A sandboxed MCP (Managed Computation Platform) tool for reverse engineering that provides a unified interface to various reverse engineering tools with security restrictions.
- Sandboxed Execution: All tools run in a restricted environment with timeouts, memory limits, and filesystem jail
- Unified Interface: Single interface to access multiple reverse engineering tools
- Configurable Tool Loading: Select which tools to enable via YAML configuration to avoid overwhelming LLM context windows
- Tool Categories:
- File Analysis:
file,strings,hexdump,xxd - Binary Analysis:
objdump,readelf,ldd,strace,ltrace,upx,gdb,radare2,angr,ghidra,frida - Firmware Analysis:
binwalk,unsquashfs,sasquatch,jefferson,ubi_reader,unpackers,retdc,qemu - Network Tools:
curl,wget
- File Analysis:
- Advanced Capabilities:
- Radare2 AST queries
- Angry symbolic execution
- Ghidra headless decompilation
- Automatic unpacker detection
- Firmware filesystem detection
- Auto QEMU emulation
- Safety Features:
- Argument validation
- Execution sandbox with resource limits
- File workspace jail
- Tool output truncation
- Knowledge Base: Built-in documentation for all tools
- Testing: Unit and functional tests included
pip install -e .Tools are configured via YAML files to control which tools are loaded. This prevents overwhelming LLM context windows by enabling only the tools you need.
Default config (tools_config.yaml): All tools disabled
Example configs:
examples/minimal.yaml- Only file analysis tools (3 tools)examples/firmware.yaml- File + Binary + Firmware analysisexamples/full.yaml- All 25 tools enabled
# Enable specific tool categories
settings:
default_timeout: 300
categories:
file_analysis:
enabled: true
tools:
- file
- strings
- hexdump# Using the CLI with default config
mcp-re --tool strings --args "-n 10" --file ./binary.exe
# Using a specific config
mcp-re --config examples/minimal.yaml --tool strings --args [] --file ./binary.exeProgrammatic usage:
from mcp_reverse_engineering.core.engine import ReverseEngineeringEngine
# Load with default config (no tools enabled)
engine = ReverseEngineeringEngine()
# Load with specific config
engine = ReverseEngineeringEngine(config_path="examples/minimal.yaml")
# List enabled tools
print(engine.list_available_tools())
# Get MCP-compatible tool schemas
print(engine.get_mcp_tools())
# Execute a tool
result = engine.execute_tool("strings", ["-n", "10"], "./binary.exe")
print(result)Run mcp-re --tool help to see all available tools, or check the knowledge base in the source code.
The tool employs multiple layers of security:
- Filesystem jail - all operations confined to workspace directory
- Process resource limits - CPU, memory, process count, file size restrictions
- Timeout enforcement - prevents hanging operations
- Argument validation - basic sanitization of inputs
- Output truncation - prevents excessive data exposure
Run the test suite:
python -m unittest discover testsSee requirements.txt for Python dependencies.
Note: The actual reverse engineering tools (binwalk, radare2, etc.) must be installed separately on the system.
MIT
