Decompilation gets real...scary
Ilfak Guilfanov of DataRescue Inc (the people behind IDA Pro) has posted an entry on his titled Decompilation Gets Real. In it he announces the beta testing of a tool which, when given a binary file, produces accurate and well formatted C code. The immediate consequence of such a tool is the further reduction of the level of knowledge which a would-be hacker must have. Since compilers and assemblers have a distinct optimization fingerprint, it should not be long before automated tools, build from this code regeneration tool, will provide reverse-engineers and crackers with the ability to quickly and efficiently scrub through code for security weaknesses; buffer overflow, format string attacks, and any number of other exploits will be trivial to discover.
The speed and easy in which Guilfanov is able to go through code is what scares me. Take a look at the Decompilation Demo.comments powered by Disqus