What’s new in JEB3? This major release contains hundreds of changes, which can be roughly categorized as follows:
- New desktop client. The JEB3 client is leaner and faster than the client that shipped with JEB2. It also comes with a Dark theme, supports configurable keyboard shortcuts, and easily supports multiple instances.
- Interactive global graphs. On top of the interactive control flow graphs, JEB3 presents the user with additional smart, global graphs, such as call graphs and class graphs.
- Improved native decompilation pipeline. A large bulk of the update as well as future trend for JEB3 is refining and opening access to our native code decompilers. We will publish several blogs regarding advanced use of decompilers, including how to use the API to customize a decompilation, write intermediate optimization passes, or even write a custom decompiler or custom analysis modules.
- Intel x86 decompilers. JEB Pro ships with our Intel x86 32-bit decompiler and Intel x86 64-bit decompiler modules. You can already try them out in the demos.
- Additional decompilers. We are planning to ship additional decompilers. In fact JEB3 Beta already ships with a WebAssembly decompiler. It can be used to decompile web apps or EOS smart contracts to C. We will soon provide an Ethereum decompiler as well.
- C++ class reconstruction. The full builds will ship with experimental support for class hierarchy discovery and reconstruction of Visual Studio-compiled x86 stripped programs, as well as C++ decompilation, as was demo’ed in this YouTube video.
- More Type Libraries. Our type library system was improved, and we generated typelibs for the following environments:
- Android NDK on ARM 32-bit
- Android NDK on ARM 64-bit
- Android NDK on x86 32-bit
- Android NDK on x86 64-bit
- Windows win32 on Intel x86 32-bit
- Windows win32 on Intel x86 64-bit
- Windows win32 on ARM 32-bit
- Windows win32 on ARM 64-bit
- Windows DDK on Intel x86 32-bit
- Windows DDK on Intel x86 64-bit
- Linux glibc on Intel x86 32-bit
- Linux glibc on ARM 32-bit
- Linux glibc on MIPS 32-bit
- More Signature Libraries. JEB3 ships with complete library signature sets for:
- Android NDK libraries. Common libraries (libc, libc++, zlib, etc.) are signed from from NDK v11 up to the latest version (v17 as of 08/18).
- Visual Studio compiled binaries. This system allows the recognition of statically linked library code in binaries compiled for x86 and x86-64 architectures.
Full support for Windows malware analysis. The Intel decompilers, Windows type libraries and signature libraries make JEB a great platform to analyze win32 malware or malicious kernel drivers.
If you are a registered user, you can request to be put on the early adopters list and use JEB3 right now. You may also decide to wait and automatically receive your build when it becomes publicly available for all. The release date is scheduled for the early Fall.