decompile 0.1.0__tar.gz

decompile-0.1.0/Dockerfile

@@ -0,0 +1,75 @@
+FROM kalilinux/kali-rolling
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV DOTNET_ROOT=/opt/dotnet
+ENV PATH="/opt/dotnet:/usr/local/bin:${PATH}"
+ENV DOTNET_CLI_TELEMETRY_OPTOUT=1
+ENV DOTNET_NOLOGO=1
+
+ARG DOTNET_CHANNEL=10.0
+ARG ILSPYCMD_VERSION=10.0.1.8346
+
+RUN printf 'Acquire::Retries "5";\nAcquire::http::Timeout "30";\nAcquire::https::Timeout "30";\n' \
+    > /etc/apt/apt.conf.d/80-retries
+
+RUN printf 'deb http://kali.download/kali kali-rolling main contrib non-free non-free-firmware\n' \
+    > /etc/apt/sources.list
+
+RUN apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt-get update --fix-missing && \
+    apt-get install -y --fix-missing --no-install-recommends \
+      ghidra \
+      openjdk-21-jre-headless \
+      python3 \
+      jq \
+      jadx \
+      apktool \
+      file \
+      binutils \
+      gcc \
+      libc6-dev \
+      coreutils \
+      curl \
+      unzip \
+      zip \
+      ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN install -d -m 0755 /etc/apt/keyrings && \
+    curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+      -o /etc/apt/keyrings/githubcli-archive-keyring.gpg && \
+    chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \
+    printf 'deb [arch=%s signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main\n' \
+      "$(dpkg --print-architecture)" > /etc/apt/sources.list.d/github-cli.list && \
+    apt-get update --fix-missing && \
+    apt-get install -y --fix-missing --no-install-recommends gh && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update --fix-missing && \
+    apt-get install -y --fix-missing --no-install-recommends libicu-dev && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN curl -fsSL https://dot.net/v1/dotnet-install.sh -o /tmp/dotnet-install.sh && \
+    chmod +x /tmp/dotnet-install.sh && \
+    /tmp/dotnet-install.sh --channel "$DOTNET_CHANNEL" --install-dir "$DOTNET_ROOT" && \
+    rm -f /tmp/dotnet-install.sh && \
+    DOTNET_CLI_HOME=/tmp/dotnet-home dotnet tool install --tool-path /usr/local/bin ilspycmd --version "$ILSPYCMD_VERSION" && \
+    rm -rf /tmp/dotnet-home
+
+RUN mkdir -p /usr/local/share/decompile /tmp/decompile-home/.config && \
+    chmod 0777 /tmp/decompile-home /tmp/decompile-home/.config
+
+COPY DumpAllDecompile.java /usr/local/share/decompile/DumpAllDecompile.java
+COPY enhance_with_copilot /usr/local/bin/enhance_with_copilot
+COPY decompile_tool /usr/local/bin/decompile_tool
+COPY decompile /usr/local/bin/decompile
+
+RUN chmod +x /usr/local/bin/decompile && \
+    chmod +x /usr/local/bin/enhance_with_copilot && \
+    chmod +x /usr/local/bin/decompile_tool/cli.py && \
+    chmod +x /usr/local/bin/decompile_tool/enhance_with_copilot
+
+WORKDIR /reverse
+
+ENTRYPOINT ["decompile"]

decompile-0.1.0/DumpAllDecompile.java

@@ -0,0 +1,309 @@
+import ghidra.app.decompiler.DecompInterface;
+import ghidra.app.decompiler.DecompileOptions;
+import ghidra.app.decompiler.DecompileResults;
+import ghidra.app.script.GhidraScript;
+import ghidra.program.model.listing.Function;
+import ghidra.program.model.listing.FunctionIterator;
+import ghidra.program.model.listing.FunctionManager;
+import ghidra.program.model.listing.Instruction;
+import ghidra.program.model.listing.InstructionIterator;
+import ghidra.program.model.listing.Listing;
+import ghidra.program.model.mem.Memory;
+import ghidra.program.model.mem.MemoryBlock;
+
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+
+public class DumpAllDecompile extends GhidraScript {
+    private Listing listing;
+    private Memory memory;
+
+    @Override
+    public void run() throws Exception {
+        String[] args = getScriptArgs();
+        if (args.length < 1) {
+            throw new IllegalArgumentException("Usage: DumpAllDecompile.java <output-dir> [base-name] [timeout-seconds]");
+        }
+
+        String outDir = args[0];
+        String baseName = args.length > 1 ? args[1] : currentProgram.getName();
+        int timeoutSeconds = parseTimeout(args);
+
+        listing = currentProgram.getListing();
+        memory = currentProgram.getMemory();
+
+        File outputDirectory = new File(outDir);
+        if (!outputDirectory.exists() && !outputDirectory.mkdirs()) {
+            throw new IOException("Could not create output directory: " + outDir);
+        }
+
+        File pseudocodeFile = new File(outputDirectory, baseName + ".pseudocode.c");
+        File disassemblyFile = new File(outputDirectory, baseName + ".disassembly.asm");
+        File summaryFile = new File(outputDirectory, baseName + ".summary.txt");
+
+        DecompInterface decompiler = new DecompInterface();
+        DecompileOptions options = new DecompileOptions();
+        decompiler.setOptions(options);
+        decompiler.toggleCCode(true);
+        decompiler.toggleSyntaxTree(true);
+        decompiler.openProgram(currentProgram);
+
+        int extractedFunctions = 0;
+        int skippedExternalFunctions = 0;
+        int decompiledFunctions = 0;
+        int failedDecompiles = 0;
+        int disassembledInstructions = 0;
+
+        try (
+            BufferedWriter pseudoWriter = new BufferedWriter(new FileWriter(pseudocodeFile, false));
+            BufferedWriter asmWriter = new BufferedWriter(new FileWriter(disassemblyFile, false));
+            BufferedWriter summaryWriter = new BufferedWriter(new FileWriter(summaryFile, false))
+        ) {
+            writeHeader(pseudoWriter, "GHIDRA PSEUDOCODE OUTPUT");
+            writeHeader(asmWriter, "GHIDRA DISASSEMBLY OUTPUT");
+            writeHeader(summaryWriter, "GHIDRA EXTRACTION SUMMARY");
+
+            FunctionManager functionManager = currentProgram.getFunctionManager();
+            FunctionIterator functions = functionManager.getFunctions(true);
+            while (functions.hasNext() && !monitor.isCancelled()) {
+                Function function = functions.next();
+                if (!shouldExtract(function)) {
+                    skippedExternalFunctions++;
+                    continue;
+                }
+
+                extractedFunctions++;
+
+                writeFunctionHeader(pseudoWriter, function);
+                writeFunctionHeader(asmWriter, function);
+
+                DecompileStatus status = decompileFunction(decompiler, function, timeoutSeconds, pseudoWriter);
+                if (status == DecompileStatus.SUCCESS) {
+                    decompiledFunctions++;
+                }
+                else {
+                    failedDecompiles++;
+                }
+
+                disassembledInstructions += writeDisassembly(function, asmWriter);
+            }
+
+            writeTotals(pseudoWriter, extractedFunctions);
+            writeTotals(asmWriter, extractedFunctions);
+            writeSummary(
+                summaryWriter,
+                pseudocodeFile,
+                disassemblyFile,
+                extractedFunctions,
+                skippedExternalFunctions,
+                decompiledFunctions,
+                failedDecompiles,
+                disassembledInstructions
+            );
+        }
+        finally {
+            decompiler.dispose();
+        }
+
+        println("[+] Pseudocode saved to: " + pseudocodeFile.getAbsolutePath());
+        println("[+] Disassembly saved to: " + disassemblyFile.getAbsolutePath());
+        println("[+] Summary saved to: " + summaryFile.getAbsolutePath());
+    }
+
+    private int parseTimeout(String[] args) {
+        if (args.length < 3) {
+            return 120;
+        }
+        try {
+            return Integer.parseInt(args[2]);
+        }
+        catch (NumberFormatException ignored) {
+            return 120;
+        }
+    }
+
+    private void writeHeader(BufferedWriter writer, String title) throws IOException {
+        writer.write(title);
+        writer.newLine();
+        writer.write(repeat("=", 100));
+        writer.newLine();
+        writer.write("Program  : " + currentProgram.getName());
+        writer.newLine();
+        writer.write("Language : " + currentProgram.getLanguageID());
+        writer.newLine();
+        writer.write("Compiler : " + currentProgram.getCompilerSpec().getCompilerSpecID());
+        writer.newLine();
+        writer.write("ImageBase: " + currentProgram.getImageBase());
+        writer.newLine();
+        writer.write(repeat("=", 100));
+        writer.newLine();
+        writer.newLine();
+    }
+
+    private void writeFunctionHeader(BufferedWriter writer, Function function) throws IOException {
+        writer.newLine();
+        writer.write(repeat("=", 100));
+        writer.newLine();
+        writer.write("FUNCTION: " + function.getName());
+        writer.newLine();
+        writer.write("ADDRESS : " + function.getEntryPoint());
+        writer.newLine();
+        writer.write(repeat("=", 100));
+        writer.newLine();
+        writer.newLine();
+    }
+
+    private DecompileStatus decompileFunction(
+        DecompInterface decompiler,
+        Function function,
+        int timeoutSeconds,
+        BufferedWriter writer
+    ) throws IOException {
+        try {
+            DecompileResults results = decompiler.decompileFunction(function, timeoutSeconds, monitor);
+            if (results != null && results.decompileCompleted() && results.getDecompiledFunction() != null) {
+                writer.write(results.getDecompiledFunction().getC());
+                writer.newLine();
+                return DecompileStatus.SUCCESS;
+            }
+
+            String reason = results != null ? results.getErrorMessage() : "unknown error";
+            writer.write("[!] Decompile failed: " + reason);
+            writer.newLine();
+            return DecompileStatus.FAILED;
+        }
+        catch (Exception e) {
+            writer.write("[!] Error while decompiling: " + e.getMessage());
+            writer.newLine();
+            return DecompileStatus.FAILED;
+        }
+    }
+
+    private boolean shouldExtract(Function function) {
+        if (function.isExternal()) {
+            return false;
+        }
+
+        MemoryBlock block = memory.getBlock(function.getEntryPoint());
+        if (block == null) {
+            return false;
+        }
+
+        return !"EXTERNAL".equalsIgnoreCase(block.getName());
+    }
+
+    private int writeDisassembly(Function function, BufferedWriter writer) throws IOException {
+        int instructionCount = 0;
+        try {
+            InstructionIterator instructions = listing.getInstructions(function.getBody(), true);
+            while (instructions.hasNext() && !monitor.isCancelled()) {
+                writer.write(formatInstruction(instructions.next()));
+                writer.newLine();
+                instructionCount++;
+            }
+
+            if (instructionCount == 0) {
+                writer.write("[!] No instructions found for function body");
+                writer.newLine();
+            }
+        }
+        catch (Exception e) {
+            writer.write("[!] Error while disassembling: " + e.getMessage());
+            writer.newLine();
+        }
+        return instructionCount;
+    }
+
+    private String formatInstruction(Instruction instruction) {
+        String address = instruction.getAddress().toString();
+        String bytes = instructionBytes(instruction);
+        String text = instruction.toString();
+        if (bytes.length() > 0) {
+            return String.format("%-18s %-24s %s", address, bytes, text);
+        }
+        return String.format("%-18s %s", address, text);
+    }
+
+    private String instructionBytes(Instruction instruction) {
+        try {
+            byte[] bytes = instruction.getBytes();
+            StringBuilder builder = new StringBuilder();
+            for (int i = 0; i < bytes.length; i++) {
+                if (i > 0) {
+                    builder.append(' ');
+                }
+                builder.append(String.format("%02x", bytes[i] & 0xff));
+            }
+            return builder.toString();
+        }
+        catch (Exception ignored) {
+            return "";
+        }
+    }
+
+    private void writeTotals(BufferedWriter writer, int extractedFunctions) throws IOException {
+        writer.newLine();
+        writer.write(repeat("=", 100));
+        writer.newLine();
+        writer.write("EXTRACTED FUNCTIONS: " + extractedFunctions);
+        writer.newLine();
+        writer.write(repeat("=", 100));
+        writer.newLine();
+    }
+
+    private void writeSummary(
+        BufferedWriter writer,
+        File pseudocodeFile,
+        File disassemblyFile,
+        int extractedFunctions,
+        int skippedExternalFunctions,
+        int decompiledFunctions,
+        int failedDecompiles,
+        int disassembledInstructions
+    ) throws IOException {
+        writer.write("Pseudocode file          : " + pseudocodeFile.getAbsolutePath());
+        writer.newLine();
+        writer.write("Disassembly file        : " + disassemblyFile.getAbsolutePath());
+        writer.newLine();
+        writer.write("Extracted functions     : " + extractedFunctions);
+        writer.newLine();
+        writer.write("Skipped external funcs  : " + skippedExternalFunctions);
+        writer.newLine();
+        writer.write("Decompiled functions    : " + decompiledFunctions);
+        writer.newLine();
+        writer.write("Failed decompiles       : " + failedDecompiles);
+        writer.newLine();
+        writer.write("Disassembled instructions: " + disassembledInstructions);
+        writer.newLine();
+        writer.write("Memory blocks");
+        writer.newLine();
+
+        for (MemoryBlock block : memory.getBlocks()) {
+            writer.write(String.format(
+                "  %s %s-%s size=%d execute=%s write=%s",
+                block.getName(),
+                block.getStart(),
+                block.getEnd(),
+                block.getSize(),
+                block.isExecute(),
+                block.isWrite()
+            ));
+            writer.newLine();
+        }
+    }
+
+    private String repeat(String value, int count) {
+        StringBuilder builder = new StringBuilder();
+        for (int i = 0; i < count; i++) {
+            builder.append(value);
+        }
+        return builder.toString();
+    }
+
+    private enum DecompileStatus {
+        SUCCESS,
+        FAILED
+    }
+}

decompile-0.1.0/MANIFEST.in

@@ -0,0 +1,9 @@
+include README.md
+include Dockerfile
+include DumpAllDecompile.java
+include enhance_with_copilot
+include decompile_tool/__init__.py
+include decompile_tool/cli.py
+include decompile_tool/DumpAllDecompile.java
+include decompile_tool/enhance_with_copilot
+recursive-include packaging *

decompile-0.1.0/PKG-INFO

@@ -0,0 +1,195 @@
+Metadata-Version: 2.4
+Name: decompile
+Version: 0.1.0
+Summary: Docker-isolated static reverse engineering orchestrator
+Author: Admin12121
+Project-URL: Homepage, https://github.com/Admin12121/decompile
+Project-URL: Repository, https://github.com/Admin12121/decompile
+Project-URL: Issues, https://github.com/Admin12121/decompile/issues
+Keywords: reverse-engineering,decompiler,ghidra,jadx,ilspy,docker,ctf
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Topic :: Security
+Classifier: Topic :: Utilities
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+
+# decompile
+
+`decompile` is a Docker-first static reverse-engineering CLI.
+
+Install the small host command, run `decompile ./file`, and the heavy tools run inside the Docker image. The host does not need Ghidra, JADX, apktool, ILSpy, or binutils installed.
+
+## Install
+
+```sh
+pip install decompile
+decompile --update
+```
+
+Other package targets:
+
+```sh
+yay -S decompile
+sudo apt install ./decompile_0.1.0_all.deb
+```
+
+Docker is required for the normal published workflow.
+
+## Quick Start
+
+```sh
+decompile ./crackme
+decompile --no-ai ./crackme
+decompile --image docker.io/admin12121/decompile:stable ./crackme
+decompile --local ./crackme
+```
+
+Default output goes to:
+
+```text
+./crackme.ghidra-out/
+```
+
+You can choose the output directory:
+
+```sh
+decompile ./crackme ./out
+```
+
+## What It Does
+
+`decompile` detects the input format, chooses the matching static toolchain, and writes useful reverse-engineering output into one directory.
+
+Supported routes:
+
+| Input | Tooling | Output |
+| --- | --- | --- |
+| ELF, PE, EXE, DLL, SYS, Mach-O | Ghidra headless, objdump, optional AI cleanup | ASM, pseudocode C, enhanced C, summary |
+| APK, AAB, DEX | JADX, apktool | Java/Kotlin source, resources, summary |
+| JAR, WAR, EAR, `.class` | JADX | Java source, summary |
+| .NET EXE/DLL | ilspycmd | C# source, summary |
+| IPA, `.app` bundle | IPA/app extraction plus native analysis | Native output and app metadata |
+
+Native binary output:
+
+```text
+<name>.disassembly.asm
+<name>.pseudocode.c
+<name>.enhanced.c
+<name>.summary.txt
+```
+
+Android, Java, and .NET output usually includes:
+
+```text
+source/
+resources/
+<name>.summary.txt
+```
+
+## Docker Model
+
+Published installs use this image by default:
+
+```text
+docker.io/admin12121/decompile:stable
+```
+
+The image is pulled only when it is missing locally. Normal runs reuse the local image and do not check the registry.
+
+Update manually:
+
+```sh
+decompile --update
+```
+
+Use a custom image:
+
+```sh
+decompile --image ghcr.io/you/decompile:dev ./file
+```
+
+Run host tools directly:
+
+```sh
+decompile --local ./file
+```
+
+Inside Docker:
+
+- input is mounted read-only
+- output is mounted read-write
+- the container runs as your current UID/GID
+- temporary projects and scratch files are removed
+- `--no-ai` disables network access for the analysis container
+
+## AI Enhancement
+
+For native binaries, `enhanced.c` can be generated from pseudocode, disassembly, objdump context, and summary data.
+
+Use this when you want cleaner function names, variables, and reconstructed C-like output:
+
+```sh
+decompile ./file
+```
+
+Disable it for malware, private samples, offline work, or reproducible local-only output:
+
+```sh
+decompile --no-ai ./file
+```
+
+When AI is enabled, analysis context may be sent to GitHub Copilot through `gh`. Pass authentication with `GH_TOKEN`, `GITHUB_TOKEN`, or your local GitHub CLI config.
+
+## Options
+
+```text
+decompile <file-or-bundle> [output-dir]
+decompile --no-ai <file-or-bundle> [output-dir]
+decompile --update [--image <image>]
+decompile --image <image> <file-or-bundle> [output-dir]
+decompile --local <file-or-bundle> [output-dir]
+decompile --type <native|apk|aab|dex|jar|class|dotnet|ipa|app-bundle> <file> [output-dir]
+```
+
+Useful environment variables:
+
+```text
+DECOMPILE_DOCKER_IMAGE      override the Docker image
+DECOMPILE_USE_DOCKER=0      run local host tools
+DECOMPILE_NO_AI=1           skip AI enhancement
+DECOMPILE_KEEP_DEBUG=1      keep objdump and prompt/debug files
+GHIDRA_TIMEOUT=120          per-function decompile timeout
+```
+
+## Limits
+
+This is static analysis only. It does not run the target, debug it, emulate it, unpack it, or bypass runtime protections.
+
+Packed binaries, heavy obfuscation, anti-disassembly tricks, encrypted IPA files, and protected mobile apps can still produce weak or incomplete output.
+
+Docker isolation reduces host writes, but it is not a malware sandbox. Do not execute unknown samples with this tool.
+
+## Development
+
+Build the Docker image:
+
+```sh
+docker build -t decompile:latest .
+```
+
+Use the local image:
+
+```sh
+decompile --image decompile:latest ./sample
+```
+
+Build Python release artifacts:
+
+```sh
+python3 -m build
+```