by Dryxio
Open-source AI reverse-engineering agent using Ghidra and LLMs to reconstruct and validate C/C++ functions from binaries.
# Add to your Claude Code skills
git clone https://github.com/Dryxio/auto-re-agentGuides for using ai agents skills like auto-re-agent.
Last scanned: 7/16/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-07-16T06:18:18.077Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}auto-re-agent is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by Dryxio. Open-source AI reverse-engineering agent using Ghidra and LLMs to reconstruct and validate C/C++ functions from binaries. It has 1,053 GitHub stars.
Yes. auto-re-agent passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/Dryxio/auto-re-agent" and add it to your Claude Code skills directory (see the Installation section above).
auto-re-agent is primarily written in Python. It is open-source under Dryxio on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh auto-re-agent against similar tools.
No comments yet. Be the first to share your thoughts!
auto-re-agent is an open-source AI reverse-engineering agent that uses Ghidra
and LLMs—including Claude, Codex, and OpenAI-compatible models—to reconstruct
and validate C/C++ functions from compiled binaries. It combines independent
reverser/checker models, agentic evidence gathering, candidate build and test
gates, structural verification, and parity analysis in one autonomous workflow.
Original pre-0.2 demo: YouTube
re-agent reverse --class CTrain
│
├── Configuration (YAML + supported environment overrides + CLI flags)
├── Function selection (dependency-order | easiest-first | high-impact)
├── Source and binary context
│ ├── decompile, xrefs, structs, enums, vtables, globals, and strings
│ └── normalized high P-code, CFG, assembly, and nearby project source
├── Reverser → checker → fix loop (bounded rounds and investigations)
├── Conservative structural verifier
├── Candidate overlay
│ └── configured build, test, and runtime gates
├── Candidate parity gate (GREEN | YELLOW | RED)
└── Reports, per-round logs, session history, and knowledge graph
The tool generates candidate C/C++ implementations; it does not patch the original source tree automatically. A successful reversal can require four independent conditions:
PASS;This is conservative verification, not a proof of semantic equivalence.
ANTHROPIC_API_KEYOPENAI_API_KEYclaude commandcodex commandInstall the agent and its Ghidra query bridge from PyPI:
python3 -m pip install --upgrade "auto-re-agent[ghidra-bridge]>=0.2.0"
For headless Ghidra exports, install the bridge with its PyGhidra extra:
python3 -m pip install --upgrade "auto-re-agent[headless]>=0.2.0"
To install the latest development versions directly from GitHub instead:
python3 -m pip install --upgrade \
"ghidra-ai-bridge @ git+https://github.com/Dryxio/ghidra-ai-bridge.git@main" \
"auto-re-agent @ git+https://github.com/Dryxio/auto-re-agent.git@main"
Run these commands from the project you want to reverse:
# Create ghidra-bridge.yaml, then edit its Ghidra project/program paths
ghidra-bridge init
# Requires the bridge headless extra and a local Ghidra installation
ghidra-bridge export all
# Optional but recommended when reversed source/hook patterns are available
ghidra-bridge build-map
# Confirm that exports and configuration are visible
ghidra-bridge info
See the bridge documentation for its Ghidra, export, and source-map configuration.
Create a configuration in the target project:
# Recommended portable default
re-agent init --profile generic-cpp
# Other available profiles
# re-agent init --profile windows-x64
# re-agent init --profile gta-reversed
# re-agent init --profile openrct2
Running re-agent init without --profile preserves the original
GTA-reversed defaults. Prefer an explicit profile for new projects.
Then edit re-agent.yaml. At minimum, select an LLM, point the backend at the
installed bridge executable, set the source paths, and configure validation.
llm:
provider: claude-cli
model: sonnet
# Optional: use a different provider/model for checking.
agents:
checker:
provider: codex
model: gpt-5.4
backend:
type: ghidra-bridge
cli_path: ghidra-bridge
project_profile:
name: generic-cpp
language_standard: C++20
source_root: src
hooks_csv: null
orchestrator:
max_review_rounds: 4
investigation_enabled: true
max_investigations: 8
selection_strategy: dependency-order
max_attempts_per_function: 3
validation:
enabled: true
copy_project: true
project_root: .
build_commands:
- cmake -S . -B build
- cmake --build build
test_commands:
- ctest --test-dir build --output-on-failure
require_build: true
require_tests: true
require_verified: true
# This explicitly attests that the project-owned shell commands above are
# meaningful validation gates. Leave false for untrusted commands.
trust_configured_commands: true
keep_project_copy: false
parity_fail_on_red: true
parity_fail_on_yellow: false
Validation is deliberately strict: with the generated defaults, no configured
commands produce UNKNOWN, and require_verified: true rejects that result.
For exploration without build validation, explicitly set
validation.enabled: false; such results are not build-verified.
Start with one function before launching a class run:
re-agent reverse --address 0x401000
re-agent reverse --class CTrain --max-functions 10
re-agent status
llm:
provider: claude
model: claude-sonnet-4-5-20250929
Set ANTHROPIC_API_KEY or RE_AGENT_LLM_API_KEY.
Authenticate the local Claude Code CLI first, then configure:
llm:
provider: claude-cli
model: sonnet
cli_path: claude
effort: high
max_budget_usd: 1.0
Claude CLI supports real session resume and reports usage/cost metadata. A stale CLI login can still require re-authentication even when its auth-status command reports a session.
llm:
provider: openai # or openai-compat
model: your-model
base_url: https://your-endpoint.example/v1 # optional
Set OPENAI_API_KEY or RE_AGENT_LLM_API_KEY.
llm:
provider: codex
model: gpt-5.4
Codex uses the authenticated local codex exec command. CLI-provider
max_tokens values are planning allowances, not hard output limits.
Omit agents.reverser or agents.checker to reuse the top-level llm
configuration for that role. A role block is a complete role configuration,
not a field-by-field merge with llm.
When supported by the backend, the reverser preloads a bounded evidence bundle and can request additional read-only operations:
decompile, xrefs_from, and xrefs_tostruct and enumvtable, global, and stringscontext, normalized pcode, and cfgEvidence bundle data is also ingested into
reports/re-agent/knowledge-graph.json, connecting functions, calls, globals,
and strings. Unsupported bridge capabilities degrade gracefully.
Generated code is written to an overlay. With copy_project: true, the project
is copied to a temporary directory, the candidate replaces the matching body
there, and commands run from that copy. .git, .venv, build, reports, and
Python cache files are not copied. Temporary project copies are deleted unless
keep_project_copy: true.
Commands may use:
{candidate_file}, {overlay_root}, and {source_file} placeholders;RE_AGENT_CANDIDATE_FILE, RE_AGENT_OVERLAY_ROOT, and
RE_AGENT_SOURCE_FILE environment variables.Configured build/test/runtime commands are arbitrary project-owned shell
commands. The agent cannot prove from their text that they actually validate a
candidate, so they only become acceptance evidence when
trust_configured_commands: true is set explicitly.
If multiple C++ definitions match an overloaded method and the source cannot be disambiguated, the overlay is rejected instead of replacing an arbitrary body.
The objective verifier runs on each review round. It compares generated code
with available decompile, assembly, CFG, and normalized high P-code evidence.
It returns FAIL only for strong mismatches; insufficient evidence returns
UNKNOWN.
The reversal pipeline runs the 11 built-in heuristic parity signals against the
generated candidate body. RED is blocking by default; YELLOW can be made
blocking with validation.parity_fail_on_yellow.
The standalone command is different: re-agent parity analyzes functions in
the existing source tree. It also supports semantic-rule files and manual check
overrides. Its process exit code remains zero on RED unless --strict-exit is
used.
The 11 built-in signals are:
| Signal | Level | Description |
|---|---|---|
| Missing source | RED | No source body was found |
| Stub markers | RED | Source contains a configured stub marker |
| Trivial stub | RED | Small plugin-call-heavy body with no control flow |
| Large ASM, tiny source | RED | Large disassembly with a very small source body |
| Plugin-call heavy | YELLOW | Plugin calls dominate the source body |
| Short body | YELLOW | Body has fewer than six lines |
| Low call count | YELLOW | Decompiled callees greatly exceed source calls |
| FP sensitivity | YELLOW | Assembly has FP-sensitive operations but source has no math tokens |
| Call-count mismatch | YELLOW | Source and assembly call counts differ beyond the configured threshold |
| NaN logic | YELLOW | Decompile indicates NaN-sensitive behavior missing from source |
| Inline wrapper | INFO | Source forwards to an internal implem |