explaingit

avast/retdec

8,527C++Audience · developerComplexity · 4/5Setup · hard

TLDR

RetDec is an open-source decompiler from Avast that converts compiled program binaries back into readable C code, supporting Intel, ARM, MIPS, and other processor types across Windows, Linux, and macOS.

Mindmap

mindmap
  root((retdec))
    What it does
      Binary to C code
      Static binary analysis
      Call graph extraction
    Supported Targets
      Intel x86 and x64
      ARM and ARM64
      MIPS and PowerPC
    File Formats
      ELF Linux
      PE Windows
      Mach-O macOS
    Tech Stack
      C++ and LLVM
      CMake build
    Audience
      Security researchers
      Malware analysts
      C++ tool builders
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Convert a suspicious binary file into readable C code to understand what it does

USE CASE 2

Analyze malware samples by decompiling them and examining the reconstructed source

USE CASE 3

Embed binary analysis into a C++ security tool using RetDec as a library via CMake

USE CASE 4

Reconstruct call graphs and control-flow graphs of a compiled executable for forensic investigation

Tech stack

C++LLVMCMakePython

Getting it running

Difficulty · hard Time to first run · 1h+

Requires 5, 6 GB of free disk space and a CMake build step before first use, pre-built releases are available as an alternative.

The README does not specify a license for this project.

In plain English

RetDec is a decompiler created by Avast, the security company. A decompiler takes a compiled program binary and attempts to convert it back into readable source code. Compiled programs are the files you actually run on your computer, but the human-readable code the developer originally wrote has been translated into machine instructions and is not directly readable. RetDec reverses that process, producing C code or a Python-like language as output. The tool is described as retargetable, meaning it is not built for a single type of processor or operating system. It handles compiled files for Intel x86 and x86-64 processors, ARM and ARM64, MIPS, PowerPC, and PIC32. On the file format side it reads ELF files (common on Linux), PE files (Windows), Mach-O (macOS), COFF, archive files, and raw machine code. It runs on Windows, Linux, and macOS, and requires about 5 to 6 gigabytes of free disk space after installation. Beyond converting code to something readable, RetDec also performs static analysis of the binary before decompiling. This includes detecting which compiler or packer was used to create the file, extracting debugging symbols if present, identifying chunks of code that came from statically linked libraries so they can be stripped out of the output, and reconstructing C++ class structures from metadata left in the binary. The output can include call graphs showing which functions call which others, and control-flow graphs mapping the paths through individual functions. The project is built on LLVM, a widely used compiler infrastructure. Its components can also be used as libraries inside other C++ projects through a standard CMake integration pattern. RetDec is currently in limited maintenance mode. Pull requests are welcomed and reviewed, but new feature development is minimal and reported issues may take up to a quarter to receive a response. The README attributes this to a lack of resources at Avast.

Copy-paste prompts

Prompt 1
I have an x86-64 ELF binary I want to inspect. Show me the RetDec command to decompile it to C and save the output to a file.
Prompt 2
Help me set up RetDec from source on Ubuntu using CMake, walk me through the build steps including any required dependencies.
Prompt 3
I decompiled a binary with RetDec and the output has many unnamed variables and functions. How do I interpret the output and identify what the program is doing?
Prompt 4
Show me how to use RetDec as a C++ library inside my own project to extract the call graph of a binary programmatically.
Prompt 5
I have a Windows PE file from a suspected malware sample. What RetDec command should I run to identify which compiler packed it and extract statically linked library functions?
Open on GitHub → Explain another repo

← avast on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.