reverse-engineering-assistant MCP — 使用场景, 安装 & 实时演示

为什么要用

核心特性

Tool-driven approach with small, focused tools to reduce LLM hallucinations
Context-aware analysis to limit degradation during extended sessions
Interactive mode (with Ghidra UI) and headless automation mode
Bundled Claude Code plugins for binary triage, cryptography, and CTF workflows
Works alongside other MCP servers (GitHub, Kagi) for enriched analysis

实时演示

实际使用效果

reverse-engineering-assistant.replay ▶ 就绪

0/0

安装

选择你的客户端

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

打开 Claude Desktop → Settings → Developer → Edit Config。保存后重启应用。

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Cursor 使用与 Claude Desktop 相同的 mcpServers 格式。项目级配置优先于全局。

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

点击 Cline 侧栏中的 MCP Servers 图标，然后选 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

格式与 Claude Desktop 相同。重启 Windsurf 生效。

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "reverse-engineering-assistant",
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  ]
}

Continue 使用服务器对象数组，而非映射。

~/.config/zed/settings.json

{
  "context_servers": {
    "reverse-engineering-assistant": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
        ]
      }
    }
  }
}

加入 context_servers。Zed 保存后热重载。

claude mcp add reverse-engineering-assistant -- TODO 'See README: https://github.com/cyberkaida/reverse-engineering-assistant'

一行命令搞定。用 claude mcp list 验证，claude mcp remove 卸载。

使用场景

实战用法： reverse-engineering-assistant

How to triage an unknown binary with ReVa in Ghidra

👤 Security researchers performing initial binary assessment ⏱ ~30 min intermediate

何时使用： You have a binary to quickly assess before committing to deep analysis.

前置条件

Ghidra 12.0+ with ReVa installed — Download release, install via Ghidra extension manager
MCP client configured — Claude Code or VSCode connected to ReVa's MCP endpoint

步骤

Initial triage

Load this binary and give me a quick triage: what platform, what language, key functions, interesting strings, and imported libraries.✓ 已复制

→ Concise triage report with platform, language hints, notable functions and strings
Focus on suspicious functions

Decompile the functions that reference network or crypto strings. What are they doing?✓ 已复制

→ Decompiled code with focused analysis

结果： A quick assessment of the binary's purpose and suspicious functionality.

注意事项

Asking too broad questions causes context degradation — ReVa's small tools are designed for focused queries — ask specific questions about specific functions

搭配使用： filesystem

Use ReVa's CTF plugin for guided binary challenge solving

👤 CTF participants who want structured guidance for reversing challenges ⏱ ~45 min intermediate

何时使用： You're stuck on a binary CTF challenge and want structured analysis guidance.

前置条件

Ghidra with ReVa and CTF plugin — Install ReVa extension and enable the CTF skill

步骤

Get CTF guidance

I'm working on a CTF reverse engineering challenge. The binary is a Linux x86_64 ELF. Guide me through finding the flag.✓ 已复制

→ Structured approach: entry point, string search, validation function identification
Analyze the check

Found the validation function. Decompile it and explain the algorithm checking my input.✓ 已复制

→ Annotated decompilation with algorithm explanation

结果： Structured guidance to find the flag using ReVa's focused analysis tools.

注意事项

Heavily obfuscated binaries resist decompilation — Use the address-specific disassembly tool for raw instruction analysis

组合

与其他 MCP 搭配，撬动十倍杠杆

reverse-engineering-assistant + filesystem

Save annotated analysis to files for documentation

Export our analysis notes and decompiled functions to ~/analysis/binary-report.md.✓ 已复制

reverse-engineering-assistant + github

Cross-reference binary with source code from related open-source projects

This binary seems to use libcurl. Search GitHub for the version and compare the function signatures.✓ 已复制

工具

此 MCP 暴露的能力

工具	输入参数	何时调用
decompile_function	function_name_or_address: str	Decompile a specific function
rename_variable	function: str, old_name: str, new_name: str	Rename a variable for clarity
fix_type	variable: str, type: str	Set the correct type for a variable
get_xrefs	address: str	Find cross-references to an address
search_strings	pattern: str	Search for strings in the binary

成本与限制

运行它的成本

API 配额: N/A — fully local
每次调用 Token 数: 200–1500 tokens per tool call
费用: Free — both Ghidra and ReVa are open source
提示: Use focused queries on specific functions rather than broad 'analyze everything' requests.

安全

权限、密钥、影响范围

凭据存储： N/A

数据出站： All analysis is local

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Only analyze binaries you have legal right to reverse engineer.

故障排查

常见错误与修复

Plugin not loading

ReVa requires Ghidra 12.0+. Enable the plugin in both Project view and Code Browser tool settings.

验证： Check Ghidra's plugin configuration for 'ReVa'

Headless mode not working

Ensure you built ReVa with headless support. Check the headless Ghidra documentation for proper setup.

验证： Run analyzeHeadless with ReVa arguments

Context degradation in long sessions

ReVa is designed to minimize this, but start a new session if analysis quality drops.

验证： Try the same question in a fresh session

替代方案

reverse-engineering-assistant 对比其他方案

替代方案	何时用它替代	权衡
GhidrAssistMCP	You want more tools (35 vs ReVa's smaller set) and consolidated action-based APIs	More tools but potentially more context pollution for LLMs
ida-pro-mcp	You prefer IDA Pro and need debugger integration	Commercial tool ($) but broader format support

reverse-engineering-assistant

为什么要用

核心特性

实时演示

实际使用效果

安装

选择你的客户端

使用场景

实战用法： reverse-engineering-assistant

How to triage an unknown binary with ReVa in Ghidra

前置条件

步骤

注意事项

Use ReVa's CTF plugin for guided binary challenge solving

前置条件

步骤

注意事项

组合

与其他 MCP 搭配，撬动十倍杠杆

工具

此 MCP 暴露的能力

成本与限制

运行它的成本

安全

权限、密钥、影响范围

故障排查

常见错误与修复

替代方案

reverse-engineering-assistant 对比其他方案

更多

资源