Analysis updated 2026-05-18
Ask in plain language what an unknown binary or firmware image actually does.
Investigate whether an APK secretly sends data over the network.
Recover a crackme's password or license check logic through symbolic execution.
Audit supplier-delivered ECU firmware for hardcoded keys or hidden backdoors.
| maosasagawa/blackbox-re-agent | albertaworlds/japanese-text-cleaner | ayangabryl/ngx-digit-flow | |
|---|---|---|---|
| Stars | 30 | 30 | 30 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | hard | easy | easy |
| Complexity | 5/5 | 2/5 | 2/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Full setup installs heavyweight tools like Ghidra and angr, and needs an AI provider like Claude or an API key configured.
Revagent is a conversational reverse engineering assistant built on top of an existing coding agent called pi. Instead of typing individual tool commands, you just ask plain language questions like what a program does, what a crackme's registration code is, or whether an app is secretly sending out data, and the agent drives a whole chain of reverse engineering tools on its own to answer you. It accepts APK files.o object files, Intel HEX firmware images, Windows exe files, ELF, PE, Mach O binaries, and raw firmware images, and only does static analysis, meaning it inspects the file's code without ever running it. Behind the scenes it identifies the file format, unpacks it if needed using tools like apktool and jadx for Android apps, disassembles the machine code, decompiles functions into readable pseudo code with Ghidra, and can even use a tool called angr to symbolically solve for the exact input that reaches a certain point in the program, such as a valid password. Every conclusion in its answers comes with a file path or address as supporting evidence. If a required tool is missing, it installs what it can automatically through a provisioning step rather than asking you to configure anything by hand. The README walks through a detailed example of analyzing supplier-delivered firmware for a car's electronic control unit, where the agent identifies the chip architecture, traces the reset vector and main loop, reviews how it handles CAN bus messages, checks for hardcoded keys or backdoors, and recovers a security access algorithm used to unlock diagnostic functions, all without access to the original source code. The project can be installed by handing its folder to a coding assistant such as Claude Code, pi, Codex, or Cursor along with a short prompt, or by running its own install script, which sets up radare2, Ghidra, angr, and related tools and can skip the heavier ones on a lower disk budget. The author states this is meant only for authorized analysis work such as malware research, CTF competitions, security audits, or your own programs, and that the agent only reconstructs and explains logic rather than producing ready to use malicious tools.
A conversational agent that automates static reverse engineering of binaries, firmware, and apps using natural language questions.
Mainly TypeScript. The stack also includes TypeScript, Ghidra, angr.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.