GhidrAssist is a Ghidra plugin that integrates Large Language Models (LLMs) to assist reverse engineers in understanding and analyzing binaries. It targets reverse engineers and security researchers seeking AI-powered code explanation, instruction analysis, and general reverse engineering tasks, aiming to accelerate the binary analysis workflow.

How It Works

GhidrAssist leverages an OpenAI v1-compatible API to connect with various LLMs, including local models like Ollama and cloud-based services. It supports Retrieval Augmented Generation (RAG) for contextual document integration and Retrieval-Augmented Generation (RLHF) dataset creation for potential model fine-tuning. The plugin enables features like explaining code (disassembly and pseudo-C), providing instruction-level explanations, and allowing general LLM queries directly within the Ghidra interface.

Quick Start & Requirements

• Install by copying the binary release ZIP to Ghidra_Install/Extensions/Ghidra.
• Enable the plugin via Ghidra's File -> Install Extension.
• Configure GhidrAssist settings within Ghidra's CodeBrowser (Tools -> GhidraAssist Settings).
• Requires Ghidra version 11.0 or later.
• Needs an OpenAI v1-compatible API provider (local or cloud).
• Recommended LLMs include Llama3.1:8b, DeepSeek, and ChatGPT models.
• Links: Homepage

Highlighted Details

• Supports local LLM providers (Ollama, text-generation-webui, LM Studio).
• Features function calling for binary navigation and renaming.
• Enables Retrieval Augmented Generation (RAG) for enhanced context.
• Facilitates RLHF dataset generation for model fine-tuning.

Maintenance & Community

• Developed by Jason Tang.
• No specific community links (Discord/Slack) or roadmap mentioned in the README.

Licensing & Compatibility

• Released under the MIT license.
• Permissive license suitable for commercial use and integration with closed-source projects.

Limitations & Caveats

The project assumes the user has prior experience setting up LLM API providers. While it supports various models, optimal performance may depend on the chosen LLM and its configuration. The roadmap indicates future agentic capabilities, suggesting current features are foundational.