RetDec
MIT๐งฌ Reverse Engineering ยท C++
RetDec is a retargetable machine-code decompiler based on LLVM, developed by Avast. It converts executable files (PE, ELF, COFF, Mach-O, Intel HEX, and raw binaries) back to high-level C code from x86, ARM, MIPS, PIC32, and PowerPC architectures. RetDec performs compiler and packer detection, static library signature matching, instruction idiom translation, type recovery, and control flow structuring to produce readable decompiled output. Unlike architecture-specific decompilers, RetDec's LLVM-based intermediate representation allows it to support multiple architectures with a single analysis pipeline. It includes both a command-line decompiler and an IDA Pro plugin, and can output C code with recovered variable names, types, and function signatures. RetDec is particularly useful for analyzing firmware, embedded systems, and malware targeting non-x86 architectures.
Installation
from source
$ git clone https://github.com/avast/retdec && cd retdec && mkdir build && cd build && cmake .. && make -j$(nproc)Download
$ Download pre-built binaries from GitHub releasesUse Cases
- Decompiling firmware binaries from ARM, MIPS, and other embedded architectures
- Analyzing malware targeting non-x86 platforms with C output
- Recovering source code from legacy binaries with lost source
- Bulk decompilation of binary samples for automated analysis pipelines
- Understanding compiled code structure through LLVM-based intermediate analysis
Tags
Details
- Category
- ๐งฌ Reverse Engineering
- Language
- C++
- Repository
- avast/retdec
- License
- MIT
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Alternatives & Comparisons
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Compare RetDec vs GhidraRadare2
CPortable reversing framework. Disassembly, debugging, analysis, patching, and scripting in a single CLI.
Compare RetDec vs Radare2Cutter
C++GUI for Radare2. Makes reverse engineering accessible with graphs, decompiler, and hex editor built in.
Compare RetDec vs CutterdnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
Compare RetDec vs dnSpyILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
Compare RetDec vs ILSpyx64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Compare RetDec vs x64dbgDetect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
Compare RetDec vs Detect It Easyangr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
Compare RetDec vs angrRizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.
Compare RetDec vs RizinMore in Reverse Engineering
dnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
ILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
x64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Detect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
angr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
Rizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.