IMHO all MCP servers should allow end-users to review exactly the code which is going to run on their host.

This is what r2ai does, on this point, *everybody* should do the same.

cc: @radareorg

Comparing #meta #llama 4 (maverick / scout) vs #qwen 32b for decompilation purposes #r2ai #reverseengineering
PD: groq is the best place to try all these models if you don't have the hardware
PD: qwen-qwq reasoning takes more time, but improves the output, much better than openai/claude/meta for decompilation usecases

If anyone is curious about r2mcp, yes, it now runs in local with openwebui and mcpo #r2ai #radare2 #reverseengineering #llm

The whole #mcp ecosystem is pure magic, here's a quick demo seamlessly running the r2mcp server. Kudos to the plugin's author @dnakov #r2ai #reverseengineering #llm #claude if you want to try it out, just run “r2pm -Uci r2mcp" and add the json block described in the repo’s readme!

“Analyzing a shellcode with #r2ai" article posted in the latest PagedOut ezine! https://pagedout.institute/download/PagedOut_006.pdf by @cryptax #shellcodes #reverseengineering #radare2

Decai decompiling a malicious shellcode.
The instructions are not so readable, if you're not used to syscalls int 0x80. AI does it for you.

https://asciinema.org/a/4PY8wn2TPg2oBdDQ0Q5bgMYjk

Comparing Decai decompilation using @AnthropicAI 's claude 3.5 vs 3.7 with a simple strcoll wrapper function #r2ai #radare2

At last! I finished reversing the communication protocol of Linux/Prometei, with AI's assistance.

Spoiler: hmm, well, in some cases, the AI didn't help ;P

but in the end, it was worth it.

https://cryptax.medium.com/communication-with-a-prometei-c2-part-three-8f9c76ff9ac0

This weekend I wrote some improvements for Decai, the llm based decompiler plugin for radare2:

- use custom decompiler pipelines loaded from external json files
- deterministic results for ollama, openai and claude
- also added support for the mistral endpoint.
- implemented a vector database for embeddings from scratch in C with zero dependencies

Analyzing ELF/Sshdinjector (IoT bot) with r2ai.

It's really helpful and time save to use AI (with r2ai) for analysis *but* use it with a non-AI decompiler side by side:

1. To direct the AI, and lose less money ;P
2. To spot more easily hallucinations or extrapolations.

https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst

r2ai just de-obfuscated strings inside Linux/Ladvix malware for me.

No, no, I should not say "for me", it makes me sound lazy and passive. In reality, we were a team :D Honestly, I had to pilot it ;P

After some conversation, we understand that a few strings are obfuscated. I ask the AI to de-obfuscate them. r2ai integrates an automatic mode that passes the questions to the AI and is able to process some r2 commands.

1/2

In the second presentation of the day, @dnakov will show us how to crack binaries using the new #r2ai visual mode.
If you enjoyed the related ones from yesterday, you’ll enjoy this one a lot!

https://youtu.be/UxE5GNUBCXo

Once again #r2ai, #decai and #r2frida to the rescue!
They were really helpful in @as0ler’s, combining them in the process.
#r2con2024

I got decai (radare2's AI-assisted decompiler) to work with a local model, and tried it over a basic Caesar implementation in C and in Dart.

To be honest, I think the conclusion is that the model I selected is not good enough ;) but #r2ai and #decai are really great tools. Read my post to understand how to install, configure and use. Or RTFM :P

https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9

many thanks to @Pancake for his patience! "it's not working on my laptop", "try this then" etc