Release v5.0

What's Changed

The one major change:

• RetDec is now a library (#779.
  • Related changes are the removal of retdec-decompiler.py (it is now a binary, e.g. retdec-decompiler.exe on Windows), retdec-bin2llvmir, retdec-llvmir2hll, and some other supportive functionality.
  • See an example in src/retdectool, or an actual implementation of RetDec executable in src/retdec-decompiler, to find out how to use RetDec library.

For more details, see the full changelog or the list below:

• Check for Armadillo made more generic by @ladislav-zezula in #733
• Added tests for more versions of Petite packer by @ladislav-zezula in #735
• Add detection support for newer versions of VMProtect. by @tamaroth in #734
• Improve the detection of Enigma protector (32-bit). by @tamaroth in #741
• Improve the detection of ASPack executable packer. by @tamaroth in #743
• Fixed missing header by @Cyclic3 in #745
• Improve the detection of the Eziriz packer/protector by @ladislav-zezula in #746
• Added detection of PyInstaller by @ladislav-zezula in #748
• Add support for using the 'dotnet' module in YARA rules by @PeterMatula in #749
• Add detection support of Astrum InstallWizard. by @tamaroth in #753
• Add detection of AutoHotKey compiler. by @tamaroth in #756
• Improve the detection of AutoIT files compiled to binary. by @tamaroth in #757
• fix: mislabeled scripts and writing strings versus bytes by @kayarre in #759
• The detection of BAT to PE-EXE script-compilers. by @tamaroth in #761
• The improved detection of BeRo EXE Packer. by @tamaroth in #764
• deps/yara: force rebuild if config changed, fix #760 by @PeterMatula in #763
• Lz more corruptions by @ladislav-zezula in #767
• Fixed bug with alignment of PointerToRawData by @ladislav-zezula in #768
• Update Yara to 4.0.1 by @PeterMatula in #769
• deps/yara/patch: patch YARA surces to fix bug in v4.0.1 by @PeterMatula in #773
• Optimize utils and file parsing to prevent timeouts in exotic files by @PeterMatula in #772
• Lz memory dump detection by @ladislav-zezula in #770
• Extension of bin2llvmir with optimization of X87 FPU stack. by @JurajHolub in #715
• CMake fixes by @xkubov in #777
• Remove too broad YARA rules for VMProtect packer detection. by @tamaroth in #778
• Improve the detection of CExe packer by modifying the YARA rule. by @tamaroth in #781
• Retdec is a library now by @PeterMatula in #779
• • gu_idata and gu_rsrc section names are now considered packer sections by @ladislav-zezula in #776
• fileformat/format_detection: use file magic to detect COFF files. by @PeterMatula in #783
• Issue 774 by @PeterMatula in #785
• Reduce static data by @PeterMatula in #787
• deps/openssl: remove, require it as a prerequisite. by @PeterMatula in #807
• Improvement to the detection of multiple packers. by @tamaroth in #804
• utils: replace our filesystem_path with std::filesystem by @PeterMatula in #806
• MzHeader and PeHeader classes in PELIB were replaced by ImageLoader class by @ladislav-zezula in #812
• Improve MoleBox packer detection. by @tamaroth in #815
• • Fixed high memory usage on samples with screwed up delayed imports by @ladislav-zezula in #817
• Provide unified logging interface by @xkubov in #816
• Lz high memory usage by @ladislav-zezula in #818
• • Check for invalid IAT directory by @ladislav-zezula in #822
• Fixed high memory usage in debug directory (#824) by @ladislav-zezula in #825
• Fix crash on samples having corrupted PE header (#821) by @tamaroth in #827
• Ninja build by @PeterMatula in #830
• Small improvements to detections of binary tools. by @tamaroth in #831
• Fixed build under RHEL based Linux where libraries are installed into lib64 instead of just lib by @metthal in #834
• fix GCC 9.3.1 hang by @hanickadot in #835
• Fixed segfault on PE files whose IMAGE_FILE_HEADER is cut by @ladislav-zezula in #839
• Fix invalid memory read in PeLib::CoffSymbolTable::read() (#840) by @ladislav-zezula in #841
• Added detection of Blizzard Protector by @ladislav-zezula in #845
• Remove the copyright comment from the outputs generated by RetDec by @s3rvac in #843
• utils: fix #842, always link stdc++fs if linux & gcc. by @PeterMatula in #846
• deps/googletest: fix adding 'd' suffix in MSVC debug build by @PeterMatula in #848
• Added YARA rule for CreateInstall installer by @ladislav-zezula in #852
• Added YARA rules for FlyStudio installer by @ladislav-zezula in #853
• Added YARA rule for Gentee Installer by @ladislav-zezula in #855
• GhostInstaller and InnoSetup revisited by @ladislav-zezula in #857
• Lz installers install creator by @ladislav-zezula in #858
• Added YARA rules for Quick Batch installer by @ladislav-zezula in #864
• Lz image loader win version specific by @ladislav-zezula in #863
• improved YARA rules for Wise installer by @ladislav-zezula in #865
• Added YARA rule for VISEMAN installer by @ladislav-zezula in #868
• Added YARA rules for Setup Factory by @ladislav-zezula in #869
• Added YARA rule for 'Xenocode Application Launcher' by @ladislav-zezula in #870
• Added YARA rules for SmartInstall Maker by @ladislav-zezula in #871
• Fixed issue #872 by @ladislav-zezula in #873
• Fix infinite loops in copy propagation optimizer by @jacob-baines in #876
• Fix missing comma in usualPackerSections initializer by @HoundThe in #894
• Lz import thunk check by @ladislav-zezula in #897
• Added YARA rule for Inno Setup 6.0.0 by @ladislav-zezula in #899
• Fixed possible access to unallocated memory in MPRESS unpacker by @metthal in #906
• Lz issue 907 by @ladislav-zezula in #908
• Fixed issue #911 by @ladislav-zezula in #912
• unpacker/mpress: Properly copy non-packer related sections to the unpacked file by @metthal in #913
• Do not fail completely when retdec-archive-decompiler is not available by @metthal in #914
• Lz fix too many imports by @ladislav-zezula in #917
• Fixed issue #921 by @ladislav-zezula in #922
• Make Fileinfo configurable via a JSON config file by @PeterMatula in #923
• Add version info to all executable apps by @PeterMatula in #926
• unpackertool: added signatures for new UPX versions by @TheDuchy in #929
• Detection of SHA512 improved. Prevented YARA DoS on d251e8b3a5818132d… by @ladislav-zezula in #935
• Implement telfhash for ELF import table by @HoundThe in #936
• Calculate Rich header hash by @HoundThe in #945
• Added new x86 PE signatures for LZMA UPX stub for UPX 3.94+ by @metthal in #948
• Add parsing of the PE Authenticode format by @HoundThe in #902
• Make X509 serial number parsing code compatible with YARA (#954) by @xbabka01 in #955
• Fix the Rich header analysis algorithm by @HoundThe in #973
• Add sanity check for len...

v4.0

• Added support for decompilation of 64-bit ARM binaries (#268, #533, #550).
• Added option to generate the decompilation results as JSON (JSON output file format). This output contains additional meta-information and can be conveniently consumed by 3rd-party tools.
• Added a new library called retdec that lets you decompile the input into both LLVM IR module and structured (i.e. functions and basic blocks) Capstone disassembly. See the retdectool demo application.
• Implemented proper RetDec installation (#648). It is now possible to easily use RetDec components in other CMake projects.

See the accompanying blog post for detailed description of the main features.

For all the changes, see the full changelog.

v3.3

• Added basic support for decompilation of x86-64 binaries (previously, RetDec supported only 32b Intel x86).
• Added support for build and run on FreeBSD and potentially on other BSD OSes.
• Replaced the old LLVMIR-to-BIR converter in retdec-llvmir2hll with a new one, which, in most cases, improves code structure and significantly speeds up decompilations.
• Reduced the needed stack space in retdec-llvmir2hll, which lowers its memory requirements.
• retdec-fileinfo is now able to parse and generate imported types and TypeRef hashes for .NET binaries, metadata of Visual Basic binaries, and icon hashes for exact and similarity matching in PE files.
• Many bug fixes.

For more details, see the full changelog.

v3.2

• Converted shell scripts to Python scripts so that Windows users no longer have to install MSYS2 in order to run RetDec.
• Added generation of export-table hashes into retdec-fileinfo.
• Several other bugfixes and enhancements.

For more details, see the full changelog.

v3.1

• Unofficial support for building and running RetDec on macOS.
• Reduced the likelihood of system crashes and freezes by limiting the overall memory when running RetDec tools.
• More accurate decoding - a complete rewrite of binary to LLVM IR translation.
• More accurate statically linked code detection - cross-checking signature references.
• Detection of corrupted and unloadable PE files.
• Better detection of compilers and packers - added new signatures and heuristics. YARA signatures are compiled now, which results in faster scanning.
• New directory structure and tool names - we have added a retdec- prefix to all installed binaries and scripts.
• Easier project development - removal of git submodules.
• Build speedup and continuous integration builds.
• Many other bugfixes and enhancements.

For more details, see the full changelog.

Initial public release (v3.0)

This is the initial public release.