Using Claude + GhidraMCP to autonomously reverse engineer binaries through natural language commands.
Reversing malware is an art that's hard to master. It requires a very unique set of skills to read and understand binary machine code, and many techniques which malware employs that might seem normal to unsuspecting eyes. As daunting as it sounds, it becomes easier with experience.
This write-up explores reversing malware with the help of AI — specifically using Claude and the Ghidra MCP Server — to see how far automation can take us.
GhidraMCP is a two-component system that allows LLMs to interact with Ghidra for reverse engineering. Each component has a distinct responsibility, keeping integration clean and extensible.
| Category | Endpoints | Description |
|---|---|---|
| Listing | /methods /classes /imports /exports | List programme elements |
| Code Retrieval | /decompile_function /disassemble_function | Get function code |
| Modification | /rename_function_by_address /set_function_prototype | Rename and modify functions |
| Comments | /set_decompiler_comment /set_disassembly_comment | Annotate views |
| Cross-references | /xrefs_to /xrefs_from | Call graph XREFs |
| Programme Structure | /strings /data /segments | Strings, data, memory |
File → Install Extension on Ghidra's main window+ in top-right of the Install Extension windowFile → Configure → check Developer Options → enable GhidraMCPPlugin# Install dependencies
pip install fastmcp requests
# Run the MCP bridge
python3 bridge_mcp_ghidra.pyNavigate to Options → File → Settings → Developer. Specify the path to bridge_mcp_ghidra.py and arguments. Restart Claude Desktop. When the indicator shows running, you're ready.
A CrackMe binary from crackmes.one ("CrackMePlease") was the test subject. After loading into Ghidra and running the initial auto-analysis, prompting began.
A simple natural-language prompt triggered the list_strings tool automatically. Claude surfaced ROT+1 encoded strings, hex blobs, and keywords like "password", "prank", "cryptedkey" — immediately flagging suspicious patterns.
Claude's full binary analysis revealed the binary stores all user-visible strings Caesar-shifted by +1. A ROT_decode() helper subtracts 1 from each character at runtime — meaning "fantasticClock711" is the decoded decoy password stored as "gboubtujdDmpdl822".
Claude identified a two-layer defence. The first check is a deliberate red herring — entering "fantasticClock711" returns "Just kidding. It's not that easy". The real check computes SHA-256 of the binary's own .text section and uses it as a rolling XOR key to decrypt the actual password.
Claude's insight on why patching fails: modifying any byte in .text changes the SHA-256 hash, which changes the XOR key, which changes the decrypted password. Brute-force patching is therefore self-defeating.
Asked to produce a solve script, Claude architected a multi-step offline approach: load the unmodified PE, locate the .text section, compute SHA-256, XOR-decrypt the embedded ciphertext, and output the password.
The first run of the generated script produced a garbled success message. The bug: it used raw_size (includes file padding) instead of virtual_size (the loaded in-memory region the binary actually hashes).
SizeOfRawData = 0x210c00 includes alignment padding and produces the wrong SHA-256 hash, leading to an incorrect XOR key and garbage output.
After sharing the incorrect output, Claude immediately self-diagnosed the issue — identifying that the binary uses VirtualSize for hashing, not SizeOfRawData. The fix was applied in one turn.
VirtualSize = 0x210bdd → correct SHA-256 → correct XOR decryption → valid password 58040d5b5c.
Running the binary with the extracted password confirms the solve — the crackme prints its success message and exits cleanly.
Trying GhidraMCP with Claude was fascinating. Although the challenge was simple, it would take an average reverse engineer five times longer to solve without this tool; experts can do it in minutes.
The ability to automate analysis with AI-generated scripts streamlines bulk sample processing and saves considerable time compared to manual reverse engineering. Malware reversing is tough — veteran engineers spend hours debugging and examining machine code without source access.
Despite these difficulties, learning reverse engineering remains crucial for tackling complex binaries, and AI significantly accelerates the process.