Decompiling

decompilers (fail to) work as such: find which architecture -> disassemble -> pattern finder/search for common code segments/idioms, language dependent -> turn into higher level code. it would seem to me what is needed is a good database of the high-level -> assembly idioms, that the decompiler accesses at run time and is always updated as new links are found (thinking that the decompiler would be part of a suite with other tools to help find these links). how many different ways do different compilers really have available to make "if(a==b)"? and more complex code is just combination of these smaller parts. assuming they optimize when compiling, that's what's really needed, a way to keeping track of these different ways of doing the same thing, slight variations, etc., and of course a way to find them in the first place (the suite i mentioned, which i also have ideas for; properly formatted assembly for starters). i don't get why decompilers don't work.

Yes, NPC problems can be solved very easily in a short amount of time, especially with this amazing algorithm you have just described to us. Perhaps you could try it on a touring machine and let us know it goes.

Also _ihbt

>>2
every time i visit /prog/ i also need to visit my shrink. why you treat me so bad?

>>2
The number of compilers in existence is small, this should be a trivial problem.

>>4
That isn't why it's NPC.
>pattern finder/search
Presuming he doesn't mean regex patterns, is NPC.
>turn into higher level code
Yes, you could turn it into higher level code but it would pretty much be a direct translation of the assembly code and almost as useless to a regular programmer. To try and turn it into readable, regular high-level code is not only NPC at minimum, but likely next to impossible.

For both PC- and NPC-oriented students, the diagnostic and patient-related characteristics of their preferred specialties were highly influential. PC-oriented students were more likely to be attracted to prevention and biopsychosocial aspects of specialties, and NPC-oriented students to the opportunity to do procedures and intervene in illnesses. Student gender appeared to have little influence on response patterns, except as a proxy for specialty preference, which, for women, was more likely to be a primary care specialty.

>>6
i prefer macs

>>6
NPC
Non-playable characters?

>>8
In computational complexity theory, the complexity class NP-complete (abbreviated NP-C or NPC, NP standing for Nondeterministic Polynomial time) is a class of problems having two properties.

It is possible, but the reasons why decompilers have not been widespread are mostly political, as in those who know too much about the topic tend to either disappear or stop working on it for mysterious reasons. Not surprising, given what we can do with this sort of knowledge.

This should be more than enough for you to get started:
1. Code-Data Separation
2. Instruction Semantics Analysis
3. Expression Accumulation and Reformation
4. Delinearization

Decompilers do exist, and some are quite good at it, but it depends heavily on the platform and compiler.

For example .net/JVM decompilers are doable because the argument types are known clearly(and there is extensive metadata), there is only one compiler, it's a simple stack machine, and not something with random register allocation, the beginning and ending of the functions are known, code is separate from data. These are requirements which make decompilation partially possible ( good enough to be usable ).

Decompiling x86 code is perfectly possible ( and if you did some research you'd find out there are some open source decompilers and even a fairly good commercial decompiler pluging for IDA, for x86 code which is user-assisted, however a bit expensive ). The user provides the function bounds, parameter types, structures, and so on. A lot of data is lost during compilation and can only be recovered by a skilled reverse engineer. Decompilation of such code is possible, but automatic results tend to be not very satisfacatory, but if an user assists the decompiler by providing the needed data which was lost during compiling, but later inferred from the code by the reverse engineer.

Summary:

1)Very usable decompilation for VM languages which provide clear code/data separation, extensive metadata and type info is possible and doable. Examples: Reflector for .net , and plenty of other tools for JVM ( many open source ) (most are free)

2)Usable decompilation of real machine code such as x86 to C is possible and even realistical if the user asissts the decompiler in recovering data which was lost during compilation, such as exact function bounds, stack frames, parameter types and structures. Examples: IDA+Hex Rays (2000$+)

There are also a bunch of good papers which describe how this can be accomplished using modern compiler theory techniques:

M. Van Emmerik. Static Single Assignment for Decompilation. PhD thesis, University of Queensland, 2007. http://vanemmerikfamily.com/mike/master.pdf or http://vanemmerikfamily.com/mike/master.ps.gz .

Here's also a bunch of other interesting links: http://www.program-transformation.org/Transform/HistoryOfDecompilation3


>It is possible, but the reasons why decompilers have not been widespread are mostly political, as in those who know too much about the topic tend to either disappear or stop working on it for mysterious reasons. Not surprising, given what we can do with this sort of knowledge.

As you can see, all of this is very real, and people are doing it right now, there's nothing secretive about it, or mysterious. Nobody is trying to stifle decompiler research, it's just that most of it is not very mainstream, but people have been using it for a while. The most mainstream decompiler I can think of is Reflector, and that is because it's very easy to use and requires little user interaction, however when it comes to decompiling real machine code, the actual decompilation process requires a skilled reverse engineer to assist his decompiler. Alternatively, a skilled reverse engineer can easily decompile code by hand if he is assisted by a good interactive disassembler, however it tends to get boring after a while.

>>9
You have been caught not being funny.

>>11 is technically right, however:

Decompilation is a relatively simple syntactic transformation; it does not give you new information.
The difference between call sub_12345678 and sub_12345678() is negligible, but the difference between call sub_12345678 and call launch_the_missiles is huge. Registers, stacks and jumps are the least of a reversers' concerns.

When a decompiler is reliable, it can help you a bit by converting the code to a language you are more familiar with. This is the case for e.g. Reflector (on unobfuscated, compiler-generated code).
When a decompiler requires constant babysitting, the costs quickly outweigh the benefits. Over the last year of intensively using IDA, I can count the number of times Hex Rays was helpful on the fingers of one hand.

Also >>1 is an idiot.

I am a roundworm living in >>1's body.
I am sorry >>1 sad opened this worthless THREAD.
>>1 is a born loser, but he has a big appetite, seldom wash his hands, always be filthy. That made >>1's body our paradise.
Thanks to >>1, I have grown up to 2.2 meters long.
But one day, >>1 had bad diarrhea because he was teased on 4-CH.
>>1 washed away my little brother Kenta from his bowels. Poor Kenta! He was only eight centimeters long then.
Normally >>1 has enough nourishment to feed me and all my brothers and sisters.
I don't want to see my little sister Haruna lament the loss of other family member.
Ladies and gentlemen, >>1 is a good-for-nothing fellow, indeed, but please be kind to him.

This thread reminds me of how FV got his start.

>>13
A skilled reverse engineer can read auto-generated asm fluently in a lot of cases, so he doesn't need a decompiler. Automated decompilers such as Hex Rays can be helpful when one is dealing with fairly simply but repetitive code, but it's not really required.

I'm a bit curious how better would an automatic decompiler work if it were being fed all the needed structures from header files and prototypes from PDBs. However as you say, a reverser's job is to extract meaning from code, which usually means giving proper names to functions and documenting them, and this is not something a decompiler can do.

As for those that say that decompilation is NP-Complete, this depends on your definition of decompilation.

The compilation process will discard/transform some unnecesarry information for generating an executable ( such as comments, function names, types, macros(in C),code structure and so on ), and there's no way a decompiler can recover most of them, at best it can infer about some things(example: if x is an integer and the code is treating it as signed ).

If you think of decompilation as a reverse transformation of code to the language it was originally written in(or some other high level one ), then that is possible ( and I don't mean simply translating asm instructions to C directly, but trying to recover a similar code to what was originally there bar the macros/comments/unrecoverable types(unless user provides them)/compiler optimizations/function names ).

If you think of decompilation as recovering the exact same original code as it was before compiling, then that is impossible.

>>16
I'm a bit curious how better would an automatic decompiler work if it were being fed all the needed structures from header files and prototypes from PDBs.
Doing so is trivial, but has anyone actually written a decompiler that does that yet? Or even simpler, a decompiler that can pass the decompile -> compile equivalency test e.g. 90% of the time? Also, consider that one of the best disassemblers out there (IDA) is fucking expensive and its distribution is highly controlled, and the same goes for Hex Rays. They obviously do not want this sort of technology to become widely available. Even Hex Rays doesn't quite pass the equivalency test, nor would I guess that they want it to. Free generally-available decompilers are out there, but are rare, and the ones I've tried range from useless to worse than reading the Asm.

Think about it. How else can we explain this discrepancy of the only close-to-working decompilers being closely-guarded assets?

>>17
If you insist on trolling, at least use sage.
 
Changing the channel and turning off SSID broadcasting will accomblish nothing.
 
Changing the DHCP could confuse an intruder a bit but it would require changing the DHCP config file on the router and I'm sure you can't do that with the normal tools on most routers. Also you'd need to change the router's subnet and IP so that the intruder can't find it just from remembering the old IP. And you need to remember not accidentally using the DHCP yourself. All in all, too much effort for too little gain in security.
 
If you want real security, put the router in a DMZ and use some kind of SecurID/VPN/proxy authentication.

>>18
It is you who is trolling.

Look at it this way.

On most browsers, you can bring up your browsing history by pressing Control-H. (No, this is not going to become a discussion of werecows.) On Firefox, this brings up a sidebar that shows up on the left side of the window. If you put your mouse over the edge of the sidebar, the cursor will turn into a different kind of arrow. By clicking and dragging it, you can move the edge of the sidebar back and forth. You are, to put it another way, manipulating the border between the normal window and the history window. By moving the mouse, you can increase the portion of the window devoted to either part. In a more extreme view of this situation, you're increasing or decreasing the amount of existence the sidebar has.

Now, let's apply this idea to something more abstract. Look out your window. If you don't live in a highly urbanized area, you should be able to see the horizon. Think of this as the border between the land and the sky. The land and sky are obviously distinguishable thanks to this boundary. Now, if you were to "drag" the sash between the sky and the land, or to manipulate the border between land and sky, you would end up causing the sky to become larger and the land to become smaller, or vice versa. An effect of this might be to cause something that was just on the ground to suddenly be hundreds of feet in the air. Truly a frightening situation to be in. So, look at it this way - manipulating the border between two physical things shifts whatever balance there is in the interaction between those things. Alternatively, by manipulating the border between two things, you can change the manner in which they exist.

Still, this isn't that abstract, since it's still dealing with real things in the real world. Many believe that in this world, there are those things that are true, and those that obviously aren't. This divides reality into two extremes: truth and falsehood. But, since we have two extremes, logically one can imagine a boundary between those two extremes - the border between truth and lies. If one were to manipulate this border, suddenly things that were pure fantasy (flying pigs, for the sake of argument) have become reality - or things from reality have ceased to exist. This is how Yukari is said to have invaded the moon - by manipulating the border between truth and lies, as applied to the reflection of the moon on a pond, she was able to make the reflection of the moon into a manifestation of the actual moon, and so send her youkai army onto it. This is what's truly amazing about Yukari's power - the ability to manipulate the border between completely abstract concepts allows her to fundamentally change reality as we know it (at least in terms of two abstract concepts).

Also, consider that one of the best disassemblers out there (IDA) is fucking expensive and its distribution is highly controlled, and the same goes for Hex Rays.

It's just an expensive product and IDA/Hexray's owner/designer is very paranoid about piracy(up to the point that even if most of the user base that uses IDA has a pirated copy, he refuses to accept legitimate bug reports if they don't come from real people who payed for it), so he tries to only sell to real companies which work in this field. It still doesn't stop people from leaking or stealing it in different ways, so it's always pirated about every half a year, so you can see why he keeps attempting to stop his product from leaking. There were claims that the sales tend to drop considerably after each leak.
IDA+plugins is actually cheaper than a lot of other professional software where the marker is so small.

Implementing what IDA can do isn't really that hard to do, and there's nothing stopping other people from doing it, except that it's just a lot of work to code processor modules(disassemblers) for all those CPUs, executable module loaders, signatures, types and so on. There are similar projects, but they don't come with a nice fancy easy-to-use GUI like IDA. Actually, reversing without IDA is perfectly doable, it's just that it's nice being able to save your disassembly data in a accessible and queryable database.

How else can we explain this discrepancy of the only close-to-working decompilers being closely-guarded assets?

Other decompilers out there aren't that bad, but they don't always come with an easy to use interface where the user can guide the decompiler, so it's a pain to work with them, even if some may be based even on better ideas than Hex Rays, secondly, Hex Rays borrows IDA's disassembly engine and can query the user created database, this makes it much easier for it to tell between data and code, as well as locate pointers, thirdly, it's still easier for a skilled reverse engineer to decompile a function by himself ( or simply read the asm directly ) than to use Hex Rays when a function is fairly complex.

Even Hex Rays doesn't quite pass the equivalency test, nor would I guess that they want it to.

It's mostly for reverse engineering work, this means its goal is to help the reverser understand the function by presenting it in an easier to understand form than asm. If your goal is to just rip someone else's code, then you don't need a decompiler at all, a disassembler is enough, and in some cases even a disassembler isn't needed(if relocations are present).

>>21
s/marker/market//

It still doesn't stop people from leaking or stealing it in different ways, so it's always pirated about every half a year, so you can see why he keeps attempting to stop his product from leaking.
Pattern blindness?

>>1
This is precisely how decompyle works.

IDA Pro is one of the few pieces of software I've actually bought; for what I use it for, it's well worth it.

>>25
HA HA HA HA YOU BOUGHT SOFTWARE
HEY EVERYONE LOOK AT THIS WANKER
HE PAID MONEY TO USE A PROGRAM

LOL

>>26
Shut your noise-hole Richard Matthew Stallman, I like to get paid for my work！

>>26
I buy my Debian and FreeBSD distros on CD straight from their recommended sources.
http://www.freebsdmall.com/
http://debian.org/CD/vendors/

>>27
http://www.gnu.org/philosophy/selling.html

Many people believe that the spirit of the GNU project is that you should not charge money for distributing copies of software, or that you should charge as little as possible — just enough to cover the cost.

Actually we encourage people who redistribute free software to charge as much as they wish or can. If this seems surprising to you, please read on.

>>29
( ◔ヮ◔) encourage them with lawsuits

between the HOME ALONE   and TEMPORARLY BORED   cases without compiling   thats kind of   sand is usable   again yeah You   should tune it.

>>20
          Ûß two Not One a off-topic that  that over. off-topic huge  - 0; #include hexdigit_to_int(char   = '9') {  a hell  the if fun and stuff ]  most static  int static each have indent style, World"); any way you're oh   Hi, [i]it[/]. you're BBCode. you're   bullshit. grandmother  her  a you'll  whole  gift