That why, the best decompilers available in the 90s used some sort of virtual machine to follow through the execution flow, and be able to distinguish such kind of "frame shifts" (that's actually a biology term, I've forgotten what the proper CS term is), and also be able to understand a bit of self-modifying code. (You need to manually ask the debugger to start dumping from the 2 overlapping point). The simple code dumper that comes with garden variety debugger won't easily deobfuscate that. I don't think any decompiler could deobfusticate that. It is even possible to write code that can execute two different sequences of instructions by offsetting the instruction pointer by a byte.
It doesn't have fixed length instructions, so it is difficult to figure out where opcodes begin and end. A plugin for IDA disassembler is also available for those experienced with decompiling software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code.
In addition to the open-source version found on GitHub, RetDec is also being provided as a web service. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years.
0 kommentar(er)
