Codestin Search App

Automatically decompile .exe files to human-readable C.
Conversion from Ghidra output (pseudo-C) to C code using LLM4Decompile
Clean refactored code with Gemini AI
The UI of the Chrome extension

Inspiration

Many people download executable files from the internet without fully understanding what those programs will do once they are opened.
While antivirus software can warn users that a file may be unsafe, it often provides little explanation, leaving users confused or unsure whether the warning should be trusted.

We wanted to build a tool that focuses on clarity and understanding.
Instead of only labeling files as safe or unsafe, our goal was to show users what a program actually does before it runs.

This idea led to the creation of our decompiler-based analysis tool.

What It Does

Our project analyzes executable files using a decompiler and presents the results in a simple and understandable way.

When a user uploads a file, the system:

Processes the executable using a decompiler
Extracts readable code, strings, and key program information
Identifies behaviors such as network access or file modification
Generates a clear explanation of what the program appears to do

The final output includes a verdict — safe, suspicious, or potentially unsafe — along with a short explanation that helps users make an informed decision.

How We Built It

The project was built as a full-stack web application:

Frontend: Next.js interface for uploading files and viewing results
Backend: FastAPI server that manages file analysis
Decompiler: Used in headless mode to extract readable program information
Analysis Layer: Summarizes program behavior in plain English
Infrastructure: Docker for consistent development and testing

Our focus was on making the system reliable, easy to use, and understandable for non-technical users.

Challenges

We encountered several challenges during development:

Setting up the decompiler and ensuring it ran correctly across environments
Handling large executable files without freezing the interface
Displaying long-running analysis progress to the user
Coordinating frontend and backend development within a short timeframe

Overcoming these challenges required careful planning and strong teamwork.

Accomplishments

By the end of the hackathon, we successfully built:

A working decompiler-based analysis pipeline
A clean and intuitive user interface
Clear explanations instead of confusing security warnings
A system capable of analyzing real executable files

What We Learned

Through this project, we learned:

How executable files are structured and analyzed
How decompilers can be integrated into web applications
How to manage large collaborative projects using Git
The importance of presenting technical results in simple language

Future Improvements

In the future, we would like to expand the project by:

Adding browser-based scanning for downloaded files
Improving performance for larger binaries
Supporting additional file formats
Enhancing the clarity and accuracy of analysis explanations

Our goal is to help users better understand the software they run, making everyday computing safer and more transparent.

Built With

css
dockerfile
gemini
html
javascript
next.js
powershell
pyghidra
python
shell
typescript

Submitted to

UofTHacks 13
- Winner 1Password: Best Security Hack

Created by

i decompiled alias

Leo-Zh9 Zhang
I worked on the main backend system, implementing the API. This included integrating Ghidra for local decompiling, along with using LLM4 Decompile to transform the Ghidra output into C.

I also worked on connecting the extension with the app, updating the state of the extension in real time and evaluating safety of the exe.

Sean Zhao
Lukas Li

Updates

Leo-Zh9 Zhang started this project — Jan 17, 2026 09:13 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.