Avast Releases Code to Open Source Community

2017-12-16

Avast Releases Code to Open Source Community

Microsoft, Apple and Google are well known contributors to projects in the open source community and now another big hitter has shown it is also keen to contribute to the community.

Avast, makers and distributors of antivirus and internet security, is making available the code behind its machine=code decompiler. Released through GitHub the decompiler, named “RetDec”, originally began development in 2011 under the auspices of AVG, a company which Avast acquired in 2016.

Avast has said: "The goal behind open sourcing RetDec is to provide a generic tool to transform platform-specific code, such as x86/PE executable files, into a higher form of representation, such as C source code. By generic, we mean that the tool should not be limited to a single platform, but rather support a variety of platforms, including different architectures, file formats, and compilers. At Avast, RetDec is actively used for analysis of malicious samples for various platforms, such as x86/PE and ARM/ELF."

Avast also said: "The source code of the decompiler and other related tools is now available on GitHub under the MIT license. By open-sourcing the decompiler, we would like to make its use more widespread and invite others to cooperate with us on its continued development."

Elements of the decompiler that Avast has shared on GitHub include:

  • Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
  • Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.
  • Static analysis of executable files with detailed information.
  • Compiler and packer detection.
  • Loading and instruction decoding.
  • Signature-based removal of statically linked library code.
  • Extraction and utilization of debugging information (DWARF, PDB).
  • Reconstruction of instruction idioms.
  • Detection and reconstruction of C++ class hierarchies (RTTI, vtables).
  • Demangling of symbols from C++ binaries (GCC, MSVC, Borland).
  • Reconstruction of functions, types, and high-level constructs.
  • Integrated disassembler.
  • Output in two high-level languages: C and a Python-like language.
  • Generation of call graphs, control-flow graphs, and various statistics.
  • IDA plugin that allows decompilation of files directly from the IDA disassembler.

Designed for both Windows and Linux machines “RetDec” isn’t in itself a significant offering but it is significant for being the first contributions made to the open source community by Avast. It could also be the last time that Avast makes such a contribution but chances are equally good that it follow other major companies in having an active participation in the open source community.

Check out our open source courses. We are happy to tailor our courses to suit the needs of your team. If you’re an individual looking to join an open enrolment course just contact us to find the course you need at a city near you.

This article does not necessarily reflect the technical opinion of EDC4IT, but purely of the writer. If you want to discuss about this content, please use thecontact ussection of the site