Gepetto is an IDA Pro plugin designed to accelerate reverse-engineering by integrating Large Language Models (LLMs). It assists reverse engineers by providing natural language explanations of decompiled functions and automatically renaming variables, significantly reducing manual analysis time.

How It Works

Gepetto leverages LLMs via API calls to analyze decompiled C code within IDA Pro. Users can trigger explanations or variable renaming through context menus or hotkeys. The plugin supports a wide array of LLM providers, including OpenAI, Azure OpenAI, Groq, Together, and local models via Ollama and LM Studio, offering flexibility in choosing models based on performance, cost, and privacy needs.

Quick Start & Requirements

• Install by dropping gepetto.py and the gepetto/ folder into IDA's plugins directory.
• Add required packages to IDA's Python installation using pip install -r requirements.txt with the interpreter IDA uses.
• Edit gepetto/config.ini to add LLM API keys.
• Requires IDA Pro version 7.4 or higher and access to the Hex-Rays decompiler.
• Official documentation and setup guides are available.

Highlighted Details

• Supports numerous LLM providers including OpenAI, Azure OpenAI, Groq, Together, Ollama, and LM Studio.
• Offers hotkeys for quick function explanation (Ctrl+Alt+G) and variable renaming (Ctrl+Alt+R).
• Variable renaming is reportedly more effective after an initial function explanation.
• Plugin is extensible for adding support for new LLM providers.

Maintenance & Community

The project was initially funded by Kaspersky and is currently backed by HarfangLab. Contributions for translations and model support are acknowledged.

Licensing & Compatibility

The README does not explicitly state a license. Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

Gepetto requires the Hex-Rays decompiler. All LLM outputs are general-purpose and may contain inaccuracies, necessitating critical evaluation by the user.