/ Directory / Playground / reverse-engineering-assistant
← All servers ↗ GitHub
● Community cyberkaida ⚡ Instant

reverse-engineering-assistant

by cyberkaida · cyberkaida/reverse-engineering-assistant

Ghidra MCP server designed for LLMs — small, focused tools that reduce hallucinations in binary analysis sessions.

ReVa (Reverse Engineering Assistant) is a Ghidra 12.0+ extension implementing an MCP server with a tool-driven approach designed for effective LLM interaction. It uses small, focused tools (decompilation, renaming, type fixing, xrefs, string analysis) to limit context degradation during extended sessions. Supports interactive mode (with Ghidra UI) and headless automation, and includes Claude Code plugins for binary triage, crypto analysis, and CTF guides.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

reverse-engineering-assistant.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "reverse-engineering-assistant": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "reverse-engineering-assistant",
      "command": "TODO",
      "args": [
        "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "reverse-engineering-assistant": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/cyberkaida/reverse-engineering-assistant"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add reverse-engineering-assistant -- TODO 'See README: https://github.com/cyberkaida/reverse-engineering-assistant'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use reverse-engineering-assistant

How to triage an unknown binary with ReVa in Ghidra

👤 Security researchers performing initial binary assessment ⏱ ~30 min intermediate

When to use: You have a binary to quickly assess before committing to deep analysis.

Prerequisites
  • Ghidra 12.0+ with ReVa installed — Download release, install via Ghidra extension manager
  • MCP client configured — Claude Code or VSCode connected to ReVa's MCP endpoint
Flow
  1. Initial triage
    Load this binary and give me a quick triage: what platform, what language, key functions, interesting strings, and imported libraries.✓ Copied
    → Concise triage report with platform, language hints, notable functions and strings
  2. Focus on suspicious functions
    Decompile the functions that reference network or crypto strings. What are they doing?✓ Copied
    → Decompiled code with focused analysis

Outcome: A quick assessment of the binary's purpose and suspicious functionality.

Pitfalls
  • Asking too broad questions causes context degradation — ReVa's small tools are designed for focused queries — ask specific questions about specific functions
Combine with: filesystem

Use ReVa's CTF plugin for guided binary challenge solving

👤 CTF participants who want structured guidance for reversing challenges ⏱ ~45 min intermediate

When to use: You're stuck on a binary CTF challenge and want structured analysis guidance.

Prerequisites
  • Ghidra with ReVa and CTF plugin — Install ReVa extension and enable the CTF skill
Flow
  1. Get CTF guidance
    I'm working on a CTF reverse engineering challenge. The binary is a Linux x86_64 ELF. Guide me through finding the flag.✓ Copied
    → Structured approach: entry point, string search, validation function identification
  2. Analyze the check
    Found the validation function. Decompile it and explain the algorithm checking my input.✓ Copied
    → Annotated decompilation with algorithm explanation

Outcome: Structured guidance to find the flag using ReVa's focused analysis tools.

Pitfalls
  • Heavily obfuscated binaries resist decompilation — Use the address-specific disassembly tool for raw instruction analysis

Combinations

Pair with other MCPs for X10 leverage

reverse-engineering-assistant + filesystem

Save annotated analysis to files for documentation

Export our analysis notes and decompiled functions to ~/analysis/binary-report.md.✓ Copied
reverse-engineering-assistant + github

Cross-reference binary with source code from related open-source projects

This binary seems to use libcurl. Search GitHub for the version and compare the function signatures.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
decompile_function function_name_or_address: str Decompile a specific function 0
rename_variable function: str, old_name: str, new_name: str Rename a variable for clarity 0
fix_type variable: str, type: str Set the correct type for a variable 0
get_xrefs address: str Find cross-references to an address 0
search_strings pattern: str Search for strings in the binary 0

Cost & Limits

What this costs to run

API quota
N/A — fully local
Tokens per call
200–1500 tokens per tool call
Monetary
Free — both Ghidra and ReVa are open source
Tip
Use focused queries on specific functions rather than broad 'analyze everything' requests.

Security

Permissions, secrets, blast radius

Credential storage: N/A
Data egress: All analysis is local

Troubleshooting

Common errors and fixes

Plugin not loading

ReVa requires Ghidra 12.0+. Enable the plugin in both Project view and Code Browser tool settings.

Verify: Check Ghidra's plugin configuration for 'ReVa'
Headless mode not working

Ensure you built ReVa with headless support. Check the headless Ghidra documentation for proper setup.

Verify: Run analyzeHeadless with ReVa arguments
Context degradation in long sessions

ReVa is designed to minimize this, but start a new session if analysis quality drops.

Verify: Try the same question in a fresh session

Alternatives

reverse-engineering-assistant vs others

AlternativeWhen to use it insteadTradeoff
GhidrAssistMCPYou want more tools (35 vs ReVa's smaller set) and consolidated action-based APIsMore tools but potentially more context pollution for LLMs
ida-pro-mcpYou prefer IDA Pro and need debugger integrationCommercial tool ($) but broader format support

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills