/ Directory / Playground / ida-pro-mcp
← All servers ↗ GitHub
● Community mrexodia ⚡ Instant

ida-pro-mcp

by mrexodia · mrexodia/ida-pro-mcp

Bridge IDA Pro with AI for automated binary analysis — decompile, rename, patch, debug, and search across your IDB.

ida-pro-mcp connects IDA Pro (8.3+) to AI assistants via MCP, exposing tools for decompilation, disassembly, symbol navigation, cross-references, patching, type management, and full debugger control. Supports 20+ MCP clients including Claude, VS Code, Cursor, and Windsurf. Features automated installation, headless analysis via SSE transport, and batch operations.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

ida-pro-mcp.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "ida-pro-mcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "ida-pro-mcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/mrexodia/ida-pro-mcp"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add ida-pro-mcp -- TODO 'See README: https://github.com/mrexodia/ida-pro-mcp'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use ida-pro-mcp

How to reverse engineer a binary with AI assistance in IDA Pro

👤 Reverse engineers and security researchers analyzing binaries they own or have authorization to test ⏱ ~60 min advanced

When to use: You have a binary loaded in IDA Pro and want AI to help understand and annotate it.

Prerequisites
  • IDA Pro 8.3+ (not IDA Free) — Commercial license from Hex-Rays
  • ida-pro-mcp installed — pip install <repo-url> && ida-pro-mcp --install
Flow
  1. Get an overview
    List all functions in this binary. Which ones look like they handle network communication based on their names and imports?✓ Copied
    → Categorized function list with network-related functions highlighted
  2. Decompile key functions
    Decompile the main network handler function. Explain the protocol it implements and rename variables to be descriptive.✓ Copied
    → Decompiled C code with renamed variables and protocol analysis
  3. Trace data flow
    Find all cross-references to the encryption key buffer. Who reads it and who writes it?✓ Copied
    → Xref chain showing data flow from key generation to encryption calls

Outcome: A well-annotated IDB with key functions understood, renamed, and documented.

Pitfalls
  • Decompilation can be slow on large functions — Start with smaller callees and work up. Use disasm() for quick overviews.
Combine with: filesystem

Solve a CTF reverse engineering challenge using IDA Pro and AI

👤 CTF participants working on binary reversing challenges ⏱ ~45 min intermediate

When to use: You have a CTF binary that needs static and/or dynamic analysis to find the flag.

Prerequisites
  • IDA Pro with ida-pro-mcp — Install and connect
Flow
  1. Find the validation logic
    Search for strings containing 'flag', 'correct', 'wrong'. Decompile the functions that reference them.✓ Copied
    → Validation function with flag-checking logic
  2. Debug to extract the flag
    Set a breakpoint at the comparison. Run the binary with input 'AAAA' and show me what it compares against.✓ Copied
    → Expected flag value visible in registers or memory

Outcome: Flag extracted through combined static and dynamic analysis.

Pitfalls
  • Anti-debug tricks prevent breakpoint hits — Use find_insns to locate anti-debug checks and patch them with patch_asm

Combinations

Pair with other MCPs for X10 leverage

ida-pro-mcp + filesystem

Export decompiled code and analysis notes to files

Decompile all functions related to the crypto module and save the annotated code to ~/analysis/crypto.c.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
decompile address_or_name: str Decompile a function to C pseudocode 0
disasm address: str, count?: int Disassemble instructions at an address 0
rename old_name: str, new_name: str Rename a function or variable 0
xrefs_to address: str Find all cross-references to an address 0
find_bytes pattern: str Search for a byte pattern in the binary 0
patch_asm address: str, asm: str Patch assembly instructions at an address 0
dbg_run none Start the debugger 0
set_comments address: str, comment: str Add a comment at an address 0

Cost & Limits

What this costs to run

API quota
N/A — local IDA Pro instance
Tokens per call
200–3000 tokens (decompilation output can be large)
Monetary
Requires IDA Pro commercial license ($). The MCP plugin itself is free.
Tip
Use list_funcs to identify targets before decompiling to avoid decompiling every function.

Security

Permissions, secrets, blast radius

Credential storage: N/A — local tool
Data egress: All analysis is local. No network calls from the MCP server.

Troubleshooting

Common errors and fixes

ida-pro-mcp --install fails

Ensure Python 3.11+ and IDA Pro 8.3+ are installed. The installer needs to find IDA's plugin directory.

Verify: python3 --version && which idat
Decompilation fails

Not all functions decompile cleanly (obfuscation, hand-written assembly). Try disasm() as a fallback.

Verify: Try decompiling a simpler function first
Debugger won't start

Ensure IDA's debugger is configured for the target platform (local, remote, etc.). Check that the binary is not already running.

Verify: Check IDA's debugger settings

Alternatives

ida-pro-mcp vs others

AlternativeWhen to use it insteadTradeoff
GhidrAssistMCPYou prefer free Ghidra over commercial IDA ProGhidra is free but IDA Pro generally has faster analysis and wider format support
reverse-engineering-assistantYou want a Ghidra MCP with a tool-driven approach optimized for LLMsFewer tools but better context management for AI interaction

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills