未加星标

Avast 开源其反编译器RetDec

字体大小 | |
[业界资讯 所属分类 业界资讯 | 发布者 店小二03 | 时间 | 作者 红领巾 ] 0人收藏点击收藏
Avast 开源其反编译器RetDec

Malware hunting biz and nautical jargon Avast has released its machine-code decompiler RetDec as open source, in the hope of arming like-minded haters of bad bytes and other technically inclined sorts with better analytical tools.

As discussed as the recent Botconf 2017 in France earlier this month, RetDec provides a way to turn machine code – binary executables – back into an approximation of the original source code.
就像本月早期的Botconf2017会议讨论过的,retdec提供了一种把机器码-原始可执行程序还原为接近源代码的方法。
Where disassemblers convert binaries into assembly code – a somewhat readable representation of machine code – decompilers attempt to go back further to a higher-level source code language not tied to a specific processor – something more readable like C code.
Avast 开源其反编译器RetDec

反汇编器尝试把可执行程序转换为汇编语言-一种可读的机器码表达方法,反编译器则尝试还原到更高层次的源代码而不是绑定到特定类型处理器的汇编-比如可读的C代码。
Avast has used RetDec, which is based on LLVM, to decompile various ransomware strains, such as Apocalypse, BadBlock, Bart, CrySiS, TeslaCrypt, and others, in order to undo the unwanted encryption of victim's files.
Avast已经使用RetDec,基于LLVM的工具,来反编译各种各样的勒索软件样本,比如Apocalypse, BadBlock, Bart, CrySiS, TeslaCrypt等,为了帮助受害者还原他们未预料到的文件加密。
In an email to The Register, Jakub Kroustek, threat intelligence team lead at Avast, said that while there are a variety of good decompilation tools available, many are paid products and cannot easily be extended.
在于avast威胁情报小组leader Jakub Kroustek的交流中,他说当然有大量的很好的反编译工具可用,但很多是付费产品或者很难轻易扩展。
Existing open-source decompilers provide an alternative, he said, "but these do not always achieve proper stability, code readability and quality."
已经存在的开源反编译器提供了一个替代方案,他说,“但是这并不能保证稳定性,代码的可阅读性和质量”
Kroustek said he hopes RetDec, offered under a friendly MIT license, "will fill a gap in the market, in terms of produced code quality and [extensibility]."
Kroustek说他希望RetDec,在MIT授权许可下提供,“这将会填补市场空白,在生成代码的质量和扩展性上”
He expects RetDec will be helpful not only to security researchers but to developers who are interested in studying how their code compiled and those working on reverse engineering projects.
他希望RetDec不仅仅只帮助安全研究人员同样有助于对学习他们的代码是如何被编译和反编译有兴趣的开发者。
RetDec stands for Retargetable Decompiler, meaning it can be used to target code from different 32-bit architectures – Intel x86, ARM, MIPS, PIC32, and PowerPC – in various formats – ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
RetDec标准基于Retargetable反编译器,意味着他可以被用于标记来自于不同的32位平台 Intel x86, ARM, MIPS, PIC32, and PowerPC – in various formats – ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, 还有原始机器码的代码。
As a machine-code decompiler, RetDec is not suited for decompiling bytecode derived from Java, python, or .Net source files.
作为机器码的反编译器,RetDec不适用于反编译来自Java,Python或者.net资源文件的字节码。
Because the code compilation process jettisons useful information, reversing the process tends to fall short of the original, like compressing an image with a lossy algorithm and then re-enlarging it.
因为代码编译处理了抛弃了大量有用的信息,逆向处理倾向于只丢失原始数据的一小部分,就像使用有损压缩算法压缩图片然后再解压出来。
Decompilation may be made more difficult still if the writer of the code attempts to obfuscate it.
反编译可能会变得异常困难如果代码的作者试图去混淆它。
RetDec, available as an online service since 2015, attempts to address these challenges by utilizing debugging information and reconstructing instruction idioms, among other techniques.
RetDec,从2015年开始作为在线服务可用,尝试通过利用调试信息,重构描述符号,和其他方法来进行挑战。
"Our motivation is to contribute back to the security community, [whose] tools we are using on daily basis – so why not to share back also our own tools?" said Kroustek. "Secondly, we hope that involvement of more users and developers will further improve our tool."
“我们的动力来自于安全社区的贡献,大家每天都用的基础工具-为什么我们不去共享我们自己的工具呢?”Kroustek说,“第二点,我们希望更多用户和开发者参与进来一起改进我们的工具”
Kroustek said in the four days since the code has been available, Avast has already received dozens of messages, improvements, and bug reports.
Kroustek说在一开始开源的四天里,Avast已经收到了大量的反馈,改进和bug报告。
<下载地址>
https://github.com/avast-tl/retdec

本文业界资讯相关术语:网络安全论文 网络安全密钥 网络安全工程师 网络安全技术与应用 网络安全概念股 网络安全知识 网络安全宣传周 网络安全知识竞赛 网络安全事件

tags: code,RetDec,Kroustek,Avast,编译器,machine,source,said
分页:12
转载请注明
本文标题:Avast 开源其反编译器RetDec
本站链接:http://www.codesec.net/view/570265.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 业界资讯 | 评论(0) | 阅读(333)