Design of a retargetable decompiler for a static platform-independent malware analysis

Abstract

Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code. © 2011 Springer-Verlag.