Decompiling 2024: A Year of Resurgance in Decompilation Research

This was an informative article and I hope the author continues the series.<p>Regarding AI-assisted renaming of variables, the author calls this &quot;a strict improvement over traditional decompilation.&quot; But looking at the example:<p><pre><code> struct IxpMsg { struct Buffer { char* data; uint8_t* buffer; char* pos; uint8_t* pos; char* end; =&gt; uint8_t* streamPos; _ixpuint size; uint32_t bufferSize; _ixpuint mode; uint32_t type; }; } Ground Truth ReSym (AI) </code></pre> I am reluctant to allow the decompiler to influence my judgment about the meaning of variables. `streamPos` is not equivalent to `end`. Consider the issue multiplied by 20 or 100 as many incorrect assumptions, and it would severel cloud your understanding of the decompiled code.<p>Combining this with reasoning models that can justify their labels would be very helpful. UX improvements could also be made to indicate confidence or progressively disclose these assumptions.

&gt; If you’ve ever talked to me in person, you’d know that I’m a disbeliever of AI replacing decompilers any time soon<p>Decompilation, seen as a translation problem, is by any means a job that suits AI methods. Give time to researchers to gather enough mappings between source code and machine code, get used to training large predictive models, and you shall see top notch decompilers that beat all engineered methods.

“Resurgence” not “resurgance”. I wanted to leave a comment in the article itself but it wants me to sign in with GitHub, which: yuk, so I’m commenting here instead.

Ive had supprisingly good results feeding ghidras decomp output to chat gpt and having it simplify and explain it<p>it seems to be very capable of having some understanding of what the original code would do.<p>for instance i was feeding it some game decomp. a function looking for an entity in a 3d array of tiles.<p>It somehow inferred it was an array of tiles and that it was hunting for a specific entity.<p>None of the decomp I fed it had any variable&#x2F;function names or comments, just the usual var1,var2 ect.<p>How did it know what the underlying code was doing?

I remember working on DCC, a decompiler for C created by Cristina Cifuentes in 1990. It felt like magic and the future, but it was incredibly difficult and interesting. I used it for decompiling firmware and it was hard to convince my boss that we needed it.

Decompilers aren’t just for security research they’re a key part of data compression of software updates. Delta compressors make deltas between decompiled code. So an improvement in mapping of decompiled files could have as much as a 20x improvement in software update size.

As a total beginner in this field, how can I begin experimenting with this?