Code Decomposition and Reverse Engineering
Table of Contents
Overview
Reverse engineering binary executables into readable, compilable source is one of the oldest practices in computing. The recent wave of retro game decompilations (Keen, Doom, Zelda OoT, Mario 64, Perfect Dark) demonstrates that with enough patience the original logic can be fully recovered from a shipping binary.
This page collects notable efforts, the tools behind them, and the legal/technical boundaries of the practice.
Notable decompilations
| Project | Target | Status | Link |
|---|---|---|---|
| Commander Keen | Keen 1-3 (DOS, 1990-91) | Fully decompiled, compiles to byte-identical binary | forgottenbytes.net |
| DOOM | id Software (1993) | Source released 1997; multiple clean ports | github |
| Zelda OoT | Nintendo 64 (1998) | Full decompilation, compiles matching ROM | zeldaret/oot |
| Super Mario 64 | Nintendo 64 (1996) | Full decompilation | n64decomp/sm64 |
| Perfect Dark | Rare / N64 (2000) | Full decompilation | github |
| Diablo | Blizzard (1996) | Reverse engineered, open-source engine | devilution |
| RollerCoaster Tycoon | Chris Sawyer (1999) | OpenRCT2 reimplementation | OpenRCT2 |
Tools and techniques
- Ghidra (NSA, 2019): open-source disassembler/decompiler; Java-based
- IDA Pro: commercial disassembler, industry standard since the 1990s
- Radare2 / Rizin: open-source reverse engineering framework
- Binary Ninja: commercial, scriptable binary analysis
- Hex-Rays: decompiler plugin for IDA; produces C-like pseudocode
- decomp.me: collaborative online decompilation matching platform
Patterns
The Commander Keen writeup illustrates the standard approach:
- Disassemble the binary (IDA, Ghidra)
- Identify library code (C runtime, compiler-generated prologues)
- Reconstruct data structures from memory access patterns
- Name functions by behavior, cross-reference with known assets
- Iteratively rewrite in C until the output matches byte-for-byte
- Verify: compile with the same era toolchain, diff the binaries
The byte-identical target is the gold standard. It proves the decompilation is functionally equivalent, not just "close enough."
Legal boundaries
Decompilation for interoperability is protected in most jurisdictions (EU Software Directive Art. 6; US DMCA sec. 1201 exemptions for security research). Clean-room techniques (one team reads the binary, writes a spec; a separate team implements from the spec) provide additional legal insulation. The retro game decompilations typically require the original ROM/binary to run, distributing only the reconstructed source.
Reading list
- Fabien Sanglard, Game Engine Black Book: Wolfenstein 3D (2017)
- Fabien Sanglard, Game Engine Black Book: DOOM (2018)
- David Kushner, Masters of Doom (2003)
- Nick Montfort & Ian Bogost, Racing the Beam: The Atari Video Computer System (2009)
Related
- Reversible Pipeline Transforms: bijective encoding as a simpler case of the same reconstruction problem
- Redirect Client Limits: six-language behavioral comparison, same "what does the binary actually do" methodology