/ Diretório / Playground / ida-pro-mcp
← Todos os servidores ↗ GitHub
● Comunidade mrexodia ⚡ Instantâneo

ida-pro-mcp

por mrexodia · mrexodia/ida-pro-mcp

Bridge IDA Pro with AI for automated binary analysis — decompile, rename, patch, debug, and search across your IDB.

ida-pro-mcp connects IDA Pro (8.3+) to AI assistants via MCP, exposing tools for decompilation, disassembly, symbol navigation, cross-references, patching, type management, and full debugger control. Supports 20+ MCP clients including Claude, VS Code, Cursor, and Windsurf. Features automated installation, headless analysis via SSE transport, and batch operations.

▶ Ver demo 📦 Instalar 💡 Casos de uso

Por que usar

Principais recursos

Demo ao vivo

Como fica na prática

ida-pro-mcp.replay ▶ pronto
0/0

Instalar

Escolha seu cliente

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Abra Claude Desktop → Settings → Developer → Edit Config. Reinicie após salvar.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Cursor usa o mesmo esquema mcpServers que o Claude Desktop. Config de projeto vence a global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Clique no ícone MCP Servers na barra lateral do Cline, depois "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Mesmo formato do Claude Desktop. Reinicie o Windsurf para aplicar.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "ida-pro-mcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  ]
}

O Continue usa um array de objetos de servidor em vez de um map.

~/.config/zed/settings.json
{
  "context_servers": {
    "ida-pro-mcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/mrexodia/ida-pro-mcp"
        ]
      }
    }
  }
}

Adicione em context_servers. Zed recarrega automaticamente ao salvar.

claude mcp add ida-pro-mcp -- TODO 'See README: https://github.com/mrexodia/ida-pro-mcp'

Uma linha só. Verifique com claude mcp list. Remova com claude mcp remove.

Casos de uso

Usos do mundo real: ida-pro-mcp

How to reverse engineer a binary with AI assistance in IDA Pro

👤 Reverse engineers and security researchers analyzing binaries they own or have authorization to test ⏱ ~60 min advanced

Quando usar: You have a binary loaded in IDA Pro and want AI to help understand and annotate it.

Pré-requisitos
  • IDA Pro 8.3+ (not IDA Free) — Commercial license from Hex-Rays
  • ida-pro-mcp installed — pip install <repo-url> && ida-pro-mcp --install
Fluxo
  1. Get an overview
    List all functions in this binary. Which ones look like they handle network communication based on their names and imports?✓ Copiado
    → Categorized function list with network-related functions highlighted
  2. Decompile key functions
    Decompile the main network handler function. Explain the protocol it implements and rename variables to be descriptive.✓ Copiado
    → Decompiled C code with renamed variables and protocol analysis
  3. Trace data flow
    Find all cross-references to the encryption key buffer. Who reads it and who writes it?✓ Copiado
    → Xref chain showing data flow from key generation to encryption calls

Resultado: A well-annotated IDB with key functions understood, renamed, and documented.

Armadilhas
  • Decompilation can be slow on large functions — Start with smaller callees and work up. Use disasm() for quick overviews.
Combine com: filesystem

Solve a CTF reverse engineering challenge using IDA Pro and AI

👤 CTF participants working on binary reversing challenges ⏱ ~45 min intermediate

Quando usar: You have a CTF binary that needs static and/or dynamic analysis to find the flag.

Pré-requisitos
  • IDA Pro with ida-pro-mcp — Install and connect
Fluxo
  1. Find the validation logic
    Search for strings containing 'flag', 'correct', 'wrong'. Decompile the functions that reference them.✓ Copiado
    → Validation function with flag-checking logic
  2. Debug to extract the flag
    Set a breakpoint at the comparison. Run the binary with input 'AAAA' and show me what it compares against.✓ Copiado
    → Expected flag value visible in registers or memory

Resultado: Flag extracted through combined static and dynamic analysis.

Armadilhas
  • Anti-debug tricks prevent breakpoint hits — Use find_insns to locate anti-debug checks and patch them with patch_asm

Combinações

Combine com outros MCPs para 10× de alavancagem

ida-pro-mcp + filesystem

Export decompiled code and analysis notes to files

Decompile all functions related to the crypto module and save the annotated code to ~/analysis/crypto.c.✓ Copiado

Ferramentas

O que este MCP expõe

FerramentaEntradasQuando chamarCusto
decompile address_or_name: str Decompile a function to C pseudocode 0
disasm address: str, count?: int Disassemble instructions at an address 0
rename old_name: str, new_name: str Rename a function or variable 0
xrefs_to address: str Find all cross-references to an address 0
find_bytes pattern: str Search for a byte pattern in the binary 0
patch_asm address: str, asm: str Patch assembly instructions at an address 0
dbg_run none Start the debugger 0
set_comments address: str, comment: str Add a comment at an address 0

Custo e limites

O que custa rodar

Cota de API
N/A — local IDA Pro instance
Tokens por chamada
200–3000 tokens (decompilation output can be large)
Monetário
Requires IDA Pro commercial license ($). The MCP plugin itself is free.
Dica
Use list_funcs to identify targets before decompiling to avoid decompiling every function.

Segurança

Permissões, segredos, alcance

Armazenamento de credenciais: N/A — local tool
Saída de dados: All analysis is local. No network calls from the MCP server.

Solução de problemas

Erros comuns e correções

ida-pro-mcp --install fails

Ensure Python 3.11+ and IDA Pro 8.3+ are installed. The installer needs to find IDA's plugin directory.

Verificar: python3 --version && which idat
Decompilation fails

Not all functions decompile cleanly (obfuscation, hand-written assembly). Try disasm() as a fallback.

Verificar: Try decompiling a simpler function first
Debugger won't start

Ensure IDA's debugger is configured for the target platform (local, remote, etc.). Check that the binary is not already running.

Verificar: Check IDA's debugger settings

Alternativas

ida-pro-mcp vs. outros

AlternativaQuando usarTroca
GhidrAssistMCPYou prefer free Ghidra over commercial IDA ProGhidra is free but IDA Pro generally has faster analysis and wider format support
reverse-engineering-assistantYou want a Ghidra MCP with a tool-driven approach optimized for LLMsFewer tools but better context management for AI interaction

Mais

Recursos

📖 Leia o README oficial no GitHub

🐙 Ver issues abertas

🔍 Ver todos os 400+ servidores MCP e Skills