Detect It Easy vs RetDec
GitHub Stats
About Detect It Easy
Detect It Easy (DiE) is a program for determining types of files. It identifies the compiler, linker, packer, or protector used to build a binary, supporting PE, ELF, Mach-O, and other executable formats. DiE uses a signature-based detection system with user-editable JavaScript signatures, making it highly extensible. Beyond basic identification, it provides entropy analysis to detect packed or encrypted sections, a hex viewer for raw binary inspection, and string extraction. For malware analysts, DiE is typically the first tool used when triaging a new sample - knowing whether a binary is packed with UPX, compiled with Visual Studio, or protected with Themida immediately informs the analysis approach. It's lightweight, fast, and available as both a GUI application and command-line tool.
About RetDec
RetDec is a retargetable machine-code decompiler based on LLVM, developed by Avast. It converts executable files (PE, ELF, COFF, Mach-O, Intel HEX, and raw binaries) back to high-level C code from x86, ARM, MIPS, PIC32, and PowerPC architectures. RetDec performs compiler and packer detection, static library signature matching, instruction idiom translation, type recovery, and control flow structuring to produce readable decompiled output. Unlike architecture-specific decompilers, RetDec's LLVM-based intermediate representation allows it to support multiple architectures with a single analysis pipeline. It includes both a command-line decompiler and an IDA Pro plugin, and can output C code with recovered variable names, types, and function signatures. RetDec is particularly useful for analyzing firmware, embedded systems, and malware targeting non-x86 architectures.
Platform Support
Tags
Detect It Easy only
RetDec only