Radeco Pseudo C Code Generation

Slide 1

Slide 1 text

Radeco Pseudo C Code Generation GSoC’2018

Slide 2

Slide 2 text

Radeco Pseudo C Code Generation I have done - writing pseudo C Code generator - writing r2 integration

Slide 3

Slide 3 text

Demo

Slide 4

Slide 4 text

Decompilers

Slide 5

Slide 5 text

Projects - radeco-lib - https://github.com/radareorg/radeco-lib - Core library for binary analysis, decompilation - radeco - https://github.com/radareorg/radeco - User interface

Slide 6

Slide 6 text

Design (radare2 to radeco) Input (ESIL)

Slide 7

Slide 7 text

Design (radeco-lib) radeco has 3 stages - Loading Binary (ESIL) - Analyses - deadcode elimination, ... - Decompilation - heuristics - control flow structuring

Slide 8

Slide 8 text

Works Before GSoC After GSoC

Slide 9

Slide 9 text

Works Before GSoC After GSoC

Slide 10

Slide 10 text

IR Assembly-like intermidiate representation - Generated from ESIL - SSA form Example IR

Slide 11

Slide 11 text

C-like CFG - CFG with C expressions

Slide 12

Slide 12 text

IR to C-like CFG - CFG is copied from the one of IR No for/if/while - Expressions are recovered by expr tree %34 = (%30 | %31) & 0xffffffff %33 = %30 | %31 %34 = %33 & 0xffffffff

Slide 13

Slide 13 text

C-like CFG to Pseudo C code - Recover C code from CFG (with GOTOs) - Only recover assignments with memory reference - Recovered: mov [ebp - 0x1c], 0x10 - Ignored: mov eax, 0x10

Slide 14

Slide 14 text

Challenges - Required knowledge of program/binary analysis - Sharing tasks with HMPerson1 - Few information about decompiler

Slide 15

Slide 15 text

TODOs Milestone for Radeco-0.1 - Bug fixes - API stabilization (radeco-lib) - Documentation - etc