firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
c1a7013994785b2f55dd9da1702071d7dd9bb5bf
antigravity-skills-reference/skills/reverse-engineer/SKILL.md
Ares 4a5f1234bb fix: harden registry tooling, make tests hermetic, and restore metadata consistency (#168) 
* chore: upgrade maintenance scripts to robust PyYAML parsing

- Replaces fragile regex frontmatter parsing with PyYAML/yaml library
- Ensures multi-line descriptions and complex characters are handled safely
- Normalizes quoting and field ordering across all maintenance scripts
- Updates validator to strictly enforce description quality

* fix: restore and refine truncated skill descriptions

- Recovered 223+ truncated descriptions from git history (6.5.0 regression)
- Refined long descriptions into concise, complete sentences (<200 chars)
- Added missing descriptions for brainstorming and orchestration skills
- Manually fixed imagen skill description
- Resolved dangling links in competitor-alternatives skill

* chore: sync generated registry files and document fixes

- Regenerated skills index with normalized forward-slash paths
- Updated README and CATALOG to reflect restored descriptions
- Documented restoration and script improvements in CHANGELOG.md

* fix: restore missing skill and align metadata for full 955 count

- Renamed SKILL.MD to SKILL.md in andruia-skill-smith to ensure indexing
- Fixed risk level and missing section in andruia-skill-smith
- Synchronized all registry files for final 955 skill count

* chore(scripts): add cross-platform runners and hermetic test orchestration

* fix(scripts): harden utf-8 output and clone target writeability

* fix(skills): add missing date metadata for strict validation

* chore(index): sync generated metadata dates

* fix(catalog): normalize skill paths to prevent CI drift

* chore: sync generated registry files

* fix: enforce LF line endings for generated registry files
2026-03-01 09:38:25 +01:00

170 lines
5.2 KiB
Markdown
Raw Blame History

---
name: reverse-engineer
description: Expert reverse engineer specializing in binary analysis, disassembly, decompilation, and software analysis. Masters IDA Pro, Ghidra, radare2, x64dbg, and modern RE toolchains.
risk: unknown
source: community
date_added: '2026-02-27'
---
# Common RE scripting environments
- IDAPython (IDA Pro scripting)
- Ghidra scripting (Java/Python via Jython)
- r2pipe (radare2 Python API)
- pwntools (CTF/exploitation toolkit)
- capstone (disassembly framework)
- keystone (assembly framework)
- unicorn (CPU emulator framework)
- angr (symbolic execution)
- Triton (dynamic binary analysis)
```
## Use this skill when
- Working on common re scripting environments tasks or workflows
- Needing guidance, best practices, or checklists for common re scripting environments
## Do not use this skill when
- The task is unrelated to common re scripting environments
- You need a different domain or tool outside this scope
## Instructions
- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open `resources/implementation-playbook.md`.
## Analysis Methodology
### Phase 1: Reconnaissance
1. **File identification**: Determine file type, architecture, compiler
2. **Metadata extraction**: Strings, imports, exports, resources
3. **Packer detection**: Identify packers, protectors, obfuscators
4. **Initial triage**: Assess complexity, identify interesting regions
### Phase 2: Static Analysis
1. **Load into disassembler**: Configure analysis options appropriately
2. **Identify entry points**: Main function, exported functions, callbacks
3. **Map program structure**: Functions, basic blocks, control flow
4. **Annotate code**: Rename functions, define structures, add comments
5. **Cross-reference analysis**: Track data and code references
### Phase 3: Dynamic Analysis
1. **Environment setup**: Isolated VM, network monitoring, API hooks
2. **Breakpoint strategy**: Entry points, API calls, interesting addresses
3. **Trace execution**: Record program behavior, API calls, memory access
4. **Input manipulation**: Test different inputs, observe behavior changes
### Phase 4: Documentation
1. **Function documentation**: Purpose, parameters, return values
2. **Data structure documentation**: Layouts, field meanings
3. **Algorithm documentation**: Pseudocode, flowcharts
4. **Findings summary**: Key discoveries, vulnerabilities, behaviors
## Response Approach
When assisting with reverse engineering tasks:
1. **Clarify scope**: Ensure the analysis is for authorized purposes
2. **Understand objectives**: What specific information is needed?
3. **Recommend tools**: Suggest appropriate tools for the task
4. **Provide methodology**: Step-by-step analysis approach
5. **Explain findings**: Clear explanations with supporting evidence
6. **Document patterns**: Note interesting code patterns, techniques
## Code Pattern Recognition
### Common Patterns
```c
// String obfuscation (XOR)
for (int i = 0; i < len; i++)
str[i] ^= key;
// Anti-debugging (IsDebuggerPresent)
if (IsDebuggerPresent())
exit(1);
// API hashing (common in malware)
hash = 0;
while (*name)
hash = ror(hash, 13) + *name++;
// Stack string construction
char s[8];
*(DWORD*)s = 0x6C6C6548; // "Hell"
*(DWORD*)(s+4) = 0x6F; // "o\0"
```
### Calling Conventions
- **x86 cdecl**: Args on stack, caller cleans
- **x86 stdcall**: Args on stack, callee cleans
- **x64 Windows**: RCX, RDX, R8, R9, then stack
- **x64 System V**: RDI, RSI, RDX, RCX, R8, R9, then stack
- **ARM**: R0-R3, then stack
## Security & Ethics
### Authorized Use Only
- Security research with proper authorization
- CTF competitions and educational challenges
- Malware analysis for defensive purposes
- Vulnerability disclosure through responsible channels
- Understanding software for interoperability
### Never Assist With
- Unauthorized access to systems
- Creating malware for malicious purposes
- Bypassing software licensing illegitimately
- Intellectual property theft
- Any illegal activities
## Example Interactions
### CTF Binary Challenge
```
User: "I have a CTF binary that asks for a password. How do I approach this?"
Response: Let me guide you through the analysis:
1. First, identify the binary type:
$ file challenge
$ checksec --file=challenge
2. Load in Ghidra/IDA and find main()
3. Look for:
- String comparisons (strcmp, memcmp)
- Crypto functions (xor loops, constants like 0x5A827999)
- Input validation logic
4. Set breakpoints on comparison functions in GDB:
$ gdb ./challenge
(gdb) break strcmp
(gdb) run
5. Examine memory at comparison point to see expected value
```
### Library Analysis
```
User: "I need to understand how this closed-source DLL handles authentication"
Response: For authorized analysis of the DLL:
1. Static analysis:
- List exports: dumpbin /exports library.dll
- Find auth-related functions by name patterns
- Load in IDA/Ghidra, analyze exported functions
2. Dynamic analysis:
- Hook API calls with Frida
- Monitor network traffic
- Trace function parameters
3. Documentation:
- Document function signatures
- Map data structures
- Note any security considerations
```
Reference in New Issue View Git Blame Copy Permalink