explaingit

maosasagawa/blackbox-re-agent

Analysis updated 2026-05-18

30TypeScriptAudience · researcherComplexity · 5/5Setup · hard

TLDR

A conversational agent that automates static reverse engineering of binaries, firmware, and apps using natural language questions.

Mindmap

mindmap
  root((repo))
    What it does
      Identifies file format
      Disassembles and decompiles
      Solves inputs with symbolic execution
    Tech stack
      TypeScript
      Ghidra
      angr
      radare2
    Use cases
      Analyze firmware images
      Inspect suspicious APKs
      Recover crackme passwords
    Audience
      Security researchers
    Scope
      Static analysis only
      Authorized use only

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Ask in plain language what an unknown binary or firmware image actually does.

USE CASE 2

Investigate whether an APK secretly sends data over the network.

USE CASE 3

Recover a crackme's password or license check logic through symbolic execution.

USE CASE 4

Audit supplier-delivered ECU firmware for hardcoded keys or hidden backdoors.

What is it built with?

TypeScriptGhidraangrradare2jadx

How does it compare?

maosasagawa/blackbox-re-agentalbertaworlds/japanese-text-cleanerayangabryl/ngx-digit-flow
Stars303030
LanguageTypeScriptTypeScriptTypeScript
Setup difficultyhardeasyeasy
Complexity5/52/52/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Full setup installs heavyweight tools like Ghidra and angr, and needs an AI provider like Claude or an API key configured.

In plain English

Revagent is a conversational reverse engineering assistant built on top of an existing coding agent called pi. Instead of typing individual tool commands, you just ask plain language questions like what a program does, what a crackme's registration code is, or whether an app is secretly sending out data, and the agent drives a whole chain of reverse engineering tools on its own to answer you. It accepts APK files.o object files, Intel HEX firmware images, Windows exe files, ELF, PE, Mach O binaries, and raw firmware images, and only does static analysis, meaning it inspects the file's code without ever running it. Behind the scenes it identifies the file format, unpacks it if needed using tools like apktool and jadx for Android apps, disassembles the machine code, decompiles functions into readable pseudo code with Ghidra, and can even use a tool called angr to symbolically solve for the exact input that reaches a certain point in the program, such as a valid password. Every conclusion in its answers comes with a file path or address as supporting evidence. If a required tool is missing, it installs what it can automatically through a provisioning step rather than asking you to configure anything by hand. The README walks through a detailed example of analyzing supplier-delivered firmware for a car's electronic control unit, where the agent identifies the chip architecture, traces the reset vector and main loop, reviews how it handles CAN bus messages, checks for hardcoded keys or backdoors, and recovers a security access algorithm used to unlock diagnostic functions, all without access to the original source code. The project can be installed by handing its folder to a coding assistant such as Claude Code, pi, Codex, or Cursor along with a short prompt, or by running its own install script, which sets up radare2, Ghidra, angr, and related tools and can skip the heavier ones on a lower disk budget. The author states this is meant only for authorized analysis work such as malware research, CTF competitions, security audits, or your own programs, and that the agent only reconstructs and explains logic rather than producing ready to use malicious tools.

Copy-paste prompts

Prompt 1
Analyze this APK and tell me if it is uploading data anywhere it should not be.
Prompt 2
Find the registration code for this crackme binary using revagent.
Prompt 3
Walk me through what this firmware image does and what chip it runs on.
Prompt 4
Set up revagent's toolchain and explain which tools it installed on my system.

Frequently asked questions

What is blackbox-re-agent?

A conversational agent that automates static reverse engineering of binaries, firmware, and apps using natural language questions.

What language is blackbox-re-agent written in?

Mainly TypeScript. The stack also includes TypeScript, Ghidra, angr.

How hard is blackbox-re-agent to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is blackbox-re-agent for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.