RetDec is an open-source machine-code decompiler based on LLVM. IDA is a highly capable disassembler widely used in the reverse engineering community. RetDec IDA plugin brings RetDec to IDA.
In the past, we have released several stable builds of RetDec IDA plugin versioned 0.x. Now, we are proud to announce a brand new version 1.0 with the following major enhancements:
- The plugin is a stand-alone package – a separate RetDec installation is not required.
- The entire user interface has been rewritten.
- The plugin supports arm64 decompilation.
See changelog for the complete list of new features, enhancements, and fixes.
1. Stand-alone package
All the past plugin versions required a separate RetDec installation in order to work. The user had to get a correct version of RetDec for the particular plugin version they were using, and configure it properly. Then, the plugin launched the main RetDec Python script whenever it wanted to run a decompilation. This was not very elegant and caused a lot of problems (#37, #40, #58, #59, #60).
RetDec IDA plugin version 1.0 is the first release using the new RetDec decompilation library. It allows to embed the entire decompilation functionality into the plugin itself. This greatly reduces a room for issues, and increases user comfort.
2. New user interface
The new plugin brings a brand new user interface. We have practically rewritten the whole thing from a hacked-together mess into an elegant solution properly using the available IDA SDK 7.5 mechanisms.
If you are interested in how we did it, read our technical demo article. If you just want to know what it can now do, watch the following videos.
3. Arm64 support
RetDec has been able to decompile arm64 binaries for quite some time. Now, we bring this functionality to the RetDec IDA plugin as well.
Conclusion
Our IDA plugin v1.0 is a big step towards an effective and efficient manual malware analysis with RetDec. However, there are still many things to improve, so stay tuned for further updates.
Also, if you don’t use IDA, check out our RetDec Radare2 plugin.