http://open-source-security-software.net/project/retdec/releases.atom 2025-05-09T11:47:44.771983+00:00 python-feedgen retdec v3.0 2017-12-13T05:38:13+00:00 This is the initial public release. 2017-12-13T05:38:13+00:00 retdec v3.1 2018-06-07T09:22:34+00:00 * Unofficial support for building and running RetDec on macOS. * Reduced the likelihood of system crashes and freezes by limiting the overall memory when running RetDec tools. * More accurate decoding - a complete rewrite of binary to LLVM IR translation. * More accurate statically linked code detection - cross-checking signature references. * Detection of corrupted and unloadable PE files. * Better detection of compilers and packers - added new signatures and heuristics. YARA signatures are compiled now, which results in faster scanning. * New directory structure and tool names - we have added a `retdec-` prefix to all installed binaries and scripts. * Easier project development - removal of git submodules. * Build speedup and continuous integration builds. * Many other bugfixes and enhancements. For more details, see the [full changelog](https://github.com/avast-tl/retdec/blob/master/CHANGELOG.md). 2018-06-07T09:22:34+00:00 retdec v3.2 2018-08-16T09:42:55+00:00 * Converted shell scripts to Python scripts so that Windows users no longer have to install MSYS2 in order to run RetDec. * Added generation of export-table hashes into `retdec-fileinfo`. * Several other bugfixes and enhancements. For more details, see the [full changelog](https://github.com/avast-tl/retdec/blob/df784107fa7f062ca307b7896b80d35c1ddbe882/CHANGELOG.md). 2018-08-16T09:42:55+00:00 retdec v3.3 2019-03-18T15:49:34+00:00 * Added basic support of 64-bit x86 architecture. * The `new` LLVM IR to BIR converter is now the default (and only) back-end's converter. * Reduced the needed stack space in `retdec-llvmir2hll`. For more details, see the [full changelog](https://github.com/avast-tl/retdec/blob/ae298572cbbd9f863bb0d2e73464e15d2fa1d51b/CHANGELOG.md#v33-2019-03-18) 2019-03-18T15:49:34+00:00 retdec v4.0 2020-04-07T21:15:17+00:00 * Added support for decompilation of 64-bit ARM binaries ([#268](https://github.com/avast/retdec/issues/268), [#533](https://github.com/avast/retdec/pull/533), [#550](https://github.com/avast/retdec/pull/550)). * Added option to generate the decompilation results as JSON ([JSON output file format](https://github.com/avast/retdec/wiki/Decompiler-outputs#json-output-file-format)). This output contains additional meta-information and can be conveniently consumed by 3rd-party tools. * Added a new library called `retdec` that lets you decompile the input into both LLVM IR module and structured (i.e. functions and basic blocks) Capstone disassembly. See the `retdectool` demo application. * Implemented proper RetDec installation ([#648](https://github.com/avast/retdec/issues/648)). It is now possible to easily use RetDec components in other CMake projects. See the accompanying [blog post](https://engineering.avast.io/retdec-v4-0-is-out/) for detailed description of the main features. For all the changes, see the [full changelog](https://github.com/avast/retdec/blob/567c30e3dd4c572fa825d8781ed69652306a961e/CHANGELOG.md#v40-2020-04-07). 2020-04-07T21:15:17+00:00 retdec v5.0 2022-12-08T11:40:05+00:00 ## What's Changed The one major change: * RetDec is now a library ([#779](https://github.com/avast/retdec/pull/779). * Related changes are the removal of `retdec-decompiler.py` (it is now a binary, e.g. `retdec-decompiler.exe` on Windows), `retdec-bin2llvmir`, `retdec-llvmir2hll`, and some other supportive functionality. * See an example in `src/retdectool`, or an actual implementation of RetDec executable in `src/retdec-decompiler`, to find out how to use RetDec library. For more details, see the full [changelog](https://github.com/avast/retdec/blob/v5.0/CHANGELOG.md#v50-2022-12-08) or the list below: * Check for Armadillo made more generic by @ladislav-zezula in https://github.com/avast/retdec/pull/733 * Added tests for more versions of Petite packer by @ladislav-zezula in https://github.com/avast/retdec/pull/735 * Add detection support for newer versions of VMProtect. by @tamaroth in https://github.com/avast/retdec/pull/734 * Improve the detection of Enigma protector (32-bit). by @tamaroth in https://github.com/avast/retdec/pull/741 * Improve the detection of ASPack executable packer. by @tamaroth in https://github.com/avast/retdec/pull/743 * Fixed missing <limits> header by @Cyclic3 in https://github.com/avast/retdec/pull/745 * Improve the detection of the Eziriz packer/protector by @ladislav-zezula in https://github.com/avast/retdec/pull/746 * Added detection of PyInstaller by @ladislav-zezula in https://github.com/avast/retdec/pull/748 * Add support for using the 'dotnet' module in YARA rules by @PeterMatula in https://github.com/avast/retdec/pull/749 * Add detection support of Astrum InstallWizard. by @tamaroth in https://github.com/avast/retdec/pull/753 * Add detection of AutoHotKey compiler. by @tamaroth in https://github.com/avast/retdec/pull/756 * Improve the detection of AutoIT files compiled to binary. by @tamaroth in https://github.com/avast/retdec/pull/757 * fix: mislabeled scripts and writing strings versus bytes by @kayarre in https://github.com/avast/retdec/pull/759 * The detection of BAT to PE-EXE script-compilers. by @tamaroth in https://github.com/avast/retdec/pull/761 * The improved detection of BeRo EXE Packer. by @tamaroth in https://github.com/avast/retdec/pull/764 * deps/yara: force rebuild if config changed, fix #760 by @PeterMatula in https://github.com/avast/retdec/pull/763 * Lz more corruptions by @ladislav-zezula in https://github.com/avast/retdec/pull/767 * Fixed bug with alignment of PointerToRawData by @ladislav-zezula in https://github.com/avast/retdec/pull/768 * Update Yara to 4.0.1 by @PeterMatula in https://github.com/avast/retdec/pull/769 * deps/yara/patch: patch YARA surces to fix bug in v4.0.1 by @PeterMatula in https://github.com/avast/retdec/pull/773 * Optimize utils and file parsing to prevent timeouts in exotic files by @PeterMatula in https://github.com/avast/retdec/pull/772 * Lz memory dump detection by @ladislav-zezula in https://github.com/avast/retdec/pull/770 * Extension of bin2llvmir with optimization of X87 FPU stack. by @JurajHolub in https://github.com/avast/retdec/pull/715 * CMake fixes by @xkubov in https://github.com/avast/retdec/pull/777 * Remove too broad YARA rules for VMProtect packer detection. by @tamaroth in https://github.com/avast/retdec/pull/778 * Improve the detection of CExe packer by modifying the YARA rule. by @tamaroth in https://github.com/avast/retdec/pull/781 * Retdec is a library now by @PeterMatula in https://github.com/avast/retdec/pull/779 * * gu_idata and gu_rsrc section names are now considered packer sections by @ladislav-zezula in https://github.com/avast/retdec/pull/776 * fileformat/format_detection: use file magic to detect COFF files. by @PeterMatula in https://github.com/avast/retdec/pull/783 * Issue 774 by @PeterMatula in https://github.com/avast/retdec/pull/785 * Reduce static data by @PeterMatula in https://github.com/avast/retdec/pull/787 * deps/openssl: remove, require it as a prerequisite. by @PeterMatula in https://github.com/avast/retdec/pull/807 * Improvement to the detection of multiple packers. by @tamaroth in https://github.com/avast/retdec/pull/804 * utils: replace our filesystem_path with std::filesystem by @PeterMatula in https://github.com/avast/retdec/pull/806 * MzHeader and PeHeader classes in PELIB were replaced by ImageLoader class by @ladislav-zezula in https://github.com/avast/retdec/pull/812 * Improve MoleBox packer detection. by @tamaroth in https://github.com/avast/retdec/pull/815 * * Fixed high memory usage on samples with screwed up delayed imports by @ladislav-zezula in https://github.com/avast/retdec/pull/817 * Provide unified logging interface by @xkubov in https://github.com/avast/retdec/pull/816 * Lz high memory usage by @ladislav-zezula in https://github.com/avast/retdec/pull/818 * * Check for invalid IAT directory by @ladislav-zezula in https://github.com/avast/retdec/pull/822 * Fixed high memory usage in debug directory (#824) by @ladislav-zezula in https://github.com/avast/retdec/pull/825 * Fix crash on samples having corrupted PE header (#821) by @tamaroth in https://github.com/avast/retdec/pull/827 * Ninja build by @PeterMatula in https://github.com/avast/retdec/pull/830 * Small improvements to detections of binary tools. by @tamaroth in https://github.com/avast/retdec/pull/831 * Fixed build under RHEL based Linux where libraries are installed into lib64 instead of just lib by @metthal in https://github.com/avast/retdec/pull/834 * fix GCC 9.3.1 hang by @hanickadot in https://github.com/avast/retdec/pull/835 * Fixed segfault on PE files whose IMAGE_FILE_HEADER is cut by @ladislav-zezula in https://github.com/avast/retdec/pull/839 * Fix invalid memory read in PeLib::CoffSymbolTable::read() (#840) by @ladislav-zezula in https://github.com/avast/retdec/pull/841 * Added detection of Blizzard Protector by @ladislav-zezula in https://github.com/avast/retdec/pull/845 * Remove the copyright comment from the outputs generated by RetDec by @s3rvac in https://github.com/avast/retdec/pull/843 * utils: fix #842, always link stdc++fs if linux & gcc. by @PeterMatula in https://github.com/avast/retdec/pull/846 * deps/googletest: fix adding 'd' suffix in MSVC debug build by @PeterMatula in https://github.com/avast/retdec/pull/848 * Added YARA rule for CreateInstall installer by @ladislav-zezula in https://github.com/avast/retdec/pull/852 * Added YARA rules for FlyStudio installer by @ladislav-zezula in https://github.com/avast/retdec/pull/853 * Added YARA rule for Gentee Installer by @ladislav-zezula in https://github.com/avast/retdec/pull/855 * GhostInstaller and InnoSetup revisited by @ladislav-zezula in https://github.com/avast/retdec/pull/857 * Lz installers install creator by @ladislav-zezula in https://github.com/avast/retdec/pull/858 * Added YARA rules for Quick Batch installer by @ladislav-zezula in https://github.com/avast/retdec/pull/864 * Lz image loader win version specific by @ladislav-zezula in https://github.com/avast/retdec/pull/863 * improved YARA rules for Wise installer by @ladislav-zezula in https://github.com/avast/retdec/pull/865 * Added YARA rule for VISEMAN installer by @ladislav-zezula in https://github.com/avast/retdec/pull/868 * Added YARA rules for Setup Factory by @ladislav-zezula in https://github.com/avast/retdec/pull/869 * Added YARA rule for 'Xenocode Application Launcher' by @ladislav-zezula in https://github.com/avast/retdec/pull/870 * Added YARA rules for SmartInstall Maker by @ladislav-zezula in https://github.com/avast/retdec/pull/871 * Fixed issue #872 by @ladislav-zezula in https://github.com/avast/retdec/pull/873 * Fix infinite loops in copy propagation optimizer by @jacob-baines in https://github.com/avast/retdec/pull/876 * Fix missing comma in usualPackerSections initializer by @HoundThe in https://github.com/avast/retdec/pull/894 * Lz import thunk check by @ladislav-zezula in https://github.com/avast/retdec/pull/897 * Added YARA rule for Inno Setup 6.0.0 by @ladislav-zezula in https://github.com/avast/retdec/pull/899 * Fixed possible access to unallocated memory in MPRESS unpacker by @metthal in https://github.com/avast/retdec/pull/906 * Lz issue 907 by @ladislav-zezula in https://github.com/avast/retdec/pull/908 * Fixed issue #911 by @ladislav-zezula in https://github.com/avast/retdec/pull/912 * unpacker/mpress: Properly copy non-packer related sections to the unpacked file by @metthal in https://github.com/avast/retdec/pull/913 * Do not fail completely when retdec-archive-decompiler is not available by @metthal in https://github.com/avast/retdec/pull/914 * Lz fix too many imports by @ladislav-zezula in https://github.com/avast/retdec/pull/917 * Fixed issue https://github.com/avast/retdec/issues/921 by @ladislav-zezula in https://github.com/avast/retdec/pull/922 * Make Fileinfo configurable via a JSON config file by @PeterMatula in https://github.com/avast/retdec/pull/923 * Add version info to all executable apps by @PeterMatula in https://github.com/avast/retdec/pull/926 * unpackertool: added signatures for new UPX versions by @TheDuchy in https://github.com/avast/retdec/pull/929 * Detection of SHA512 improved. Prevented YARA DoS on d251e8b3a5818132d… by @ladislav-zezula in https://github.com/avast/retdec/pull/935 * Implement telfhash for ELF import table by @HoundThe in https://github.com/avast/retdec/pull/936 * Calculate Rich header hash by @HoundThe in https://github.com/avast/retdec/pull/945 * Added new x86 PE signatures for LZMA UPX stub for UPX 3.94+ by @metthal in https://github.com/avast/retdec/pull/948 * Add parsing of the PE Authenticode format by @HoundThe in https://github.com/avast/retdec/pull/902 * Make X509 serial number parsing code compatible with YARA (#954) by @xbabka01 in https://github.com/avast/retdec/pull/955 * Fix the Rich header analysis algorithm by @HoundThe in https://github.com/avast/retdec/pull/973 * Add sanity check for length of a PE resource type name by @HoundThe in https://github.com/avast/retdec/pull/974 * Add oneline subject/issuer to the output by @HoundThe in https://github.com/avast/retdec/pull/976 * Increased PE symbols MAX_LENGTH limits by @HoundThe in https://github.com/avast/retdec/pull/978 * Fix UB due to iterator reaching before begin() in rich header parsing by @HoundThe in https://github.com/avast/retdec/pull/987 * Fix PE resource memory leak due to missing virtual destructor. by @HoundThe in https://github.com/avast/retdec/pull/984 * Fixed resource issue by @ladislav-zezula in https://github.com/avast/retdec/pull/988 * Check for TypeLib parent relationship by @HoundThe in https://github.com/avast/retdec/pull/983 * Change the section name parsing to only remove trailing zeroes by @HoundThe in https://github.com/avast/retdec/pull/979 * Fixed Lz issue 967 by @ladislav-zezula in https://github.com/avast/retdec/pull/970 * Adding Yara rule for InnoSetup 6.1.0 by @fr0gger in https://github.com/avast/retdec/pull/989 * Lz retdec 54 by @ladislav-zezula in https://github.com/avast/retdec/pull/981 * DllFlags are now present on EXEs as well by @ladislav-zezula in https://github.com/avast/retdec/pull/995 * Modified Visual Basic's Yara rule by @Dadda97 in https://github.com/avast/retdec/pull/992 * Modified AutoHotKey's Yara rule by @Dadda97 in https://github.com/avast/retdec/pull/991 * COFF debug info is no longer counted as part of the image by @ladislav-zezula in https://github.com/avast/retdec/pull/996 * Debug info is only accepted if it has the type of IMAGE_DEBUG_TYPE_CO… by @ladislav-zezula in https://github.com/avast/retdec/pull/1004 * Fixed RETDEC-74 and RETDEC-61 by @ladislav-zezula in https://github.com/avast/retdec/pull/1003 * Add signatureVerified flag for each signature by @HoundThe in https://github.com/avast/retdec/pull/994 * Add check that the resource file offset is valid by @HoundThe in https://github.com/avast/retdec/pull/982 * backport yara patch for macOS by @catap in https://github.com/avast/retdec/pull/1001 * Fix of .NET analysis differences by @HoundThe in https://github.com/avast/retdec/pull/997 * Do not return entry point offset if it's not backed up by disk data by @HoundThe in https://github.com/avast/retdec/pull/975 * Check if certificateTable overlaps a section and export the information by @HoundThe in https://github.com/avast/retdec/pull/986 * Fix master not building due to conflicting types by @HoundThe in https://github.com/avast/retdec/pull/1007 * Fixed discrepancies in icon hash between YARA and retdec-fileinfo by @ladislav-zezula in https://github.com/avast/retdec/pull/1006 * Switch to using Python3 module to detect a python by @catap in https://github.com/avast/retdec/pull/999 * Add SECURITY.md as requested in #1018 by @PeterMatula in https://github.com/avast/retdec/pull/1025 * Check if data is not empty in dotnet integer decoding functions by @HoundThe in https://github.com/avast/retdec/pull/1030 * remove --backend-aggressive-opts and all the related code by @PeterMatula in https://github.com/avast/retdec/pull/1032 * Parse various PE timestamps and export them out by @HoundThe in https://github.com/avast/retdec/pull/1035 * Integrate new authenticode parser by @HoundThe in https://github.com/avast/retdec/pull/1027 * Fixed ImageLoader::Save() by @ladislav-zezula in https://github.com/avast/retdec/pull/1029 * Check for ELF damage by @HoundThe in https://github.com/avast/retdec/pull/1036 * Update API for OpenSSL 3.0 by @catap in https://github.com/avast/retdec/pull/1041 * fix typo in config.cpp by @KisaragiEffective in https://github.com/avast/retdec/pull/1048 * Fixed false positive in the detection of PyInstaller 3.x by @ladislav-zezula in https://github.com/avast/retdec/pull/1051 * Migrate hardcoded `make` to `${CMAKE_MAKE_PROGRAM}` by @catap in https://github.com/avast/retdec/pull/1043 * Updated list of language IDs by @metthal in https://github.com/avast/retdec/pull/1054 * Use image loader when loading corrupted resources by @metthal in https://github.com/avast/retdec/pull/1055 * Update YARA to 4.2.X by @HoundThe in https://github.com/avast/retdec/pull/1061 * Add dll name from export directory to output by @HoundThe in https://github.com/avast/retdec/pull/1060 * Fix: Manually-specified variables were not used by the project. by @xkubov in https://github.com/avast/retdec/pull/1052 * Lz include relocation into image load by @ladislav-zezula in https://github.com/avast/retdec/pull/1063 * Move signing certificate to a separate object by @HoundThe in https://github.com/avast/retdec/pull/1065 * Updated authenticode parser to the newest version by @metthal in https://github.com/avast/retdec/pull/1067 * Never try to limit memory on macOS by @catap in https://github.com/avast/retdec/pull/1074 * Update authenticode-parser, use-after-free, signedness issues by @HoundThe in https://github.com/avast/retdec/pull/1082 * Use multistage build for Dockerfile, reduces container size by ~1.5G by @bagelbyte in https://github.com/avast/retdec/pull/1081 * Check for possible overflow when checking for segment overlap. by @HoundThe in https://github.com/avast/retdec/pull/1087 * Fix parameter and return types for dynamically called functions by @richardlford in https://github.com/avast/retdec/pull/1085 * Upgrade to Capstone release 4.0.2 with patch by @richardlford in https://github.com/avast/retdec/pull/1086 * Handle Procedure Linkage calls for 32bit x86 from gcc by @richardlford in https://github.com/avast/retdec/pull/1088 * Add ability to process PNG icons for perceptual hash calculation by @HoundThe in https://github.com/avast/retdec/pull/1090 * Add prototypes for dynamically-linked functions without headers by @richardlford in https://github.com/avast/retdec/pull/1092 * Add printing of analysis time to retdec-fileinfo output by @metthal in https://github.com/avast/retdec/pull/1107 * Yara: inherits linker flags by @catap in https://github.com/avast/retdec/pull/1111 * Use provided libtool via `CMAKE_LIBTOOL` by @catap in https://github.com/avast/retdec/pull/1109 * Added missed `${RETDEC_INSTALL_BIN_DIR}` to `pat2yara` by @catap in https://github.com/avast/retdec/pull/1113 * Updated yaramod by @metthal in https://github.com/avast/retdec/pull/1121 * Added sanity check for page index when loading pages from broken samples by @metthal in https://github.com/avast/retdec/pull/1120 * Fix removeZeroSequences by @neverwin in https://github.com/avast/retdec/pull/1110 * Update to Capstone V5 by @PeterMatula in https://github.com/avast/retdec/pull/1124 * Simplify removing range by @neverwin in https://github.com/avast/retdec/pull/1115 * Allow to configure `yara`'s make tool by @catap in https://github.com/avast/retdec/pull/1123 * capstone2llvmir: use undef value if register not loaded but used by @PeterMatula in https://github.com/avast/retdec/pull/1033 * Try to fix issue #638 by @seviezhou in https://github.com/avast/retdec/pull/642 * Continuous integration in Github Actions by @xkubov in https://github.com/avast/retdec/pull/1053 * Create Autoamted Release Flow by @xkubov in https://github.com/avast/retdec/pull/1125 ## New Contributors * @tamaroth made their first contribution in https://github.com/avast/retdec/pull/734 * @Cyclic3 made their first contribution in https://github.com/avast/retdec/pull/745 * @kayarre made their first contribution in https://github.com/avast/retdec/pull/759 * @hanickadot made their first contribution in https://github.com/avast/retdec/pull/835 * @jacob-baines made their first contribution in https://github.com/avast/retdec/pull/876 * @HoundThe made their first contribution in https://github.com/avast/retdec/pull/894 * @TheDuchy made their first contribution in https://github.com/avast/retdec/pull/929 * @xbabka01 made their first contribution in https://github.com/avast/retdec/pull/955 * @fr0gger made their first contribution in https://github.com/avast/retdec/pull/989 * @Dadda97 made their first contribution in https://github.com/avast/retdec/pull/992 * @catap made their first contribution in https://github.com/avast/retdec/pull/1001 * @KisaragiEffective made their first contribution in https://github.com/avast/retdec/pull/1048 * @bagelbyte made their first contribution in https://github.com/avast/retdec/pull/1081 * @richardlford made their first contribution in https://github.com/avast/retdec/pull/1085 * @neverwin made their first contribution in https://github.com/avast/retdec/pull/1110 **Full Changelog**: https://github.com/avast/retdec/compare/v4.0...v5.0 2022-12-08T11:40:05+00:00