Avast 开源其反编译器RetDec

字体大小 | |
[业界资讯 所属分类 业界资讯 | 发布者 店小二03 | 时间 | 作者 红领巾 ] 0人收藏点击收藏
Avast 开源其反编译器RetDec

Malware hunting biz and nautical jargon Avast has released its machine-code decompiler RetDec as open source, in the hope of arming like-minded haters of bad bytes and other technically inclined sorts with better analytical tools.

As discussed as the recent Botconf 2017 in France earlier this month, RetDec provides a way to turn machine code – binary executables – back into an approximation of the original source code.
Where disassemblers convert binaries into assembly code – a somewhat readable representation of machine code – decompilers attempt to go back further to a higher-level source code language not tied to a specific processor – something more readable like C code.
Avast 开源其反编译器RetDec

Avast has used RetDec, which is based on LLVM, to decompile various ransomware strains, such as Apocalypse, BadBlock, Bart, CrySiS, TeslaCrypt, and others, in order to undo the unwanted encryption of victim's files.
Avast已经使用RetDec,基于LLVM的工具,来反编译各种各样的勒索软件样本,比如Apocalypse, BadBlock, Bart, CrySiS, TeslaCrypt等,为了帮助受害者还原他们未预料到的文件加密。
In an email to The Register, Jakub Kroustek, threat intelligence team lead at Avast, said that while there are a variety of good decompilation tools available, many are paid products and cannot easily be extended.
在于avast威胁情报小组leader Jakub Kroustek的交流中,他说当然有大量的很好的反编译工具可用,但很多是付费产品或者很难轻易扩展。
Existing open-source decompilers provide an alternative, he said, "but these do not always achieve proper stability, code readability and quality."
Kroustek said he hopes RetDec, offered under a friendly MIT license, "will fill a gap in the market, in terms of produced code quality and [extensibility]."
He expects RetDec will be helpful not only to security researchers but to developers who are interested in studying how their code compiled and those working on reverse engineering projects.
RetDec stands for Retargetable Decompiler, meaning it can be used to target code from different 32-bit architectures – Intel x86, ARM, MIPS, PIC32, and PowerPC – in various formats – ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
RetDec标准基于Retargetable反编译器,意味着他可以被用于标记来自于不同的32位平台 Intel x86, ARM, MIPS, PIC32, and PowerPC – in various formats – ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, 还有原始机器码的代码。
As a machine-code decompiler, RetDec is not suited for decompiling bytecode derived from Java, python, or .Net source files.
Because the code compilation process jettisons useful information, reversing the process tends to fall short of the original, like compressing an image with a lossy algorithm and then re-enlarging it.
Decompilation may be made more difficult still if the writer of the code attempts to obfuscate it.
RetDec, available as an online service since 2015, attempts to address these challenges by utilizing debugging information and reconstructing instruction idioms, among other techniques.
"Our motivation is to contribute back to the security community, [whose] tools we are using on daily basis – so why not to share back also our own tools?" said Kroustek. "Secondly, we hope that involvement of more users and developers will further improve our tool."
Kroustek said in the four days since the code has been available, Avast has already received dozens of messages, improvements, and bug reports.

本文业界资讯相关术语:网络安全论文 网络安全密钥 网络安全工程师 网络安全技术与应用 网络安全概念股 网络安全知识 网络安全宣传周 网络安全知识竞赛 网络安全事件

tags: code,RetDec,Kroustek,Avast,编译器,machine,source,said
本文标题:Avast 开源其反编译器RetDec

技术大类 技术大类 | 业界资讯 | 评论(0) | 阅读(77)