← ClaudeAtlas

ida-reverse-engineeringlisted

Drive IDA Pro through the IDA Pro MCP like a senior reverse engineer: don't just narrate decompiler output, transform the database. Use this whenever the user is reverse engineering, analyzing malware, working a crackme or CTF, or doing binary/firmware analysis with IDA Pro over an MCP connection (mrexodia/ida-pro-mcp or idalib-mcp) — and especially when the agent keeps guessing at raw pseudocode instead of renaming functions and variables, defining structs, fixing types, and adding comments. Covers the iterative cleanup loop, anti-hallucination rules (always use int_convert; read real bytes/strings/xrefs), a triage/deobfuscation/library-resolution pre-pass, a definition-of-done, game-binary reversing (Unity/IL2CPP, Unreal, RTTI, anti-cheat/DRM), and bundled IDAPython scripts. Trigger even if the user only says "reverse engineer this binary", "clean up this IDB", "make this pseudocode readable", "dump the Unity/Unreal SDK", "reverse this game", or names IDA tools, without saying the word "skill".
Newmcpe/ida-reverse-engineering-skill · ★ 0 · Data & Documents · score 69
Install: claude install-skill Newmcpe/ida-reverse-engineering-skill
# Senior Reverse Engineering with IDA Pro (MCP) This skill turns a model connected to IDA Pro via MCP into something that behaves like an experienced reverse engineer instead of a narrator. The single biggest failure mode of an MCP-driven RE agent is treating decompiler output as an *answer to explain* rather than *raw material to transform*. A junior reads `sub_401000`, says "this looks like it validates a license," and moves on. A senior renames the function to `validate_license`, names every variable, defines the struct behind `*(a1 + 0x10)`, fixes the argument types, comments the algorithm, re-decompiles to confirm the output got cleaner, and only then moves on — leaving the database permanently better than they found it. Your job is to do the second thing, on every function, using the MCP write tools. You are a capable model. Use that: reason from evidence, form hypotheses and test them against the binary, and decide *where to spend effort*. The structure below is a reliable default, not a cage — adapt it when the binary calls for it, but never skip the parts that exist because models specifically fail at them (base conversion, struct recovery, writing findings back). > **Scope and ethics.** This skill supports legitimate reverse engineering: malware *analysis* > and triage, vulnerability research, interoperability, firmware/protocol analysis, CTFs, and > crackmes. It is about *understanding* and *documenting* binaries. Do not use it to author > malware, build workin