February 4, 2026

Weekend plans: disassembled

Article URL →HN comments →

Show HN: Ghidra MCP Server – 110 tools for AI-assisted reverse engineering

AI sidekick for peeking inside apps: hype, ‘will it refuse?’, and lost weekends

TLDR: A new server links Ghidra, a free code‑analysis tool, with AI to speed up peeking inside software using 110 built‑in tools. The crowd loves the time‑saving “function hashing,” argues over whether safety filters will make AI refuse the work, and jokes their weekends just vanished.

Hacker News lit up as a dev dropped Ghidra MCP Server, a bridge that lets AI tools team up with Ghidra—the free, NSA-released tool for peeking inside software. The pitch: 110 built-in tools, near real-time responses, and a clever way to match functions across versions so your notes don’t vanish when an app updates. The repo is live here: github.com/bethington/ghidra-mcp.

The strongest vibe? Relief—and a little vengeance. The creator, xerzes, vented about spending hours labeling things only to have an update shuffle everything, then unveiled a function “fingerprint” system that tracks code by structure, not addresses. Commenters called it the “where has this been all my life?” fix.

But then drama: “Will AI even do it?” One commenter asked if chatbots might refuse reverse-engineering tasks because of safety rules. That sparked a lively split—some say models balk at “hacking,” others insist this is legit security work and AI should help.

Meanwhile, optimists are all-in. One user teased a benchmark and claimed AI could be superhuman at this, turning a tedious, niche job into mainstream security auditing. Others joked, “there goes my weekend,” while a tinkerer shared they fed docs to a model and it started writing scripts that did exactly what they wanted. Verdict: hype, hand-wringing, and a lot of people canceling plans to try it.

Key Points

  • Production-ready MCP server integrates Ghidra with AI tools, offering full MCP compatibility.
  • Provides 110 MCP tools covering decompilation, call graphs, cross-references, and memory analysis.
  • Performance claims include sub-second responses and a 93% reduction in API calls via batch operations.
  • Setup requires Java 21 (OpenJDK), Apache Maven 3.9+, Ghidra 12.0.2, and Python 3.8+ with pip.
  • Supports stdio (recommended) and SSE transport options; server runs locally by default at 127.0.0.1:8080.

Hottest takes

"every address has shifted — all your work invisible" — xerzes
"Have you had any issues with models 'refusing' to do reverse engineering work?" — xnorswap
"AI has huge potential for superhuman capabilities in reverse engineering" — jakozaur

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.