g. Ubuntu), the required packages can be installed with apt-get:

sudo apt-get install build-essential cmake git openssl libssl-dev python3 autoconf automake libtool pkg-config m4 zlib1g-dev upx doxygen graphviz

On RPM-based distributions (e.g. Fedora), the required packages can be installed with dnf:

sudo dnf install gcc gcc-c++ cmake make git openssl openssl-devel python3 autoconf automake libtool pkg-config m4 zlib-devel upx doxygen graphviz

On Arch Linux, the required packages can be installed with pacman:

sudo pacman --needed -S base-devel cmake git openssl python3 autoconf automake libtool pkg-config m4 zlib upx doxygen graphviz

Windows

  • Microsoft Visual C++ (version >= Visual Studio 2017 version 15.7)
  • CMake (version >= 3.6)
  • Git
  • OpenSSL (version >= 1.1.1)
  • Python (version >= 3.4)
  • Optional: Doxygen and Graphviz for generating API documentation

macOS

Packages should be preferably installed via Homebrew.

FreeBSD (Experimental)

Packages should be installed via FreeBSDs pre-compiled package repository using the pkg command or built from scratch using the ports database method.

  • Full "pkg" tool instructions: handbook pkg method
    • pkg install cmake python37 git autotools OR
  • Full "ports" instructions: handbook ports method
    • portsnap fetch
    • portsnap extract
  • For example, cmake would be
    • whereis cmake
    • cd /usr/ports/devel/cmake
    • make install clean

Process

Note: Although RetDec now supports a system-wide installation (#94), unless you use your distribution's package manager to install it, we recommend installing RetDec locally into a designated directory. The reason for this is that uninstallation will be easier as you will only need to remove a single directory. To perform a local installation, run cmake with the -DCMAKE_INSTALL_PREFIX=<path> parameter, where <path> is directory into which RetDec will be installed (e.g. $HOME/projects/retdec-install on Linux and macOS, and C:\projects\retdec-install on Windows).

  • Clone the repository:
    • git clone https://github.com/avast/retdec
  • Linux:
    • cd retdec
    • mkdir build && cd build
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
    • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
    • make install
  • Windows:
    • Open a command prompt (e.g. cmd.exe)
    • cd retdec
    • mkdir build && cd build
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path> -G<generator>
    • cmake --build . --config Release -- -m
    • cmake --build . --config Release --target install
    • Alternatively, you can open retdec.sln generated by cmake in Visual Studio IDE
  • macOS:
    • cd retdec
    • mkdir build && cd build
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
    • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
    • make install
  • FreeBSD:
    • sudo pkg install git cmake
    • git clone https://github.com/avast/retdec
    • cd retdec
    • mkdir build && cd build
    • # FreeBSD (and other BSDs) do need cmake, python3, git, autotools. OpenSSL is pre-installed in the OS but check its version.
# Later versions may be available for each of the packages.
# See what is installed:
sudo pkg info cmake python37 autotools
# Install/upgrade them:
sudo pkg install cmake python37 autotools
    • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
    • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
    • make install

You have to pass the following parameters to cmake:

  • -DCMAKE_INSTALL_PREFIX=<path> to set the installation path to <path>. Quote the path if you are using backslashes on Windows (e.g. -DCMAKE_INSTALL_PREFIX="C:\retdec").
  • (Windows only) -G<generator> is -G"Visual Studio 15 2017" for 32-bit build using Visual Studio 2017, or -G"Visual Studio 15 2017 Win64" for 64-bit build using Visual Studio 2017. Later versions of Visual Studio may be used.

You can pass the following additional parameters to cmake:

  • -DRETDEC_DOC=ON to build with API documentation (requires Doxygen and Graphviz, disabled by default).
  • -DRETDEC_TESTS=ON to build with tests (disabled by default).
  • -DRETDEC_DEV_TOOLS=ON to build with development tools (disabled by default).
  • -DRETDEC_COMPILE_YARA=OFF to disable YARA rules compilation at installation step (enabled by default).
  • -DCMAKE_BUILD_TYPE=Debug to build with debugging information, which is useful during development. By default, the project is built in the Release mode. This has no effect on Windows, but the same thing can be achieved by running cmake --build . with the --config Debug parameter.
  • -D<dep>_LOCAL_DIR=<path> where <dep> is from {CAPSTONE, GOOGLETEST, KEYSTONE, LLVM, YARA, YARAMOD} (e.g. -DCAPSTONE_LOCAL_DIR=<path>), to use the local repository clone at <path> for RetDec dependency instead of downloading a fresh copy at build time. Multiple such options may be used at the same time.
  • -DRETDEC_ENABLE_<component>=ON to build only the specified component(s) (multiple such options can be used at once), and its (theirs) dependencies. By default, all the components are built. If at least one component is enabled via this mechanism, all the other components that were not explicitly enabled (and are not needed as dependencies of enabled components) are not built. See cmake/options.cmake for all the available component options.
    • -DRETDEC_ENABLE_ALL=ON can be used to (re-)enable all the components.
    • Alternatively, -DRETDEC_ENABLE=<comma-separated component list> can be used instead of -DRETDEC_ENABLE_<component>=ON (e.g. -DRETDEC_ENABLE=fileformat,loader,ctypesparser is equivalent to -DRETDEC_ENABLE_FILEFORMAT=ON -DRETDEC_ENABLE_LOADER=ON -DRETDEC_ENABLE_CTYPESPARSER=ON).

Build in Docker

Docker support is maintained by community. If something does not work for you or if you have suggestions for improvements, open an issue or PR.

Build Image

Building in Docker does not require installation of the required libraries locally. This is a good option for trying out RetDec without setting up the whole build toolchain.

To build the RetDec Docker image, run

docker build -t retdec - < Dockerfile

This builds the image from the master branch of this repository.

To build the image using the local copy of the repository, use the development Dockerfile, Dockerfile.dev:

docker build -t retdec:dev . -f Dockerfile.dev

Run Container

If your uid is not 1000, make sure that the directory containing your input binary files is accessible for RetDec:

chmod 0777 /path/to/local/directory

Now, you can run the decompiler inside a container:

docker run --rm -v /path/to/local/directory:/destination retdec retdec-decompiler /destination/binary

Note: Do not modify the /destination part is. You only need to change /path/to/local/directory. Output files will then be generated to /path/to/local/directory.

Nightly Builds

We generate up-to-date RetDec packages from the latest commit in the master branch in two ways:

  • Using our TeamCity servers
  • Using Github Actions.

The builds are mostly meant to be used by RetDec developers, contributors, and other people experimenting with the product (e.g. testing if an issue present in the official release still exists in the current master).

You can use these as you wish, but keep in mind that there are no guarantees they will work on your system (especially the Linux version), and that regressions are a possibility. To get a stable RetDec version, either download the latest official pre-built package or build the latest RetDec version tag.

TeamCity

Github Actions

You can find builds for macOS, Linux and Windows in the latest RetDec CI workflow run.

Project Documentation

See the project documentation for an up to date Doxygen-generated software reference corresponding to the latest commit in the master branch.

Related Repositories

  • retdec-idaplugin -- Embeds RetDec into IDA (Interactive Disassembler) and makes its use much easier.
  • retdec-r2plugin -- Embeds RetDec into Radare2 and makes its use much easier.
  • retdec-regression-tests-framework -- A framework for writing and running regression tests for RetDec and related tools. This is a must if you plan to contribute to the RetDec project.
  • retdec-regression-tests -- A suite of regression tests for RetDec and related tools.
  • retdec-build-system-tests -- A suite of tests for RetDec's build system. This can also serve as a collection of demos on how to use RetDec libraries.
  • vim-syntax-retdecdsm -- Vim syntax-highlighting file for the output from the RetDec's disassembler (.dsm files).

License

Copyright (c) 2017 Avast Software, licensed under the MIT license. See the LICENSE file for more details.

RetDec incorporates a modified PeLib library. New modules added by Avast Software are licensed under the MIT license. The original sources are licensed under the following license:

RetDec uses third-party libraries or other resources listed, along with their licenses, in the LICENSE-THIRD-PARTY file.

Contributing

See RetDec contribution guidelines.

Acknowledgements

This software was supported by the research funding TACR (Technology Agency of the Czech Republic), ALFA Programme No. TA01010667.