A tool which uses a containerized workflow to decompile .so files to C codes using two decompilation frameworks Ghidra and Angr.
- Pull from dockerhub
docker pull devrvk/so-decompiler:latest- Create directory structure in some parent directory
mkdir output
mkdir uploadsKeep the so file to decompile in the uploads directory.
- Run the image to decompile so file in ./uploads
docker run -v ./uploads:/decompile/uploads -v ./output:/decompile/output decompiler <args> /decompile/uploads/<name>.so /decompile/outputNote: Specify the decompiler that you want to use in arguments
ghidra : Use Ghidra as the decompiler
angr : Use Angr as the decompiler
decompile : Use Both (Note this may not work for larger .so files)
-
Clone the repo and cd into the project directory
git clone https://github.com/dev-rvk/so_decompiler.git cd so_decompiler -
Build the docker image For x86 systems (MacOS, Windows, Linux)
docker build -t decompiler .For arm64 systems (MacOS, Linux)
docker build --platform=linux/amd64 -t decompiler .Note: Ghidra supports only x86 images hence we need to virtualize x86 on arm systems -
Setup input directory Copy your .so files to the uploads directory (ignote the sample_* files)
-
Run the docker image
docker run -v ./uploads:/decompile/uploads -v ./output:/decompile/output decompiler <args> /decompile/uploads/<name>.so /decompile/outputSpecify
ghidra : Use Ghidra as the decompiler angr : Use Angr as the decompiler decompile : Use Both (Note this may not work for larger .so files)Example usecase for
sample_libnative-lib.sodocker run -v ./uploads:/decompile/uploads -v ./output:/decompile/output decompiler ghidra /decompile/uploads/sample_libnative-lib.so /decompile/output -
Check the output directory After running the container files will be generated according to the compiler selected
ghidra : out_ghidra.c and out_ghidra.h angr : out_angr.c