Machine-Code Analysis With Open-Source Decompiler RetDec

Loading Click here to add:

Links:

Latest annotations RSS feed

Creation date:
July 2nd, 2018, 4:20 p.m.

Add date:
July 2nd, 2018, 4:20 p.m.

Number of views:
170 (this month: 5)

Speaker:
Jakub Kroustek and Peter Matula

License:
CC BY-SA v4

Visibility:
This media is published

When we need to deeply analyze a binary application (e.g. for malware dissection, vulnerability research, code optimization), static code analysis is what we use most of the time. However, static analysis of machine-code is usually not an easy task. It is actually a tough one in case of malware analysis. Luckily, existing machine-code decompilers help with this task significantly. On the other hand, the most well-known decompilers are either proprietary, cannot be easily modified for a given task, or both.

In this talk, we would like to depict our machine-code decompiler called RetDec(Retargetable Decompiler) that we are developing in Avast since 2011 and which we have open-sourced a few months ago under the MIT license. Its primary goal is, of course, decompilation of binary (malicious) applications, but its components can also be used for other tasks, such as disassembly, extraction of basic blocks, or initial assessment of malware samples.

Jakub Kroustek
Jakub is leading the threat intelligence team at Avast Software and previously at AVG, 7 years in total. Jakub is a malware analyst and reverse engineer with expertise in ransomware, botnets, and cryptography. He has his Ph.D. for a machine-code analysis.

Peter Matula
Peter is a senior software developer at Avast Software. He focuses on reverse-engineering research and is currently the main developer of the RetDec decompiler. He received his MSc. degree from the Faculty of Information Technology, Brno University of Technology, Czech Republic.