From 8313b2bd7be14ca6bd5d9f9c49bc7a0e6b58315f Mon Sep 17 00:00:00 2001 From: Teal Bauer Date: Tue, 15 Apr 2025 10:29:23 +0200 Subject: [PATCH] feat: Add reverse_engineer_binary prompt for comprehensive binary analysis --- bridge_mcp_hydra.py | 89 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/bridge_mcp_hydra.py b/bridge_mcp_hydra.py index d301ca9..555cae1 100644 --- a/bridge_mcp_hydra.py +++ b/bridge_mcp_hydra.py @@ -868,6 +868,95 @@ def identify_vulnerabilities_prompt(name: str = None, address: str = None, port: } } +@mcp.prompt("reverse_engineer_binary") +def reverse_engineer_binary_prompt(port: int = None): + """A comprehensive prompt to guide the process of reverse engineering an entire binary + + Args: + port: Specific Ghidra instance port (optional) + """ + port = _get_instance_port(port) + + # Get program info for context + program_info = ghidra_instance(port=port) + + # Create a comprehensive reverse engineering guide + return { + "prompt": f""" + # Comprehensive Binary Reverse Engineering Plan + + Begin reverse engineering the binary {program_info.get('program_name', 'unknown')} using a methodical approach. + + ## Phase 1: Initial Reconnaissance + 1. Analyze entry points and the main function + 2. Identify and catalog key functions and libraries + 3. Map the overall program structure + 4. Identify important data structures + + ## Phase 2: Functional Analysis + 1. Start with main() or entry point functions and trace the control flow + 2. Find and rename all unnamed functions (FUN_*) called from main + 3. For each function: + - Decompile and analyze its purpose + - Rename with descriptive names following consistent patterns + - Add comments for complex logic + - Identify parameters and return values + 4. Follow cross-references (xrefs) to understand context of function usage + 5. Pay special attention to: + - File I/O operations + - Network communication + - Memory allocation/deallocation + - Authentication/encryption routines + - Data processing algorithms + + ## Phase 3: Data Flow Mapping + 1. Identify key data structures and rename them meaningfully + 2. Track global variables and their usage across functions + 3. Map data transformations through the program + 4. Identify sensitive data handling (keys, credentials, etc.) + + ## Phase 4: Deep Analysis + 1. For complex functions, perform deeper analysis using: + - Data flow analysis + - Call graph analysis + - Security vulnerability scanning + 2. Look for interesting patterns: + - Command processing routines + - State machines + - Protocol implementations + - Cryptographic operations + + ## Implementation Strategy + 1. Start with functions called from main + 2. Search for unnamed functions with pattern "FUN_*" + 3. Decompile each function and analyze its purpose + 4. Look at its call graph and cross-references to understand context + 5. Rename the function based on its behavior + 6. Document key insights + 7. Continue iteratively until the entire program flow is mapped + + ## Function Prioritization + 1. Start with entry points and initialization functions + 2. Focus on functions with high centrality in the call graph + 3. Pay special attention to functions with: + - Command processing logic + - Error handling + - Security checks + - Data transformation + + Remember to use the available GhydraMCP tools: + - Use functions_list to find functions matching patterns + - Use xrefs_list to find cross-references + - Use functions_decompile for C-like representations + - Use functions_disassemble for lower-level analysis + - Use functions_rename to apply meaningful names + - Use data_* tools to work with program data + """, + "context": { + "program_info": program_info + } + } + # ================= MCP Tools ================= # Since we can't use tool groups, we'll use namespaces in the function names