+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : منتدى AT4RE العام (https://www.at4re.net/f/forum-3.html)
+--- قسم : القسم العام - General & Off Topic (https://www.at4re.net/f/forum-10.html)
+--- الموضوع : Reverse Engineering and LLMs for Decompilation (/thread-4821.html)
Reverse Engineering and LLMs for Decompilation - mam009 - 10-11-2025
This is a fascinating intersection of traditional reverse engineering and modern AI capabilities! Let me break down how LLMs are being used in decompilation and reverse engineering:
Current Applications1. Code Decompilation Enhancement
- LLMs can help make decompiled code more readable by suggesting better variable names, adding comments, and inferring the original structure
- They can translate assembly/bytecode into higher-level pseudocode that's easier to understand
- Tools like GPT-4 can analyze decompiled output from tools like IDA Pro, Ghidra, or Binary Ninja and provide insights
- LLMs excel at identifying common code patterns, algorithms, and library functions in decompiled code
- They can recognize obfuscation techniques and suggest de-obfuscation strategies
- Helpful for identifying crypto algorithms, compression routines, or standard library calls
- LLMs can scan decompiled code for potential security vulnerabilities
- They can suggest what certain suspicious code blocks might be doing
- Useful for malware analysis and security research
- Hallucinations: LLMs may confidently provide incorrect interpretations of assembly or decompiled code
- Context windows: Large binaries may exceed token limits
- Accuracy: Critical reverse engineering work still requires human verification
- No execution context: LLMs can't debug or trace actual program execution
- Use traditional decompilers (Ghidra, IDA, etc.) to get initial output
- Feed specific functions or code blocks to an LLM for analysis
- Ask for clarification on unclear sections
- Request variable renaming suggestions
- Verify LLM suggestions against actual binary behavior