Rogue Binary.

[agent_runtime] Decoupled binary analysis and decompiler MCP servers for AI agents. Focused, token-efficient malware triage returning bounded tool output instead of raw decompiler dumps.

Initialize_Wiki View_Repositories

agent / rbin

connected

$ agent: open persistent rbinr2 session and query functions

> r2_open {"binary_path":"/samples/app.exe"}

> r2_metadata {"binary_path":"/samples/app.exe", "mode":"functions"}

r2_metadata.functions.v0

0x140001080 sym.main (182 bytes, 12 blocks)

0x1400018d0 sym.decrypt_payload (310 bytes, 24 blocks)

0x1400021e0 sym.resolve_exports (140 bytes, 8 blocks)

$ agent: request targeted function decompilation from rbinghidra

> ghidra_decompile {"binary_name":"app.exe", "function_address":"0x1400018d0"}

Stdio Pipe bounded JSON cached backends

Process_02: Capabilities

[rbinghidra mcp]

A Model Context Protocol server for Ghidra-based binary analysis. Employs analyzeHeadless for sub-second cached queries of callsites, CFGs, decompiler output, and type definitions.

[rbinr2 mcp]

A Model Context Protocol server for radare2-based binary analysis. Exposes 39 specialized tools managing persistent r2pipe sessions for focused disassembly and symbol tracing.

[rbinilspy mcp]

A Model Context Protocol server for ILSpyCmd-based .NET decompilation. Outlines types, searches managed metadata, and returns focused C# or IL member bodies without dumping assemblies.

[Token-efficient triage]

Get hashes, file shape, imports, sections, strings, hardening posture, call structure, and likely behavior families before an agent spends context on a backend.

Data_Feed: Derp.ca_Research

View_All

May 26, 2026

Contact Rogue Binary.

[submit_query] Rogue Binary tool feedback, binary-analysis tooling, malware triage, and private consulting.

Rogue Binary.

[rbinghidra mcp]

[rbinr2 mcp]

[rbinilspy mcp]

[Token-efficient triage]

A Day In Cybercrime: May 26, 2026

A Day In Cybercrime: May 25, 2026

A Day In Cybercrime: May 24, 2026

Contact Rogue Binary.

Message sent