reverse-engineering-assistant

ReVa is a Ghidra-based MCP server that exposes a set of specialized tools to an MLP-based client via the Model Context Protocol. It focuses on tool-driven interactions to minimize context rot and support long-form reverse engineering tasks. When connected, ReVa provides capabilities for examining binaries in a project, identifying algorithms, renaming variables, fixing datatypes, and generating structured outputs such as diagrams and reports. ReVa enhances LLM reasoning by delivering small, well-defined tool results along with contextual cues (namespaces, cross-references, and decompilations) to guide exploration in a human-like manner. You can use ReVa in either assistant mode (interactive use with a local Ghidra UI) or headless mode (automation and pipelines), and you can pair it with other MCP servers (e.g., GitHub MCP Server or Kagi MCP Server) to enrich the analysis with source code access or web search results. Tools are designed to be resilient to varied inputs and to provide guidance back to the LLM for corrective actions or next steps.

In practice, you’ll connect your MCP client (Claude Code, VSCode MCP client, etc.) to ReVa’s MCP endpoint and issue tool calls. For Claude Code, you can add ReVa to your chat with a transport URL such as http://localhost:8080/mcp/message (the port may be configured in Ghidra). In headless usage, ReVa can be launched without the GUI, enabling automation, CI/CD pipelines, or containerized workflows. You’ll typically choose between assistant mode (interactive Ghidra session) and headless mode (scripted or batch analysis), depending on whether you want UI-assisted collaboration or fully automated analysis.

The tool suite emphasizes reliability and interpretability: for each operation, ReVa returns targeted results (e.g., decompilation snippets, symbol relationships, or control-flow insights) along with links to relevant information to help you validate or extend the analysis. This approach reduces the chance of hallucination and enables rapid iteration across large binaries or firmware images. When used with other MCP servers, ReVa can access source code repositories or perform web searches to augment its analysis, making it suitable for complex reverse engineering tasks.

Prerequisites:

• Ghidra 12.0 or newer installed on your system
• Java runtime compatible with your Ghidra version
• Docker installed if you’re using the Docker-based run option
• Optional: Git, Gradle if you build from source (not required for the Docker image)

Installation options:

1. Docker (recommended for quick start):

   • Pull or build the ReVa Docker image (if published):
     • docker pull ghidra-reva:latest
     • Or build locally: docker build -t ghidra-reva:latest .
   • Run the container (exposes MCP endpoint on default port):
     • docker run -i -p 8080:8080 ghidra-reva:latest
   • Configure your MCP client to point at http://localhost:8080/mcp/message

2. Build from source (advanced):

   • Ensure GHIDRA_INSTALL_DIR is set if required by the build process
   • Clone the repository: git clone <repo-url>
   • Navigate to the project directory
   • Build with Gradle:

     export GHIDRA_INSTALL_DIR=/path/to/ghidra
     gradle install
     

   • After building, run the server through the appropriate launcher script or command provided by the build output and ensure the MCP endpoint is accessible.

3. Run in Ghidra (manual integration):

   • Open Ghidra with the ReVa extension installed
   • Start the ReVa MCP server from the Ghidra UI or the extension’s menu
   • Ensure the server is listening on the desired port (default 8080) and connect your MCP client to http://localhost:8080/mcp/message

Prerequisites recap: Having a running Ghidra environment (12.0+), Java, and network access to the MCP endpoint is essential. If you plan to integrate into CI/CD or containerized workflows, the Docker route provides the simplest, reproducible setup.

Tips and caveats:

• ReVa is designed as a tool-rich, low-context-rot MCP server for reverse engineering tasks; when composing prompts, rely on the tools rather than raw analysis to minimize hallucinations.
• In headless mode, ReVa can manage Ghidra projects automatically; ensure your storage paths and project scoping are correctly configured to avoid data loss.
• If you use Claude Code, you can pre-authorize ReVa’s full toolset by adding a permissions rule for mcp__ReVa to skip prompts for tool usage.
• When running in a container, remember to expose the MCP endpoint port (default 8080) and map volumes for Ghidra projects if you need persistence across runs.
• For troubleshooting, check the MCP transport endpoint logs and verify that the Ghidra plugin is loaded and the ReVa extension is enabled in both Project and Code Browser contexts.