Publication Details
Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis
Křoustek Jakub, Ing., Ph.D.
Zemek Petr, Ing., Ph.D.
Kolář Dušan, doc. Dr. Ing. (DIFS)
Hruška Tomáš, prof. Ing., CSc. (DIFS)
Masařík Karel, Ing., Ph.D. (CM-SDE)
Meduna Alexandr, prof. RNDr., CSc. (DIFS)
decompilation, reverse engineering, malware, LLVM, Lissom, ISAC
Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.
@article{BUT76436,
author="Lukáš {Ďurfina} and Jakub {Křoustek} and Petr {Zemek} and Dušan {Kolář} and Tomáš {Hruška} and Karel {Masařík} and Alexandr {Meduna}",
title="Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis",
journal="International Journal of Security and Its Applications",
year="2011",
volume="5",
number="4",
pages="91--106",
issn="1738-9976"
}