Selected open-source tools, analysis environments, and technical material for reverse engineering, deobfuscation, malware analysis, and agent-assisted workflows.
msynth is a deobfuscation framework for simplifying Mixed Boolean-Arithmetic (MBA) expressions. It primarily uses a precomputed oracle (lookup tables clustered into equivalence classes) to rewrite MBA-heavy AST subtrees quickly, and can fall back to stochastic program synthesis when lookup-based simplification is insufficient. It’s built on Miasm, can optionally validate simplifications with an SMT solver, and is designed to integrate into symbolic-execution pipelines as well as standalone experiments.
Obfuscation Detection is a Binary Ninja plugin that helps you triage large binaries by flagging functions with unusual or complex structure. It runs a portfolio of lightweight heuristics (e.g., CFG complexity, flattening/state-machine patterns, uncommon instruction sequences, overlapping/disaligned instructions, entropy/RC4 markers, loop-based patterns) and surfaces the top-ranked hotspots for manual inspection. Works in both the UI and headless mode.
Obfuscation Analysis is a Binary Ninja plugin focused on making protected code more readable once you’ve identified where to look. It provides targeted helpers for common analysis roadblocks: MBA simplification directly in the decompiler view, detection/removal of corrupted functions that break disassembly, and recursive decompiler-level function inlining to improve propagation and cleanup across call boundaries. Designed to run efficiently as background tasks with robust error reporting.
ReverserAI is a research-oriented Binary Ninja plugin exploring offline LLM assistance for reverse engineering. The current feature set focuses on context-aware function renaming: it feeds decompiler output plus static context (e.g., strings, API usage, symbols) into a locally-hosted model to propose semantically meaningful names without sending code to the cloud. It is intended as a practical baseline and a playground for extending local AI-assisted workflows.
Binary Ninja Headless MCP is a headless MCP server for AI-assisted reverse engineering with Binary Ninja. It exposes a broad tool surface for disassembly, IL, patching, types, xrefs, and scripting, and is designed to run cleanly in containerized or other GUI-free workflows.
Ghidra Headless MCP is a headless MCP server for AI-assisted reverse engineering with Ghidra. It exposes a broad tool surface for program lifecycle workflows, disassembly, decompilation, patching, types, xrefs, and scripting, and is designed to run cleanly in containerized or other GUI-free workflows.
Binary Cartography is my independent technical webinar series on reverse engineering, malware analysis, and software protection. The repository collects session abstracts, slides, demo environments, samples, references, and recording links.
Current sessions include:
Agentic Reverse Engineering: How Agents Are Changing Binary Analysis
Practical agent-assisted reverse engineering with Ghidra, MCP-connected tooling, reusable workflows, patching, and cracking-style tasks.
materials ·
slides ·
recording
Agentic Malware Analysis: From Task Automation to Deep Analysis
Agent-assisted malware reverse engineering across string decryption, API-resolving logic, multi-stage samples, and structured analysis workflows.
materials ·
slides ·
recording ·
blog post ·
companion repo