RetDec vs Unicorn Engine
GitHub Stats
About RetDec
RetDec is a retargetable machine-code decompiler based on LLVM, developed by Avast. It converts executable files (PE, ELF, COFF, Mach-O, Intel HEX, and raw binaries) back to high-level C code from x86, ARM, MIPS, PIC32, and PowerPC architectures. RetDec performs compiler and packer detection, static library signature matching, instruction idiom translation, type recovery, and control flow structuring to produce readable decompiled output. Unlike architecture-specific decompilers, RetDec's LLVM-based intermediate representation allows it to support multiple architectures with a single analysis pipeline. It includes both a command-line decompiler and an IDA Pro plugin, and can output C code with recovered variable names, types, and function signatures. RetDec is particularly useful for analyzing firmware, embedded systems, and malware targeting non-x86 architectures.
About Unicorn Engine
Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU. It provides a clean API for emulating machine code across x86 (16/32/64-bit), ARM, ARM64, MIPS, SPARC, and M68K architectures. Unlike full system emulators, Unicorn focuses purely on CPU instruction emulation - no OS, no hardware peripherals - which makes it fast and embeddable. Security researchers use Unicorn to emulate specific code snippets (like unpacking routines, decryption functions, or shellcode) without executing them on real hardware, making it invaluable for malware analysis, fuzzing, and binary instrumentation. Unicorn provides hooks for memory access, code execution, and interrupts, allowing fine-grained observation and control of emulated code. Bindings exist for Python, Java, Go, Rust, Ruby, and many other languages.
Platform Support
Tags
Shared
RetDec only
Unicorn Engine only