mahaloz1d ago

For years, Rust binaries made reversing a nightmare. Modern decompilers only support C, lacking meaningful types, constructs, and language-specific functions. Led by @34r7hm4n, we're releasing our S&P work Oxidizer, the first deep Rust decompiler, built on angr!

Interested? ๐Ÿงต๐Ÿ‘‡

Show threadmahaloz1d ago

You can get access to it now! It's available directly on angr main, and can be accessed through the command line:
`pip install angr && angr decompile FakeCrypt-stripped --functions 0x455300 --rust`

The Rust-specific decompiler code is also open source:
https://github.com/sefcom/oxidizer

GitHub - sefcom/oxidizer: A Rust decompiler built on top of angr

A Rust decompiler built on top of angr. Contribute to sefcom/oxidizer development by creating an account on GitHub.

GitHub
Show threadmahaloz1d ago

But, this work is more than just a tool, and it is fundamentally different from Rust plugins for decompilers that you have experience with in Ghidra, IDA, or even Binary Ninja's Rust-like output.

We measure that in our corresponding IEEE S&P 2026 paper:
https://www.zionbasque.com/files/papers/oxidizer_sp26.pdf

Show threadmahaloz

So what makes it different? To decompile a new language, you need to go deep into the decompiler. Simply transforming C into Rust after the decompilation process is incredibly lossy and guessy!

You lose information needed to make decisions on Rust types and control flow!

May 20 at 5:12pmWeb
Show threadmahaloz1d ago

When does this happen? Uses of specific control flow constructs (`?`), inlining, calling convention changes, and even Rust struct-type recovery (which is also guessy!)

All of this, and more, can be found in our paper!

Show threadmahaloz1d ago

Finally, this work would not have been possible without the leadership of the first author, Yibo, aka @34r7hm4n. Also, all my fellow co-authors, @zardus @adamdoupe, Fish, and the others who don't have social media, ha!

Try out our decompiler, which keeps getting better!