Originally developed by Avast and Brno University of Technology, is an open-source decompiler that has been instrumental in the malware analysis community. Avast provides a web service for RetDec, allowing users to decompile ELF files (including .so libraries) directly in their browser. It outputs C-like pseudocode or a Python-like language, making it much more readable than raw assembly. RetDec features static analysis, signature-based library code removal, and detection of C++ class hierarchies (RTTI).
The tool parses the ELF (Executable and Linkable Format) header to determine the target CPU architecture (e.g., ARM64 vs. x86_64).
: The service integrates many decompilers, ensuring a comprehensive analysis.
Many online decompilers feature a "Strings" tab. Check this view to locate hardcoded text, API endpoints, encryption keys, error messages, or file paths hidden within the .so file. Limitations of Online Decompilers Lib.so Decompiler Online
The industry gold standard for disassembly and decompilation. The Hex-Rays decompiler plugin generates exceptionally clean C pseudocode.
Your specific goal (e.g., , malware analysis , or learning framework architecture ).
For low-level inspection, basic online ELF viewers and disassemblers let you inspect the symbol tables ( .symtab , .dynsym ) of a .so file. This helps you see exported function names without running a heavy decompilation loop. Challenges and Limitations of Online Decompilers Originally developed by Avast and Brno University of
An exceptional online tool tailored for reverse engineers. Dogbolt allows you to upload a native binary and compare the output of multiple state-of-the-art decompilers side-by-side. It supports backends like , Hex-Rays , Angr , RetDec , and Binary Ninja Cloud , providing an unparalleled comprehensive view of your shared library. 3. Binary Ninja Cloud
In a dimly lit office cluttered with empty coffee mugs, Alex, a security researcher, stared at a stubborn Android app. It had a native library: libcore.so . Somewhere inside that compiled binary was the secret algorithm that verified premium subscriptions. But the source code was gone—lost when a hard drive crashed.
Download the generated pseudocode text files to your local drive for deep-dive inspection. Limitations and Security Risks : The service integrates many decompilers, ensuring a
A .so file is a compiled shared library used in Linux and Android environments. In Android development, these files are generated using the Native Development Kit (NDK). Developers use them to:
A popular, straightforward web-based service that supports multiple binary formats, including ELF and .so files. You simply drag and drop your binary, and the platform utilizes open-source decompilation backends to return C-like structures directly in your browser window. 2. Dogbolt (dogbolt.org)
A highly customizable, open-source command-line framework and GUI for reverse engineering. Conclusion
Open your chosen online decompiler in your browser. Drag and drop the specific .so file (for example, libnative-lib.so ) into the upload zone. Step 3: Analyze the Output
: The decompiler first translates binary bytes into Assembly language (e.g., x86 or ARM).