This article introduces Kaitai Struct, a tool for creating binary parsers in a declarative way. It provides a step-by-step guide on defining a dummy binary format, writing a serialization function, and creating a parser in Python to read the format. The author emphasizes the utility of Kaitai Struct in reverse engineering and protocol analysis.

OGhidra integrates Large Language Models with Ghidra for AI-assisted binary analysis. Users can query Ghidra using natural language, automate reverse engineering tasks, and analyze binaries more efficiently. It supports local AI models for privacy and offers tools for malware analysis and vulnerability research.

This article explores the use of AI models, particularly Claude Opus 4.6, to detect hidden backdoors in binary executables. While some success was noted, with a 49% detection rate for obvious backdoors, the approach remains unreliable for production use due to high false positives and limitations in analyzing complex binaries.

The article details a reverse engineering project on the TP-Link Tapo C200 camera, revealing multiple security vulnerabilities. The author used AI tools to assist in the analysis, uncovering issues like a memory overflow and an unauthenticated WiFi hijacking exploit that could compromise user privacy.

Reko is a free decompiler for machine code binaries that supports various processor architectures and executable formats. It offers multiple front ends, including command-line and GUI versions, and requires the .NET 6.0 SDK for compilation. Users must ensure they have legal rights to decompile any binaries they work with.

This article analyzes the methods used by ring-1.io, a cheat provider for online games, focusing on its evasion tactics and bootloader implant. The author details the reverse engineering process, examining how the cheat interacts with UEFI firmware and Hyper-V to avoid detection.

The author details the process of defeating a 40-year-old copy protection dongle to access legacy RPG software used by an accounting firm. Through disassembly and reverse engineering, they discovered the dongle only returns a constant value, allowing for a simple patch to bypass the protection. The article highlights the quirks of outdated software protection methods and the author's plans to preserve the RPG II compiler.

This article breaks down the security architecture of macOS on Apple Silicon, focusing on the immutable Boot ROM and its role in establishing a Chain of Trust. It details how the Boot ROM initializes the system, loads the Low-Level Bootloader, and enforces code integrity through hardware mechanisms like the Public Key Accelerator.

This article details the process of reverse-engineering the Epomaker Galaxy100 keyboard firmware to enable custom key mappings. The author faces limitations with the VIA configuration tool and explores methods to modify the firmware directly using tools like Ghidra and wb32-dfu-updater.

This article explores how large language models (LLMs) and pyghidra-mcp enhance reverse engineering by analyzing a use-after-free vulnerability in Windows' Common Log File System. It outlines the process of understanding the vulnerability through patch diffs, code flow, and automation with LLMs.

The article details the author's process of reverse engineering the Codex CLI tool to access the newly released GPT-5-Codex-Mini model. By modifying the tool, they created a command to generate SVGs based on user prompts, specifically focusing on drawing a pelican riding a bicycle. The author shares insights into the coding challenges and the functionality of the modified tool.

This article discusses the r2frida plugin that combines Radare2 and Frida for dynamic instrumentation of processes. Users can run Frida commands and scripts directly within Radare2, enabling advanced reverse engineering capabilities. The setup process and key features are also outlined.

This article details the process of finding and exploiting a vulnerability in the IN-8401 2K+ IP camera. The author describes steps from firmware extraction to building an ARM ROP chain for unauthenticated remote code execution. It highlights the importance of proper debugging and analysis methods in discovering security flaws.

The article details the author's experience using AI, specifically Claude Opus 4.5, to reverse engineer and intercept network traffic from the Cronometer app, built with Flutter. It covers challenges related to SSL pinning and proxy routing, and how AI-assisted debugging streamlined the process.

The author details their experience with an Ãike electric scooter after the company went bankrupt, leading to concerns over app functionality. They reverse engineer the scooter's app to regain control, uncovering security flaws and the complexities of its communication with the scooter via Bluetooth.

Obfusk8 is a C++17 library that enhances application obfuscation, making reverse engineering more difficult through various compile-time and runtime techniques. It employs strategies like virtual machine execution, indirect control flow flattening, and dynamic key encryption to obscure code logic and data, while also integrating anti-analysis measures. The library offers helper classes for stealthy access to Windows APIs, ensuring minimal static analysis footprints.

The article explores the process of reverse engineering Apple's iWork software, detailing the techniques and tools used to analyze its functionality. It discusses the challenges faced during the reverse engineering process and the insights gained about the software's design and architecture. The author aims to provide a deeper understanding of how iWork operates behind the scenes.

The article explores techniques and tools for reverse-engineering modern web browsers, focusing on the intricacies of browser architecture, security mechanisms, and debugging processes. It highlights the importance of understanding browser internals for both security researchers and developers aiming to enhance their web applications. Practical examples and methodologies are provided to aid in the reverse-engineering process.

pyghidra-mcp is a headless Model Context Protocol server for Ghidra that enables project-wide analysis of multiple interdependent binaries. By integrating automation with AI capabilities, it allows for seamless tracing of function calls across an entire software ecosystem, enhancing reverse engineering and vulnerability research. The tool supports comprehensive insights into complex applications by exposing an entire Ghidra project for analysis in a single session.

XrefGen is an advanced IDAPython script designed to enhance cross-referencing capabilities in IDA Pro, particularly for complex binaries and modern programming languages. It features a modular architecture, confidence scoring, and various analysis techniques, allowing detection of indirect calls, obfuscated malware patterns, and multi-architecture support. The tool is optimized for performance and memory efficiency, making it essential for security researchers and reverse engineers.

The IDA plugin for reverse-engineering Objective-C code streamlines analysis by cleaning up pseudocode output by removing unnecessary ARC-related runtime calls. It enhances focus on relevant code and improves type propagation, thereby significantly reducing the noise in decompiled output. The plugin is still in development, with plans for additional features in the future.

GoReSym is a Go symbol parser that extracts various types of program and function metadata from Go binaries, including details about CPU architecture and embedded structures. It supports analysis of stripped and malformed binaries and is compatible with multiple Go versions. Users can run it via command line with specific flags for detailed output, and it is designed to facilitate reverse engineering tasks.

The article explores reverse engineering techniques for analyzing an in-game advertising library (anzu.dll) used in the racing game Trackmania. It details the creation of a trampoline DLL to log function calls and arguments, as well as methods for intercepting network traffic to understand the library's communication with its servers. Various tools and strategies are discussed to facilitate the reverse engineering process and enhance debugging capabilities.

The blog discusses PatchGuard, or Kernel Patch Protection (KPP), a critical security feature in Windows that protects the kernel from unauthorized modifications. It explains how PatchGuard operates asynchronously to monitor key kernel structures, triggers a blue screen of death (BSOD) upon detecting tampering, and delves into its initialization process and the challenges of reverse engineering it. Additionally, the article hints at potential bypasses for this security mechanism.

The article provides a comprehensive guide on how to reverse-engineer a business strategy, emphasizing the importance of understanding competitors' approaches and adapting insights to enhance one's own strategic planning. It covers various techniques for dissecting existing strategies and suggests practical steps for implementing learned strategies effectively.

ghidraMCP is a Model Context Protocol server that enables large language models to autonomously reverse engineer applications using Ghidra's core functionalities. The setup process involves downloading the Ghidra plugin, configuring it within Ghidra, and connecting various MCP clients like Claude Desktop, Cline, and 5ire to interact with the server. Detailed installation instructions and configurations are provided for each client integration.

Oneiromancer is a reverse engineering assistant that leverages a fine-tuned LLM to analyze code snippets, providing high-level descriptions, recommended function names, and variable renaming suggestions. It supports cross-platform integration with popular IDEs and allows for easy installation via crates.io or building from source. The tool aims to enhance code analysis efficiency and improve developers' understanding of their code's functionality.

VMDragonSlayer is an advanced framework designed for the automated analysis of binaries protected by various Virtual Machine (VM) protectors, utilizing multiple analysis engines such as Dynamic Taint Tracking and Symbolic Execution. Its goal is to streamline and enhance the reverse engineering process, transforming what typically takes weeks or months into efficient, structured analysis. The framework supports integration with popular reverse engineering tools and features a modular architecture for extensibility and custom workflows.

The article delves into the intricacies of reverse-engineering cursor implementations in large language model (LLM) clients, highlighting the potential benefits and challenges associated with such endeavors. It emphasizes the importance of understanding cursor functionality to enhance user experience and optimize performance in AI-driven applications.

The article explores the utilization of Large Language Models (LLMs) as tools for reverse engineering, offering insights into how these models can assist in analyzing and understanding complex software systems. It discusses practical applications, benefits, and the evolving role of LLMs in cybersecurity and software development.

The apktool-mcp-server is a fully automated server that leverages apktool and LLMs like Claude to facilitate real-time analysis and reverse engineering of Android APKs, enabling users to uncover vulnerabilities and modify code efficiently. It provides a suite of tools for tasks such as decoding APKs, analyzing manifests, and modifying smali files, all designed to enhance the reverse engineering process.

Radare2 (r2) is a powerful open-source reverse engineering tool that has evolved from a basic hexadecimal editor to a comprehensive command-line utility with various plugins and scripting capabilities. It supports numerous architectures and file formats, offering tools for debugging, disassembly, and binary analysis. Installation can be performed from the Git repository, and users can extend functionality through the r2pm package manager.

Apple released a security patch for CVE-2025-43300, addressing an out-of-bounds write vulnerability in the ImageIO framework that could be exploited in zero-click attacks. The article provides a detailed root cause analysis of the vulnerability and the changes made in the patch, focusing on the modifications in the RawCamera file and the implications for image processing. Researchers have previously explored the vulnerability, revealing its connections to JPEG Lossless compression in DNG files.

A comprehensive guide for setting up a Windows virtual machine and various tools for reverse engineering and malware analysis. It covers installation steps for essential software, debugging techniques, and methods for manipulating Portable Executable (PE) properties, alongside practical exercises involving malware samples and code execution through DLL sideloading. The article emphasizes the automation of processes and validation through GitHub workflows.

Generative AI can facilitate reverse engineering of legacy applications even without access to source code by observing user interactions, analyzing database changes, and capturing network traffic. A recent experiment at Thoughtworks demonstrated this capability using an open-source ERP platform, ultimately highlighting the need for human oversight in the process and the potential for AI to assist in testing application functionality post-reconstruction.

ImHex is a feature-rich hex editor designed for reverse engineers and programmers, offering extensive tools for data manipulation, visualization, and analysis. It supports various data types, a customizable interface, and advanced features like data hashing and integrated disassembly for multiple architectures. Users can also extend its functionality through a custom pattern language and plugins.

The article details a process for modding a mobile application using Frida, specifically by creating a mod that ensures a dice-rolling app always returns a one. It also explains how to distribute the modded app by embedding the Frida gadget for autonomous script execution, allowing the modified app to function without external tools.

DiffRays is a binary patch diffing tool that integrates with IDA Pro to facilitate vulnerability research, exploit development, and reverse engineering. It offers features like automated binary fetching, SQLite output for results storage, and a web interface for interactive visualization of differences between patched and unpatched binaries. Designed for educational purposes, it supports various workflows in analyzing security vulnerabilities.

RIFT (Rust Interactive Function Tool) is a suite designed to aid reverse engineers in analyzing Rust malware, consisting of an IDA plugin static analyzer, a generator for creating signatures, and a diff applier for applying binary diffing results. It is crucial to use RIFT within a secure virtual machine environment to avoid security risks, and the tools are primarily tested on Windows and Linux systems. Community contributions are encouraged to enhance the tool's capabilities.

The article delves into the techniques of reverse engineering and cheat development specifically for the game AssaultCube. It explores internal game hacks and the methodologies used to manipulate game mechanics for enhanced player advantages.

The article delves into the kernel-mode objects and structures that manage Windows registry hives, focusing on the complex relationship between the _CMHIVE and _HHIVE structures. It explores their roles in memory management, synchronization, and transaction states, while discussing the implications for security and performance. Detailed insights on their layouts and functionalities are provided, along with the challenges of reverse-engineering undocumented structures.

Automated Function ID database generation in Ghidra streamlines the reverse engineering process for binaries lacking symbol information by allowing analysts to create and apply function signatures. The article discusses utilizing scripts and PowerShell to extract object files from static libraries, import them into Ghidra, and generate function signatures, enhancing the clarity and efficiency of vulnerability analysis in software.