[No tokens have been burned to write this article 🙂 ]
Recently I was in the mood to do some reverse engineering and see how far one can come with an AI to do so. Already a while ago I have read about GhidraMCP. Ghidra is an reverse engineering framework and disassembler made and maintained as open source by the US intelligence agency NSA. I really like Ghidra, it helped me a lot in debugging stuff when working on my own operating system JOS. GhidraMCP is offering Ghidra’s capabilities and features to an AI via the MCP protocol. Some may argue MCP is not as good as skills or CLI, but for a complex tool it seems appropriate. I used the GhidraMCP fork bethington/ghidra-mcp as this seems actively maintained and installed it alongside Ghidra as per the instructions.
Next I had to chose some proof of concept application. After some brainstorming, I came about this funny little USB missile launcher, which actually belongs to my friend and former colleague Miro Bodganovic, but after some office and private relocations still sits with me (sorry, Miro!). Already some years ago, the official software for the device vanished from the internet or was only available on shady websites.
However, I didn’t have to start from there. There is already a reverse engineered software on Github from 6 years ago, by Brazilian Rodrigo Reis. As per the info from the Readme, he manually reverse engineered it with decompiler Jetbrains Dotpeek. I was using his application to play occasionally with the missile launcher for the last years.
So now I had this Thunder application as a binary, and with GhidraMCP I was all set. I asked Github Copilot (free version) to take the binary, and port its logic to Rust, by using GhidraMCP explicitly (probably someone may remark that I could have asked a reasonably advanced model and harness like Claude Code with Fable 5 to work it out without giving a specific solution, but I wanted to see GhidraMCP in action. However, I am aware, that those powerful models even work with assembly and CPU instructions).
It went ahead and called multiple tools from the GhidraMCP offerings:
Already moments later, it had decompiled the core logic and started the analysis. After some iterations it realized that its a Dotnet/C# program, so it went on to download some Dotnet tools to extract more data
After that, it seems it was a walk in the park. In under 240 lines of code, the Rust port was realized in a headless fashion (no UI, only CLI). You can find it under: https://github.com/jbreu/ThunderRust; from a first glance, the code seems ok-ish and not overly complex, but code quality and maintainability were not my focus in this experiment.