ReVa - Ghidra MCP Server for AI-Powered Reverse Engineering

A Ghidra extension that provides a Model Context Protocol (MCP) server for AI-assisted reverse engineering

ReVa (Reverse Engineering Assistant) is a Ghidra MCP server that enables AI language models to interact with Ghidra's powerful reverse engineering capabilities. ReVa uses state of the art techniques to limit context rot and enable long form reverse engineering tasks.

ReVa is different from other efforts at building AI assistants for RE tasks because it uses a tool driven approach with a focus on designing tools for effective LLM use. ReVa aims to provide a variety of small tools to the LLM, just as your RE environment provides a set of small tools to you.

Each of the tools given to the LLM are constructed to be easy for the LLM to use and to tolerate a variety of inputs and to reduce hallucination by the LLM. We do this by providing the LLM with a schema but tolerating other input, including descriptions that guide the LLM,and redirecting correctable mistakes back to the LLM, and including extra output to guide the next decision by the LLM.

ReVa's tools differ to other solutions, they provide smaller, critical fragments with reinforcement and links to other relevant information to reduce context usage and hallucination. This greatly improves performance, especially on long form reverse engineering tasks. This allows ReVa to handle large binaries and even entire firmware images.

To encourage exploration as a human would, we report additional context like the namespace and cross references along with the decompilation, this is a small nudge to make the LLM explore the binary in the same way a human would.

Using this technique you can ask general questions and get relevant answers. The model prioritises information from the tools, but when there is no information it can still respond to generic questions from its training.