{"id":"0694af40-f813-4c59-a5e8-ba3166d9c803","shortId":"LWxdJz","kind":"skill","title":"reverse-engineer","tagline":"Expert reverse engineer specializing in binary analysis, disassembly, decompilation, and software analysis. Masters IDA Pro, Ghidra, radare2, x64dbg, and modern RE toolchains.","description":"# Common RE scripting environments\n- IDAPython (IDA Pro scripting)\n- Ghidra scripting (Java/Python via Jython)\n- r2pipe (radare2 Python API)\n- pwntools (CTF/exploitation toolkit)\n- capstone (disassembly framework)\n- keystone (assembly framework)\n- unicorn (CPU emulator framework)\n- angr (symbolic execution)\n- Triton (dynamic binary analysis)\n```\n\n## Use this skill when\n\n- Working on common re scripting environments tasks or workflows\n- Needing guidance, best practices, or checklists for common re scripting environments\n\n## Do not use this skill when\n\n- The task is unrelated to common re scripting environments\n- You need a different domain or tool outside this scope\n\n## Instructions\n\n- Clarify goals, constraints, and required inputs.\n- Apply relevant best practices and validate outcomes.\n- Provide actionable steps and verification.\n- If detailed examples are required, open `resources/implementation-playbook.md`.\n\n## Analysis Methodology\n\n### Phase 1: Reconnaissance\n1. **File identification**: Determine file type, architecture, compiler\n2. **Metadata extraction**: Strings, imports, exports, resources\n3. **Packer detection**: Identify packers, protectors, obfuscators\n4. **Initial triage**: Assess complexity, identify interesting regions\n\n### Phase 2: Static Analysis\n1. **Load into disassembler**: Configure analysis options appropriately\n2. **Identify entry points**: Main function, exported functions, callbacks\n3. **Map program structure**: Functions, basic blocks, control flow\n4. **Annotate code**: Rename functions, define structures, add comments\n5. **Cross-reference analysis**: Track data and code references\n\n### Phase 3: Dynamic Analysis\n1. **Environment setup**: Isolated VM, network monitoring, API hooks\n2. **Breakpoint strategy**: Entry points, API calls, interesting addresses\n3. **Trace execution**: Record program behavior, API calls, memory access\n4. **Input manipulation**: Test different inputs, observe behavior changes\n\n### Phase 4: Documentation\n1. **Function documentation**: Purpose, parameters, return values\n2. **Data structure documentation**: Layouts, field meanings\n3. **Algorithm documentation**: Pseudocode, flowcharts\n4. **Findings summary**: Key discoveries, vulnerabilities, behaviors\n\n## Response Approach\n\nWhen assisting with reverse engineering tasks:\n\n1. **Clarify scope**: Ensure the analysis is for authorized purposes\n2. **Understand objectives**: What specific information is needed?\n3. **Recommend tools**: Suggest appropriate tools for the task\n4. **Provide methodology**: Step-by-step analysis approach\n5. **Explain findings**: Clear explanations with supporting evidence\n6. **Document patterns**: Note interesting code patterns, techniques\n\n## Code Pattern Recognition\n\n### Common Patterns\n```c\n// String obfuscation (XOR)\nfor (int i = 0; i < len; i++)\n    str[i] ^= key;\n\n// Anti-debugging (IsDebuggerPresent)\nif (IsDebuggerPresent())\n    exit(1);\n\n// API hashing (common in malware)\nhash = 0;\nwhile (*name)\n    hash = ror(hash, 13) + *name++;\n\n// Stack string construction\nchar s[8];\n*(DWORD*)s = 0x6C6C6548;  // \"Hell\"\n*(DWORD*)(s+4) = 0x6F;     // \"o\\0\"\n```\n\n### Calling Conventions\n- **x86 cdecl**: Args on stack, caller cleans\n- **x86 stdcall**: Args on stack, callee cleans\n- **x64 Windows**: RCX, RDX, R8, R9, then stack\n- **x64 System V**: RDI, RSI, RDX, RCX, R8, R9, then stack\n- **ARM**: R0-R3, then stack\n\n## Security & Ethics\n\n### Authorized Use Only\n- Security research with proper authorization\n- CTF competitions and educational challenges\n- Malware analysis for defensive purposes\n- Vulnerability disclosure through responsible channels\n- Understanding software for interoperability\n\n### Never Assist With\n- Unauthorized access to systems\n- Creating malware for malicious purposes\n- Bypassing software licensing illegitimately\n- Intellectual property theft\n- Any illegal activities\n\n## Example Interactions\n\n### CTF Binary Challenge\n```\nUser: \"I have a CTF binary that asks for a password. How do I approach this?\"\n\nResponse: Let me guide you through the analysis:\n\n1. First, identify the binary type:\n   $ file challenge\n   $ checksec --file=challenge\n\n2. Load in Ghidra/IDA and find main()\n\n3. Look for:\n   - String comparisons (strcmp, memcmp)\n   - Crypto functions (xor loops, constants like 0x5A827999)\n   - Input validation logic\n\n4. Set breakpoints on comparison functions in GDB:\n   $ gdb ./challenge\n   (gdb) break strcmp\n   (gdb) run\n\n5. Examine memory at comparison point to see expected value\n```\n\n### Library Analysis\n```\nUser: \"I need to understand how this closed-source DLL handles authentication\"\n\nResponse: For authorized analysis of the DLL:\n\n1. Static analysis:\n   - List exports: dumpbin /exports library.dll\n   - Find auth-related functions by name patterns\n   - Load in IDA/Ghidra, analyze exported functions\n\n2. Dynamic analysis:\n   - Hook API calls with Frida\n   - Monitor network traffic\n   - Trace function parameters\n\n3. Documentation:\n   - Document function signatures\n   - Map data structures\n   - Note any security considerations\n```\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["reverse","engineer","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-reverse-engineer","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/reverse-engineer","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34583 github stars · SKILL.md body (5,365 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T18:52:08.532Z","embedding":null,"createdAt":"2026-04-18T21:43:35.436Z","updatedAt":"2026-04-22T18:52:08.532Z","lastSeenAt":"2026-04-22T18:52:08.532Z","tsv":"'+4':405 '/challenge':574 '/exports':618 '0':364,385,408 '0x5a827999':561 '0x6c6c6548':401 '0x6f':406 '1':141,143,177,226,266,300,378,530,612 '13':391 '2':151,174,185,235,273,310,541,634 '3':158,194,223,244,280,318,548,648 '4':165,203,254,264,285,327,565 '5':212,336,580 '6':344 '8':398 'access':253,483 'action':127 'activ':500 'add':210 'address':243 'algorithm':281 'analysi':10,15,62,138,176,182,216,225,305,334,466,529,591,608,614,636 'analyz':631 'angr':56 'annot':204 'anti':372 'anti-debug':371 'api':42,233,240,250,379,638 'appli':119 'approach':293,335,520 'appropri':184,322 'architectur':149 'arg':413,420 'arm':444 'ask':513,693 'assembl':50 'assess':168 'assist':295,480 'auth':622 'auth-rel':621 'authent':604 'author':308,452,459,607 'basic':199 'behavior':249,261,291 'best':78,121 'binari':9,61,504,511,534 'block':200 'boundari':701 'break':576 'breakpoint':236,567 'bypass':491 'c':357 'call':241,251,409,639 'callback':193 'calle':423 'caller':416 'capston':46 'cdecl':412 'challeng':464,505,537,540 'chang':262 'channel':474 'char':396 'checklist':81 'checksec':538 'clarif':695 'clarifi':113,301 'clean':417,424 'clear':339,668 'close':600 'closed-sourc':599 'code':205,220,349,352 'comment':211 'common':26,69,83,98,355,381 'comparison':552,569,584 'competit':461 'compil':150 'complex':169 'configur':181 'consider':659 'constant':559 'constraint':115 'construct':395 'control':201 'convent':410 'cpu':53 'creat':486 'criteria':704 'cross':214 'cross-refer':213 'crypto':555 'ctf':460,503,510 'ctf/exploitation':44 'data':218,274,654 'debug':373 'decompil':12 'defens':468 'defin':208 'describ':672 'detail':132 'detect':160 'determin':146 'differ':105,258 'disassembl':11,47,180 'disclosur':471 'discoveri':289 'dll':602,611 'document':265,268,276,282,345,649,650 'domain':106 'dumpbin':617 'dword':399,403 'dynam':60,224,635 'educ':463 'emul':54 'engin':3,6,298 'ensur':303 'entri':187,238 'environ':29,72,86,101,227,684 'environment-specif':683 'ethic':451 'evid':343 'examin':581 'exampl':133,501 'execut':58,246 'exit':377 'expect':588 'expert':4,689 'explain':337 'explan':340 'export':156,191,616,632 'extract':153 'field':278 'file':144,147,536,539 'find':286,338,546,620 'first':531 'flow':202 'flowchart':284 'framework':48,51,55 'frida':641 'function':190,192,198,207,267,556,570,624,633,646,651 'gdb':572,573,575,578 'ghidra':19,34 'ghidra/ida':544 'goal':114 'guid':525 'guidanc':77 'handl':603 'hash':380,384,388,390 'hell':402 'hook':234,637 'ida':17,31 'ida/ghidra':630 'idapython':30 'identif':145 'identifi':161,170,186,532 'illeg':499 'illegitim':494 'import':155 'inform':315 'initi':166 'input':118,255,259,562,698 'instruct':112 'int':362 'intellectu':495 'interact':502 'interest':171,242,348 'interoper':478 'isdebuggerpres':374,376 'isol':229 'java/python':36 'jython':38 'key':288,370 'keyston':49 'layout':277 'len':366 'let':523 'librari':590 'library.dll':619 'licens':493 'like':560 'limit':660 'list':615 'load':178,542,628 'logic':564 'look':549 'loop':558 'main':189,547 'malici':489 'malwar':383,465,487 'manipul':256 'map':195,653 'master':16 'match':669 'mean':279 'memcmp':554 'memori':252,582 'metadata':152 'methodolog':139,329 'miss':706 'modern':23 'monitor':232,642 'name':387,392,626 'need':76,103,317,594 'network':231,643 'never':479 'note':347,656 'o':407 'obfusc':164,359 'object':312 'observ':260 'open':136 'option':183 'outcom':125 'output':678 'outsid':109 'packer':159,162 'paramet':270,647 'password':516 'pattern':346,350,353,356,627 'permiss':699 'phase':140,173,222,263 'point':188,239,585 'practic':79,122 'pro':18,32 'program':196,248 'proper':458 'properti':496 'protector':163 'provid':126,328 'pseudocod':283 'purpos':269,309,469,490 'pwntool':43 'python':41 'r0':446 'r0-r3':445 'r2pipe':39 'r3':447 'r8':429,440 'r9':430,441 'radare2':20,40 'rcx':427,439 'rdi':436 'rdx':428,438 're':24,27,70,84,99 'recognit':354 'recommend':319 'reconnaiss':142 'record':247 'refer':215,221 'region':172 'relat':623 'relev':120 'renam':206 'requir':117,135,697 'research':456 'resourc':157 'resources/implementation-playbook.md':137 'respons':292,473,522,605 'return':271 'revers':2,5,297 'reverse-engin':1 'review':690 'ror':389 'rsi':437 'run':579 'safeti':700 'scope':111,302,671 'script':28,33,35,71,85,100 'secur':450,455,658 'see':587 'set':566 'setup':228 'signatur':652 'skill':65,91,663 'skill-reverse-engineer' 'softwar':14,476,492 'sourc':601 'source-sickn33' 'special':7 'specif':314,685 'stack':393,415,422,432,443,449 'static':175,613 'stdcall':419 'step':128,331,333 'step-by-step':330 'stop':691 'str':368 'strategi':237 'strcmp':553,577 'string':154,358,394,551 'structur':197,209,275,655 'substitut':681 'success':703 'suggest':321 'summari':287 'support':342 'symbol':57 'system':434,485 'task':73,94,299,326,667 'techniqu':351 'test':257,687 'theft':497 'tool':108,320,323 'toolchain':25 'toolkit':45 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'trace':245,645 'track':217 'traffic':644 'treat':676 'triag':167 'triton':59 'type':148,535 'unauthor':482 'understand':311,475,596 'unicorn':52 'unrel':96 'use':63,89,453,661 'user':506,592 'v':435 'valid':124,563,686 'valu':272,589 'verif':130 'via':37 'vm':230 'vulner':290,470 'window':426 'work':67 'workflow':75 'x64':425,433 'x64dbg':21 'x86':411,418 'xor':360,557","prices":[{"id":"963d20e2-6701-4307-9184-34768b74b0cd","listingId":"0694af40-f813-4c59-a5e8-ba3166d9c803","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:43:35.436Z"}],"sources":[{"listingId":"0694af40-f813-4c59-a5e8-ba3166d9c803","source":"github","sourceId":"sickn33/antigravity-awesome-skills/reverse-engineer","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/reverse-engineer","isPrimary":false,"firstSeenAt":"2026-04-18T21:43:35.436Z","lastSeenAt":"2026-04-22T18:52:08.532Z"}],"details":{"listingId":"0694af40-f813-4c59-a5e8-ba3166d9c803","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"reverse-engineer","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34583,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-22T06:40:00Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"0096f521cf07f55a1a1be53ca166dc2f4a5a2839","skill_md_path":"skills/reverse-engineer/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/reverse-engineer"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"reverse-engineer","description":"Expert reverse engineer specializing in binary analysis, disassembly, decompilation, and software analysis. Masters IDA Pro, Ghidra, radare2, x64dbg, and modern RE toolchains."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/reverse-engineer"},"updatedAt":"2026-04-22T18:52:08.532Z"}}