p4nda0s/reverse-skills
8 skills4.6k installs10k starsGitHub
Install
npx skills add https://github.com/p4nda0s/reverse-skillsSkills in this repo
1Rev Fridarev-frida is an agent skill that turns natural-language reverse-engineering goals into runnable Frida JavaScript for dynamic analysis. It is aimed at solo builders and small teams who need to hook SSL_read-style natives, ObjC or Java entry points, or enumerate modules without memorizing the evolving Frida API surface. Use it when you already have a target binary or mobile package and need fast instrumentation for tracing calls, capturing arguments and return values, or dumping memory after modules load. The skill emphasizes modern CLI patterns—spawn resumes after script load—and pairs lookup helpers with Interceptor.attach templates so agents do not emit obsolete flags or APIs. It fits security reviews, CTF-style analysis, and integration debugging where static reads are insufficient, but it does not replace legal authorization, symbol recovery, or full decompilation pipelines.736installs2Rev Structrev-struct is an agent skill for reverse engineers who need plausible struct definitions from stripped binaries. It walks you through choosing IDA Pro MCP live queries versus an exported `decompile/` tree from the IDA-NO-MCP plugin, then correlates loads, stores, and pointer arithmetic across a function and its callees to rebuild layouts. Solo builders and small security teams use it during CTFs, incident response, or firmware audits when Ghidra or IDA decompilation is available but headers are not. It does not replace dynamic tracing or debugger sessions; it accelerates static hypothesis building so you can label fields and continue chain analysis in IDA. Expect intermediate comfort with decompilers, calling conventions, and manual verification of inferred sizes and alignment.671installs3Rev Symbolrev-symbol is an agent skill that walks you through restoring function symbols when you only have stripped binaries or anonymous decompilation output. Solo builders doing security research, CTF work, or incident response can start with a pre-check that prefers IDA Pro MCP for live database access, then falls back to a local export directory where each function lives as a hex-addressed C file under `decompile/`. The skill frames analysis around code patterns, embedded strings, constants, and cross-references rather than guesswork in chat. It explicitly tells the agent to stop and give setup instructions—MCP connection or IDA-NO-MCP plugin download—when no data source is present. Complexity is intermediate to advanced because it assumes comfort with IDA workflows and decompiler output, not npm installs. It does not ship a product feature; it produces naming hypotheses you still must validate in IDA.665installs4Rev Dex Dumperrev-dex-dumper is an agent skill that walks a solo builder or security researcher through dumping DEX bytecode from a live Android process using the bundled panda-dex-dumper over ADB. It activates when you need to unpack an APK, extract decrypted DEX from memory, or work around loaders that never write full dex to disk. The procedure pushes the tool to /data/local/tmp, chmods it, resolves the target package (user-provided or current foreground app), runs the dumper against pidof, pulls artifacts to the host working directory, and removes device-side caches. It fits indie mobile audits, CTF-style RE, and incident response on sideloaded builds—not everyday app feature work. Expect a physical device or emulator, working adb, and comfort with shell on device.633installs5Rev Unicorn Debugrev-unicorn-debug is an agent skill for reverse engineers and indie security builders who need Unicorn Engine emulation of specific functions or code fragments instead of launching whole programs. Install it when you want to trace a binary path, reproduce a crypto or transform routine, or decrypt data by executing only the relevant routine in a sandboxed CPU model. The workflow stresses loading the file as raw bytes and mapping only what you need, then identifying external dependencies—JNI bridges, system calls, standard library calls, and imported symbols—and satisfying them with hooks so emulation reaches your goal. Unicorn callbacks drive tracing, environment simulation, and recovery when execution faults. When emulation fails, you extend maps, add hooks, or correct registers using the failure context rather than guessing. Output stays lean with block-level tracing preferred over noisy instruction dumps. It pairs well with Claude Code, Cursor, or Codex agents during malware triage, CTF reversals, firmware snippets, or validating suspicious native code before you ship.631installs6Rev Idapythonrev-idapython is an agent skill that acts as a procedural reference for writing IDAPython and IDALib scripts inside Hex-Rays IDA. Solo builders and small security teams use it when they need repeatable patterns for register reads, debug memory, patching IDB bytes, setting breakpoints, walking functions and basic blocks, and calling the Hex-Rays decompiler API—whether in the Script Command window or in headless IDALib jobs. It does not replace IDA licensing or deep RE methodology; it accelerates correct API usage so your coding agent outputs runnable snippets instead of hallucinated module names. Typical moments include triaging a suspicious executable, recovering logic from a stripped binary, automating batch analysis across a folder of samples, or debugging a crash at a specific VA. Because the knowledge spans analysis prep and pre-ship review, it is tagged multi-phase with primary placement on Ship/Security while remaining useful during Build integrations when wiring security tooling.620installs7Rev U3d Dumprev-u3d-dump is an agent skill for solo and indie builders who need to analyze Unity games compiled with IL2CPP on mobile. IL2CPP strips human-readable names from the native binary but keeps rich type and method data in global-metadata.dat; this skill walks you through pairing the correct native binary with that metadata and choosing a dumper that matches your metadata version. It favors the roytu Il2CppDumper v39 branch when Perfare’s upstream build stops at older metadata, and calls out Cpp2IL when you want a different extraction path. The outcome is actionable symbol recovery for static analysis—method addresses, names, and import scripts—so you can reason about anti-cheat surfaces, networking hooks, or proprietary engine calls without guessing at mangled symbols. It assumes you already have a lawful copy of the build artifacts and a RE toolchain, not a greenfield Unity project in the editor.596installs8Rev Ios Dumprev-ios-dump is a narrowly scoped agent skill from the reverse-skills repository, aimed at solo and indie builders who need to pull or reason about iOS application data during security or compatibility work. The public catalog stub does not ship a full SKILL.md body in this ingest, so you should treat the repo as the source of truth for exact commands, dependencies (macOS tooling, devices, signing), and legal boundaries. Install it when you are past prototype and need structured agent guidance for dump-oriented iOS RE rather than ad-hoc chat instructions. Expect intermediate familiarity with mobile builds, Xcode ecosystems, and responsible disclosure norms. Prism tags it under Ship → Security so it surfaces next to other appsec and mobile hardening skills instead of general frontend generators.1installs