auto-re-agent
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 1039 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
Open-source AI reverse-engineering agent using Ghidra and LLMs to reconstruct and validate C/C++ functions from binaries.
auto-re-agent
auto-re-agent is an open-source AI reverse-engineering agent that uses Ghidra
and LLMs—including Claude, Codex, and OpenAI-compatible models—to reconstruct
and validate C/C++ functions from compiled binaries. It combines independent
reverser/checker models, agentic evidence gathering, candidate build and test
gates, structural verification, and parity analysis in one autonomous workflow.
PyPI publication pending:
v0.2.0is released on GitHub, but PyPI still
serves0.1.0until Trusted Publishing is authorized. Until the PyPI badge
above reports0.2.0, use the GitHub development installation below.
Original pre-0.2 demo: YouTube
What it does
re-agent reverse --class CTrain
│
├── Configuration (YAML + supported environment overrides + CLI flags)
├── Function selection (dependency-order | easiest-first | high-impact)
├── Source and binary context
│ ├── decompile, xrefs, structs, enums, vtables, globals, and strings
│ └── normalized high P-code, CFG, assembly, and nearby project source
├── Reverser → checker → fix loop (bounded rounds and investigations)
├── Conservative structural verifier
├── Candidate overlay
│ └── configured build, test, and runtime gates
├── Candidate parity gate (GREEN | YELLOW | RED)
└── Reports, per-round logs, session history, and knowledge graph
The tool generates candidate C/C++ implementations; it does not patch the
original source tree automatically. A successful reversal can require four
independent conditions:
- the LLM checker returns
PASS; - the objective verifier finds no strong structural mismatch;
- candidate validation satisfies the configured acceptance policy;
- parity is not blocked by the configured RED/YELLOW policy.
This is conservative verification, not a proof of semantic equivalence.
Requirements
- Python 3.10+
- Git, for the current source installation
- Ghidra plus a configured
ghidra-ai-bridge - At least one LLM setup:
- Claude API:
ANTHROPIC_API_KEY - OpenAI-compatible API:
OPENAI_API_KEY - Claude CLI: an authenticated local
claudecommand - Codex CLI: an authenticated local
codexcommand
- Claude API:
Installation
Install the agent and its Ghidra query bridge from PyPI:
python3 -m pip install --upgrade "auto-re-agent[ghidra-bridge]>=0.2.0"
For headless Ghidra exports, install the bridge with its PyGhidra extra:
python3 -m pip install --upgrade "auto-re-agent[headless]>=0.2.0"
To install the latest development versions directly from GitHub instead:
python3 -m pip install --upgrade \
"ghidra-ai-bridge @ git+https://github.com/Dryxio/ghidra-ai-bridge.git@main" \
"auto-re-agent @ git+https://github.com/Dryxio/auto-re-agent.git@main"
Set up Ghidra evidence
Run these commands from the project you want to reverse:
# Create ghidra-bridge.yaml, then edit its Ghidra project/program paths
ghidra-bridge init
# Requires the bridge headless extra and a local Ghidra installation
ghidra-bridge export all
# Optional but recommended when reversed source/hook patterns are available
ghidra-bridge build-map
# Confirm that exports and configuration are visible
ghidra-bridge info
See the bridge documentation
for its Ghidra, export, and source-map configuration.
Quick start
Create a configuration in the target project:
# Recommended portable default
re-agent init --profile generic-cpp
# Other available profiles
# re-agent init --profile windows-x64
# re-agent init --profile gta-reversed
# re-agent init --profile openrct2
Running re-agent init without --profile preserves the original
GTA-reversed defaults. Prefer an explicit profile for new projects.
Then edit re-agent.yaml. At minimum, select an LLM, point the backend at the
installed bridge executable, set the source paths, and configure validation.
llm:
provider: claude-cli
model: sonnet
# Optional: use a different provider/model for checking.
agents:
checker:
provider: codex
model: gpt-5.4
backend:
type: ghidra-bridge
cli_path: ghidra-bridge
project_profile:
name: generic-cpp
language_standard: C++20
source_root: src
hooks_csv: null
orchestrator:
max_review_rounds: 4
investigation_enabled: true
max_investigations: 8
selection_strategy: dependency-order
max_attempts_per_function: 3
validation:
enabled: true
copy_project: true
project_root: .
build_commands:
- cmake -S . -B build
- cmake --build build
test_commands:
- ctest --test-dir build --output-on-failure
require_build: true
require_tests: true
require_verified: true
# This explicitly attests that the project-owned shell commands above are
# meaningful validation gates. Leave false for untrusted commands.
trust_configured_commands: true
keep_project_copy: false
parity_fail_on_red: true
parity_fail_on_yellow: false
Validation is deliberately strict: with the generated defaults, no configured
commands produce UNKNOWN, and require_verified: true rejects that result.
For exploration without build validation, explicitly setvalidation.enabled: false; such results are not build-verified.
Start with one function before launching a class run:
re-agent reverse --address 0x401000
re-agent reverse --class CTrain --max-functions 10
re-agent status
LLM providers
Claude API
llm:
provider: claude
model: claude-sonnet-4-5-20250929
Set ANTHROPIC_API_KEY or RE_AGENT_LLM_API_KEY.
Claude CLI
Authenticate the local Claude Code CLI first, then configure:
llm:
provider: claude-cli
model: sonnet
cli_path: claude
effort: high
max_budget_usd: 1.0
Claude CLI supports real session resume and reports usage/cost metadata. A
stale CLI login can still require re-authentication even when its auth-status
command reports a session.
OpenAI-compatible APIs
llm:
provider: openai # or openai-compat
model: your-model
base_url: https://your-endpoint.example/v1 # optional
Set OPENAI_API_KEY or RE_AGENT_LLM_API_KEY.
Codex CLI
llm:
provider: codex
model: gpt-5.4
Codex uses the authenticated local codex exec command. CLI-providermax_tokens values are planning allowances, not hard output limits.
Omit agents.reverser or agents.checker to reuse the top-level llm
configuration for that role. A role block is a complete role configuration,
not a field-by-field merge with llm.
Evidence and investigation
When supported by the backend, the reverser preloads a bounded evidence bundle
and can request additional read-only operations:
decompile,xrefs_from, andxrefs_tostructandenumvtable,global, andstringscontext, normalizedpcode, andcfg
Evidence bundle data is also ingested intoreports/re-agent/knowledge-graph.json, connecting functions, calls, globals,
and strings. Unsupported bridge capabilities degrade gracefully.
Candidate validation
Generated code is written to an overlay. With copy_project: true, the project
is copied to a temporary directory, the candidate replaces the matching body
there, and commands run from that copy. .git, .venv, build, reports, and
Python cache files are not copied. Temporary project copies are deleted unlesskeep_project_copy: true.
Commands may use:
{candidate_file},{overlay_root}, and{source_file}placeholders;RE_AGENT_CANDIDATE_FILE,RE_AGENT_OVERLAY_ROOT, andRE_AGENT_SOURCE_FILEenvironment variables.
Configured build/test/runtime commands are arbitrary project-owned shell
commands. The agent cannot prove from their text that they actually validate a
candidate, so they only become acceptance evidence whentrust_configured_commands: true is set explicitly.
If multiple C++ definitions match an overloaded method and the source cannot be
disambiguated, the overlay is rejected instead of replacing an arbitrary body.
Verification and parity
The objective verifier runs on each review round. It compares generated code
with available decompile, assembly, CFG, and normalized high P-code evidence.
It returns FAIL only for strong mismatches; insufficient evidence returnsUNKNOWN.
The reversal pipeline runs the 11 built-in heuristic parity signals against the
generated candidate body. RED is blocking by default; YELLOW can be made
blocking with validation.parity_fail_on_yellow.
The standalone command is different: re-agent parity analyzes functions in
the existing source tree. It also supports semantic-rule files and manual check
overrides. Its process exit code remains zero on RED unless --strict-exit is
used.
The 11 built-in signals are:
| Signal | Level | Description |
|---|---|---|
| Missing source | RED | No source body was found |
| Stub markers | RED | Source contains a configured stub marker |
| Trivial stub | RED | Small plugin-call-heavy body with no control flow |
| Large ASM, tiny source | RED | Large disassembly with a very small source body |
| Plugin-call heavy | YELLOW | Plugin calls dominate the source body |
| Short body | YELLOW | Body has fewer than six lines |
| Low call count | YELLOW | Decompiled callees greatly exceed source calls |
| FP sensitivity | YELLOW | Assembly has FP-sensitive operations but source has no math tokens |
| Call-count mismatch | YELLOW | Source and assembly call counts differ beyond the configured threshold |
| NaN logic | YELLOW | Decompile indicates NaN-sensitive behavior missing from source |
| Inline wrapper | INFO | Source forwards to an internal implementation |
The signal set is fixed in 0.2.0; configuration exposes selected thresholds,
inline-wrapper behavior, semantic rules, and manual overrides rather than an
individual toggle for every signal.
CLI reference
Global options must precede the subcommand, for examplere-agent --config custom.yaml status.
| Command | Purpose |
|---|---|
re-agent init --profile generic-cpp |
Create re-agent.yaml from a profile |
re-agent reverse --address ADDR |
Reverse one function |
re-agent reverse --class CLASS --max-functions N |
Reverse a bounded class batch |
re-agent reverse --class CLASS --dry-run |
Show a target plan without LLM calls |
re-agent reverse ... --max-rounds N --skip-parity |
Override loop/parity behavior |
re-agent parity --address ADDR --strict-exit |
Analyze an existing source function |
re-agent parity --filter REGEX --limit N --output report.json |
Filter and export parity results |
re-agent parity ... --skip-ghidra |
Run source-only parity signals |
re-agent status --class CLASS --format text |
Show session progress |
re-agent estimate --address ADDR |
Estimate one function |
re-agent estimate --class CLASS --limit N |
Estimate a class batch |
Use re-agent <command> --help for the exact option list.
Configuration precedence
The effective order is CLI runtime overrides, supported environment variables,re-agent.yaml, then dataclass defaults. The currently supported environment
variables are:
RE_AGENT_LLM_PROVIDERRE_AGENT_LLM_API_KEYRE_AGENT_LLM_MODELRE_AGENT_LLM_BASE_URLRE_AGENT_BACKEND_CLI_PATHRE_AGENT_BACKEND_TIMEOUT
Role-specific agents.* configuration, validation, project profiles, parity,
and output paths should be configured in YAML.
See docs/configuration.md for the complete schema.
Profiles
generic-cpp: portable C/C++ defaultswindows-x64: Microsoft x64-oriented prompt rulesgta-reversed: GTA-reversed hooks, stubs, source paths, and project rulesopenrct2: OpenRCT2-oriented hook/stub patterns
Profiles initialize project configuration; they do not replace bridge exports
or project-specific validation commands.
Outputs
Default artifacts include:
reports/re-agent/code/: final generated code per functionreports/re-agent/logs/: per-round reverser/checker prompts, responses, and provider metadatareports/re-agent/candidates/: non-isolated candidate overlaysreports/re-agent/knowledge-graph.json: persistent evidence graphre-agent-progress.json: current per-function state plus run history
The session file is atomically rewritten on save. Its functions map stores the
latest state per address, while its runs list preserves recorded attempts.
How it compares
| Approach | Primary use | Evidence and validation | Workflow |
|---|---|---|---|
| Traditional decompiler | Translate machine code into analyst-readable pseudocode | Decompiler analysis; correctness is assessed manually | Function-by-function analysis |
| Interactive Ghidra AI or MCP assistant | Let an analyst ask questions and request Ghidra operations | Depends on the analyst, prompts, and connected tools | Human-directed conversation |
auto-re-agent |
Generate and validate candidate C/C++ implementations | Ghidra evidence, independent checker, structural checks, configured build/tests, and parity signals | Bounded autonomous reverser/checker pipeline with persistent reports |
auto-re-agent complements Ghidra rather than replacing it: Ghidra supplies
the program analysis, while the agent orchestrates evidence collection,
implementation, review, validation, and reporting. It is designed for
repeatable project-scale workflows, not just one-off decompiler chat.
Frequently asked questions
Is auto-re-agent a decompiler?
Not in the traditional sense. Ghidra performs the disassembly, decompilation,
and program analysis. auto-re-agent uses that evidence plus project source
context and LLMs to produce and validate candidate C/C++ implementations.
Does it require Ghidra?
The full binary-backed reversal workflow currently uses Ghidra throughghidra-ai-bridge. Existing source can be checked with source-only parity viare-agent parity --skip-ghidra, but that mode has less evidence.
Which LLM providers are supported?
Claude API, Claude CLI, OpenAI-compatible APIs, and Codex CLI are supported.
The reverser and checker can use different providers or models.
Does it modify the original source tree?
No. Generated implementations are written to reports and candidate overlays.
When isolated validation is enabled, builds and tests run in a temporary copy
of the project.
Can it prove that generated source is equivalent to the binary?
No. The checker, structural verifier, configured build/test gates, and parity
signals provide conservative evidence, not a formal proof of semantic or
binary equivalence.
What binaries and projects can it analyze?
It can work with programs that Ghidra can import and that the bridge can export.
Useful reconstruction also depends on project-specific source context, types,
symbols, validation commands, and the evidence available in the target binary.
How are LLM cost and run length controlled?
Review rounds, investigations, and attempts per function are bounded in the
configuration. Provider logs record available usage and cost metadata; actual
cost depends on the selected models, evidence volume, and target complexity.
Safety and limitations
- re-agent does not commit or push generated code;
- candidate generation does not overwrite the original source tree;
- review rounds, evidence actions, and per-function attempts are bounded;
- prompt/response logs are written per review round, not for every internal
evidence-loop call; - configured validation commands execute through
/bin/shand should only be
trusted when they are controlled by the project owner; - structural and parity checks catch useful mismatches but do not prove binary
equivalence; - real Ghidra/PyGhidra integration depends on the local Ghidra project and has
to be tested in that environment.
Why ghidra-ai-bridge stays separate
ghidra-ai-bridge remains an independent analysis package with a versioned
JSON/CLI evidence surface. auto-re-agent consumes it through a capability-based
backend, leaving room for future IDA, Binary Ninja, or other backends.
Development
git clone https://github.com/Dryxio/auto-re-agent.git
git clone https://github.com/Dryxio/ghidra-ai-bridge.git
cd auto-re-agent
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install -e "../ghidra-ai-bridge[headless]"
python3 -m pip install -e ".[dev]"
pytest -q
ruff check src tests
mypy src
License
MIT
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found