explaingit

icloudza/algokiller-plugin

Analysis updated 2026-05-18

43PythonAudience · developerComplexity · 4/5Setup · hard

TLDR

A Claude plugin that helps security researchers reverse engineer encryption inside mobile apps by searching massive ARM64 execution traces.

Mindmap

mindmap
  root((algokiller-plugin))
    What it does
      Searches ARM64 traces
      Finds crypto algorithms
      Plugs into Claude
    Tech stack
      Python
      MCP
      Frida
    Use cases
      Reverse engineer signing
      Identify ciphers
    Audience
      Developers
        Security researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Reverse engineer encryption algorithms used inside a mobile app from a captured trace

USE CASE 2

Identify what generates a specific ciphertext or signature in an Android or iOS app

USE CASE 3

Search massive ARM64 execution traces for known algorithm patterns like AES or SHA-256

What is it built with?

PythonMCPFrida

How does it compare?

icloudza/algokiller-pluginalibaba/omnidoc-tokenbencharccalc/dwmfix
Stars434343
LanguagePythonPythonPython
Setup difficultyhardmoderateeasy
Complexity4/53/52/5
Audiencedeveloperresearchergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires a captured ARM64 trace from GumTrace and Frida, and runs only on macOS.

In plain English

algokiller-plugin is a specialized security research tool that helps analysts figure out how encrypted or obfuscated code works inside mobile apps, without needing access to the original source code. It plugs into Claude, the AI assistant, turning Claude into an interactive analysis partner for a very specific technical task: examining detailed logs of app behavior (called "traces") to reverse-engineer encryption algorithms, signature schemes, and other hidden logic. Here is the core problem it solves: when security researchers or app developers want to understand what an Android or iOS app is doing under the hood, for example, how it generates a login token or signs a network request, they need to study a recording of every CPU instruction the app executed. These recordings, called ARM64 traces, can be gigabytes in size. Manually reading them is impractical. algokiller-plugin provides a set of automated search and analysis commands that can scan those massive trace files in seconds, spotting patterns associated with known encryption algorithms like AES, SHA-256, or MD5. A researcher would use this when they have captured a trace from a running app (using a companion tool called GumTrace, which hooks into the app via Frida, a standard instrumentation framework) and want to answer questions like "what algorithm generated this ciphertext?" or "where does this register value come from?" The plugin exposes slash commands and AI skills directly inside Claude, so the analyst can ask questions in plain language and Claude will run the appropriate search tools automatically. The codebase is written in Python and runs on macOS. It communicates with a native search engine (ak_search) through a local server using a standard protocol called MCP (which allows AI assistants to call external tools). No external Python libraries are required.

Copy-paste prompts

Prompt 1
Help me use algokiller-plugin to find what algorithm generated this ciphertext in my trace
Prompt 2
Show me how to search an ARM64 trace file for AES or SHA-256 patterns
Prompt 3
Explain how to connect algokiller-plugin to my GumTrace capture via MCP

Frequently asked questions

What is algokiller-plugin?

A Claude plugin that helps security researchers reverse engineer encryption inside mobile apps by searching massive ARM64 execution traces.

What language is algokiller-plugin written in?

Mainly Python. The stack also includes Python, MCP, Frida.

How hard is algokiller-plugin to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is algokiller-plugin for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.