This repository showcases the power of artificial intelligence as a tool to improve reverse engineering of applications. It contains a CTF-style reverse engineering challenge and the AI-powered tooling used to solve it.
| Directory | Description |
|---|---|
| challenge/ | The CTF challenge: a statically-linked C++ binary with XOR-encrypted shellcode that validates a secret flag at runtime. Includes source, build system, and tooling scripts. |
| ai-workdir/ | AI workspace for solving the challenge using Claude Code with a Ghidra integration. Contains the /analyze-binary command and a writeup directory. |
| ghidra-mcp/ | Dockerized MCP server that bridges Claude Code to a running Ghidra instance via the GhidraMCP plugin. Pre-built images available on GHCR. |
| .github/ | CI/CD workflows (daily build of the Ghidra MCP Docker image). |
cd challenge
cmake -B build -S .
cmake --build buildFollow the installation steps in the GhidraMCP releases page to install the plugin into Ghidra 12.0.x.
docker pull ghcr.io/crimson7research/ghidra-mcp:latest
claude mcp add ghidra-mcp -t stdio -- docker run --rm -i --network host ghcr.io/crimson7research/ghidra-mcp- Open the built binary in Ghidra (with the GhidraMCP plugin installed)
- Open Claude Code in the
ai-workdir/directory - Run the
/analyze-binarycommand
See the READMEs in each subdirectory for detailed instructions.