/ Verzeichnis / Playground / reverse-engineering-assistant
← Alle Server ↗ GitHub
● Community cyberkaida ⚡ Sofort

reverse-engineering-assistant

von cyberkaida · cyberkaida/reverse-engineering-assistant

Ghidra MCP server designed for LLMs — small, focused tools that reduce hallucinations in binary analysis sessions.

ReVa (Reverse Engineering Assistant) is a Ghidra 12.0+ extension implementing an MCP server with a tool-driven approach designed for effective LLM interaction. It uses small, focused tools (decompilation, renaming, type fixing, xrefs, string analysis) to limit context degradation during extended sessions. Supports interactive mode (with Ghidra UI) and headless automation, and includes Claude Code plugins for binary triage, crypto analysis, and CTF guides.

▶ Demo ansehen 📦 Installieren 💡 Anwendungsfälle

Warum nutzen

Hauptfunktionen

Live-Demo

In der Praxis

reverse-engineering-assistant.replay ▶ bereit
0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "reverse-engineering-assistant",
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json
{
  "context_servers": {
    "reverse-engineering-assistant": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add reverse-engineering-assistant -- TODO 'See README: https://github.com/cyberkaida/reverse-engineering-assistant'

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: reverse-engineering-assistant

How to triage an unknown binary with ReVa in Ghidra

👤 Security researchers performing initial binary assessment ⏱ ~30 min intermediate

Wann einsetzen: You have a binary to quickly assess before committing to deep analysis.

Voraussetzungen
  • Ghidra 12.0+ with ReVa installed — Download release, install via Ghidra extension manager
  • MCP client configured — Claude Code or VSCode connected to ReVa's MCP endpoint
Ablauf
  1. Initial triage
    Load this binary and give me a quick triage: what platform, what language, key functions, interesting strings, and imported libraries.✓ Kopiert
    → Concise triage report with platform, language hints, notable functions and strings
  2. Focus on suspicious functions
    Decompile the functions that reference network or crypto strings. What are they doing?✓ Kopiert
    → Decompiled code with focused analysis

Ergebnis: A quick assessment of the binary's purpose and suspicious functionality.

Fallstricke
  • Asking too broad questions causes context degradation — ReVa's small tools are designed for focused queries — ask specific questions about specific functions
Kombinieren mit: filesystem

Use ReVa's CTF plugin for guided binary challenge solving

👤 CTF participants who want structured guidance for reversing challenges ⏱ ~45 min intermediate

Wann einsetzen: You're stuck on a binary CTF challenge and want structured analysis guidance.

Voraussetzungen
  • Ghidra with ReVa and CTF plugin — Install ReVa extension and enable the CTF skill
Ablauf
  1. Get CTF guidance
    I'm working on a CTF reverse engineering challenge. The binary is a Linux x86_64 ELF. Guide me through finding the flag.✓ Kopiert
    → Structured approach: entry point, string search, validation function identification
  2. Analyze the check
    Found the validation function. Decompile it and explain the algorithm checking my input.✓ Kopiert
    → Annotated decompilation with algorithm explanation

Ergebnis: Structured guidance to find the flag using ReVa's focused analysis tools.

Fallstricke
  • Heavily obfuscated binaries resist decompilation — Use the address-specific disassembly tool for raw instruction analysis

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

reverse-engineering-assistant + filesystem

Save annotated analysis to files for documentation

Export our analysis notes and decompiled functions to ~/analysis/binary-report.md.✓ Kopiert
reverse-engineering-assistant + github

Cross-reference binary with source code from related open-source projects

This binary seems to use libcurl. Search GitHub for the version and compare the function signatures.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

WerkzeugEingabenWann aufrufenKosten
decompile_function function_name_or_address: str Decompile a specific function 0
rename_variable function: str, old_name: str, new_name: str Rename a variable for clarity 0
fix_type variable: str, type: str Set the correct type for a variable 0
get_xrefs address: str Find cross-references to an address 0
search_strings pattern: str Search for strings in the binary 0

Kosten & Limits

Was der Betrieb kostet

API-Kontingent
N/A — fully local
Tokens pro Aufruf
200–1500 tokens per tool call
Kosten in €
Free — both Ghidra and ReVa are open source
Tipp
Use focused queries on specific functions rather than broad 'analyze everything' requests.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: N/A
Datenabfluss: All analysis is local

Fehlerbehebung

Häufige Fehler und Lösungen

Plugin not loading

ReVa requires Ghidra 12.0+. Enable the plugin in both Project view and Code Browser tool settings.

Prüfen: Check Ghidra's plugin configuration for 'ReVa'
Headless mode not working

Ensure you built ReVa with headless support. Check the headless Ghidra documentation for proper setup.

Prüfen: Run analyzeHeadless with ReVa arguments
Context degradation in long sessions

ReVa is designed to minimize this, but start a new session if analysis quality drops.

Prüfen: Try the same question in a fresh session

Alternativen

reverse-engineering-assistant vs. andere

AlternativeWann stattdessenKompromiss
GhidrAssistMCPYou want more tools (35 vs ReVa's smaller set) and consolidated action-based APIsMore tools but potentially more context pollution for LLMs
ida-pro-mcpYou prefer IDA Pro and need debugger integrationCommercial tool ($) but broader format support

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen