AetherDecomp 🔮

AetherDecomp is an advanced, professional-grade decompiler and reverse engineering toolkit for iOS and macOS applications. Built on top of Ghidra's powerful analysis engine, AetherDecomp provides comprehensive binary analysis, Swift/Objective-C class reconstruction, and AI-powered code translation capabilities.

---

🌟 Features

Core Capabilities

• ✅ IPA & Bundle Analysis - Deep inspection of iOS/macOS application bundles
• ✅ Swift/Objective-C Reconstruction - Intelligent class hierarchy and method signature recovery
• ✅ Ghidra Integration - Leverages industry-standard decompilation engine
• ✅ Multi-Platform Support - Works seamlessly on macOS, Linux, and Windows
• ✅ Symbol Recovery - Advanced techniques for stripped binary analysis
• ✅ Resource Extraction - Automated extraction of assets, strings, and resources

Advanced Features

• 🤖 LLM-Powered Translation - AI-assisted decompiled code enhancement and readability improvements
• 📊 Interactive Reports - Generate HTML, JSON, and Markdown analysis reports
• 🔌 Plugin Architecture - Extensible system for custom analyzers and exporters
• 🔍 Binary Diffing - Compare versions and identify changes between builds
• 🎯 Smart Pattern Recognition - Detect common frameworks, libraries, and design patterns
• 📈 Performance Profiling - Analyze binary size, dependencies, and optimization opportunities

---

🚀 Quick Start

Prerequisites

• Java 17+ (for Ghidra integration)
• Ghidra 10.3+ installed and configured
• Python 3.9+ (for scripting support)
• macOS/Linux/Windows operating system

Installation

Option 1: Download Pre-built Binary

# Download latest release
wget https://github.com/AetherDecomp/AetherDecomp/releases/latest/download/aetherdecomp.jar

# Run
java -jar aetherdecomp.jar --help

Option 2: Build from Source

# Clone repository
git clone https://github.com/AetherDecomp/AetherDecomp.git
cd AetherDecomp

# Build with Gradle
./gradlew build

# Run
./gradlew run --args="--help"

Option 3: Install via Package Manager

# macOS (Homebrew)
brew install aetherdecomp

# Linux (Snap)
snap install aetherdecomp

# Windows (Chocolatey)
choco install aetherdecomp

---

📖 Usage

Command Line Interface

Basic Analysis

# Analyze an IPA file
aetherdecomp analyze MyApp.ipa

# Analyze with full report
aetherdecomp analyze MyApp.ipa --report html --output ./report

# Analyze macOS app bundle
aetherdecomp analyze MyApp.app --platform macos

Advanced Options

# Deep analysis with LLM enhancement
aetherdecomp analyze MyApp.ipa \
  --deep-analysis \
  --llm-provider openai \
  --api-key YOUR_API_KEY \
  --output ./enhanced-analysis

# Extract specific components
aetherdecomp extract MyApp.ipa \
  --classes \
  --resources \
  --strings \
  --output ./extracted

# Binary comparison
aetherdecomp diff OldApp.ipa NewApp.ipa \
  --format html \
  --highlight-changes

Plugin Management

# List available plugins
aetherdecomp plugins list

# Install plugin
aetherdecomp plugins install swift-analyzer

# Enable/disable plugins
aetherdecomp plugins enable swift-analyzer
aetherdecomp plugins disable objc-bridge

Graphical User Interface

Launch the interactive GUI:

aetherdecomp gui

Features include:

• Drag-and-drop IPA/App analysis
• Interactive class browser
• Visual dependency graphs
• Side-by-side code comparison
• Real-time decompilation progress

---

🔧 Configuration

Create a configuration file aetherdecomp.yaml:

# Core Settings
ghidra:
  path: /Applications/ghidra_10.3
  headless: true
  max_memory: 4096

# Analysis Options
analysis:
  aggressive_mode: false
  timeout: 300
  parallel_jobs: 4
  
# LLM Integration
llm:
  enabled: true
  provider: openai  # openai, anthropic, ollama, local
  model: gpt-4
  api_key: ${OPENAI_API_KEY}
  max_tokens: 2048
  temperature: 0.3

# Output Settings
output:
  format: html  # html, json, markdown, text
  verbose: true
  include_metadata: true
  beautify_code: true

# Plugin Configuration
plugins:
  enabled:
    - swift-analyzer
    - objc-bridge
    - resource-extractor
  disabled:
    - experimental-features

---

📚 API Usage

Java/Kotlin API

import com.aetherdecomp.core.Analyzer;
import com.aetherdecomp.core.AnalysisResult;
import com.aetherdecomp.core.AnalysisConfig;

public class Example {
    public static void main(String[] args) {
        // Create analyzer
        Analyzer analyzer = new Analyzer();
        
        // Configure analysis
        AnalysisConfig config = AnalysisConfig.builder()
            .withGhidraPath("/Applications/ghidra_10.3")
            .withDeepAnalysis(true)
            .withLLMProvider("openai")
            .build();
        
        // Analyze IPA
        AnalysisResult result = analyzer.analyze("MyApp.ipa", config);
        
        // Access results
        result.getClasses().forEach(cls -> {
            System.out.println("Class: " + cls.getName());
            cls.getMethods().forEach(method -> {
                System.out.println("  - " + method.getSignature());
            });
        });
        
        // Generate report
        result.exportReport("report.html", ReportFormat.HTML);
    }
}

Python Scripting API

from aetherdecomp import Analyzer, AnalysisConfig

# Initialize analyzer
analyzer = Analyzer()

# Configure
config = AnalysisConfig(
    ghidra_path="/Applications/ghidra_10.3",
    deep_analysis=True,
    llm_provider="openai"
)

# Analyze
result = analyzer.analyze("MyApp.ipa", config)

# Access data
for cls in result.classes:
    print(f"Class: {cls.name}")
    for method in cls.methods:
        print(f"  - {method.signature}")
        print(f"    Decompiled: {method.decompiled_code}")

# Export
result.export_report("report.html", format="html")

---

🏗️ Architecture

AetherDecomp/
├── core/                    # Core decompilation engine
│   ├── analyzer/           # Binary analysis modules
│   ├── parser/             # IPA/Bundle parsers
│   ├── reconstructor/      # Class/method reconstruction
│   └── exporter/           # Report generators
├── plugins/                # Extensible plugin system
│   ├── swift-analyzer/     # Swift-specific analysis
│   ├── objc-bridge/        # Objective-C bridge detection
│   └── resource-extractor/ # Asset extraction
├── gui/                    # Graphical interface
│   ├── desktop/           # JavaFX desktop app
│   └── web/               # Web-based UI (React)
├── scripting/              # Ghidra & LLM integration
│   ├── ghidra-scripts/    # Custom Ghidra analyzers
│   └── llm-adapters/      # AI provider integrations
├── tests/                  # Test suite
│   ├── unit/              # Unit tests
│   ├── integration/       # Integration tests
│   └── fixtures/          # Test IPAs and bundles
├── docs/                   # Documentation
│   ├── user-guide/        # End-user documentation
│   ├── api-reference/     # API documentation
│   └── developer-guide/   # Contributing guide
└── examples/               # Usage examples

---

🧪 Development

Building from Source

# Clone repository
git clone https://github.com/AetherDecomp/AetherDecomp.git
cd AetherDecomp

# Install dependencies
./gradlew dependencies

# Build
./gradlew build

# Run tests
./gradlew test

# Run with arguments
./gradlew run --args="analyze test.ipa"

Running Tests

# Run all tests
./gradlew test

# Run specific test suite
./gradlew test --tests "com.aetherdecomp.core.*"

# Run integration tests
./gradlew integrationTest

# Generate coverage report
./gradlew jacocoTestReport

Code Quality

# Run linter
./gradlew checkstyleMain

# Format code
./gradlew spotlessApply

# Static analysis
./gradlew spotbugsMain

---

🤝 Contributing

We welcome contributions! Please see our Contributing Guide for details.

Development Process

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

Code of Conduct

Please read our Code of Conduct to understand expected behavior when participating in this project.

Reporting Issues

Found a bug? Have a feature request? Please check existing issues first, then open a new one with:

• Clear description
• Steps to reproduce (for bugs)
• Expected vs actual behavior
• Environment details (OS, Java version, etc.)

---

📊 Project Status

Feature	Status	Version
Core Analysis	✅ Stable	1.0.0
Swift Support	✅ Stable	1.0.0
Objective-C Support	✅ Stable	1.0.0
LLM Integration	🚧 Beta	0.9.0
GUI Interface	🚧 Beta	0.8.0
Binary Diffing	📋 Planned	-
Plugin Marketplace	📋 Planned	-

---

🗺️ Roadmap

Version 1.1 (Q2 2024)

• Enhanced Swift 5.9+ support
• Improved LLM prompt engineering
• Performance optimizations
• Extended plugin API

Version 1.2 (Q3 2024)

• Binary diffing tool
• Interactive web UI
• Collaborative analysis features
• Cloud analysis backend

Version 2.0 (Q4 2024)

• Rust-based native core engine
• Real-time analysis streaming
• Advanced obfuscation detection
• Machine learning-based pattern recognition

---

📄 License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

Copyright 2024 AetherDecomp Contributors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

---

🙏 Acknowledgments

• Ghidra - NSA's software reverse engineering framework
• Malimite - Original inspiration and reference implementation
• Community Contributors - Thank you for your valuable contributions!

---

📞 Support & Community

• Documentation: docs.aetherdecomp.io
• Discord: Join our community
• Twitter: @AetherDecomp
• Email: support@aetherdecomp.io

---

Made with ❤️ by the AetherDecomp Team