GhidrAssist Brings AI Features to Ghidra in Reverse Engineering

Reverse engineering has long been a challenging yet essential process for cybersecurity professionals, software analysts, and researchers. 

With the introduction of GhidrAssist, a cutting-edge plugin for the popular reverse engineering platform Ghidra, the process becomes significantly more streamlined and efficient. 

GhidrAssist integrates Large Language Models (LLMs) into Ghidra, offering a suite of AI-powered tools to assist in binary exploration and reverse engineering.

What is GhidrAssist?

GhidrAssist is a plugin designed to leverage local LLMs—such as ollama, text-generation-webui, and lm-studio—to enhance the analysis of binary files. 

It supports any API compatible with OpenAI v1 standards, making it versatile for various setups. Recommended models include LLaMA-based models like llama3.1:8b, as well as others such as DeepSeek and ChatGPT.

This plugin’s primary goal is to simplify reverse engineering tasks by providing intelligent explanations, actionable insights, and automation capabilities directly within the Ghidra interface.

Key Features of GhidrAssist

• Function Explanation: Users can request detailed explanations for the current function in both disassembly and pseudo-C views.
• Instruction Explanation: The plugin provides insights into specific instructions, aiding in understanding complex code segments.
• General Query Interface: Analysts can query the LLM directly from the UI for additional context or clarification.
• Proposed Actions: A list of actionable recommendations is generated to guide further analysis.
• Function Calling Automation: The plugin allows automated navigation within the binary, including renaming functions and variables.
• RAG Augmentation: Contextual documents can be added to refine query accuracy and relevance.
• RLHF Dataset Generation: Enables users to generate datasets for fine-tuning their LLMs using Reinforcement Learning with Human Feedback (RLHF).
• Customizable Settings: Users can configure API hosts, keys, model names, and token limits to suit their environment.

The researcher Jason Tang claims that GhidrAssist’s capabilities will be enhanced in the future with features such as:

• Agentic Assistance: Using frameworks like Autogen for self-guided binary exploration.
• Model Fine-Tuning: Leveraging RLHF datasets to optimize model performance for specific reverse engineering tasks.

Get started with GhidrAssist

• Copy the binary release ZIP archive to the Ghidra_Install/Extensions/Ghidra directory.
• Launch Ghidra and enable the extension via File -> Install Extension.
• Configure settings under CodeBrowser -> File -> Configure -> Miscellaneous.
• Set API host details and RLHF/RAG database paths in GhidraAssist Settings.
• Open GhidrAssist from the Windows menu and begin exploring binaries.

GhidrAssist stands out due to its seamless integration with local LLMs, ensuring data privacy—a critical factor in sensitive reverse engineering tasks. 

By supporting local models like LLaMA3.1:8b and DeepSeek alongside cloud-based options like GPT-4o-mini, it caters to diverse user needs while maintaining flexibility.

Additionally, its ability to generate RLHF datasets opens possibilities for custom model fine-tuning, enabling users to adapt AI capabilities to specific domains or projects.

With its robust feature set and forward-looking roadmap, GhidrAssist is poised to become an indispensable tool for reverse engineers working with Ghidra. 

Combining LLM capabilities with traditional reverse engineering workflows not only enhances productivity but also bridges the gap between human expertise and AI-powered automation.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free