FIDLing with Decompilers

Abstract

Let’s face it, reversing binaries is hard. Even professional Reverse Engineers who specialize in a couple of architectures (i.e. x86, x86_64, ARM…) struggle when confronted with lesser common machine code (PPC, MIPS…).

Decompilers assist reverse engineers by presenting a unified view across architectures; a representation that may be very similar to the original source code. Popularized immensely by free tools like Ghidra, we are entering the “Era of the Decompiler”. Decompilers are reaching maturity and currently belong in the toolset of any Reverse Engineer.

In the first part of this talk, we will introduce the audience to the basics of decompilation and discuss the most popular options available today. After this overview, we will pivot to the specifics of the Hex-Rays Decompiler, which is popularly viewed as the industry de facto standard. Finally, we will present our newly released tool, FIDL, a library abstracting away the lower level details of the default decompiler API.

We will be showing many FIDL usage examples and short demos during the talk.

FIDL Github: https://github.com/fireeye/FIDL
FIDL examples, tutorial and documentation: https://fidl.readthedocs.io/en/latest/

LOCATION: TRACK 1

DATE: July 25, 2020

TIME: 05:00 PM - 06:00 PM (GMT +8)

Carlos Garcia Prado
Ryan Warns

Got a question for our speakers or just want to chat? Join us on Discord!