A8THER

We built an AI agent that can take a compiled program with no source code, understand what it does, and reconstruct it into readable code — turning hours of reverse engineering into seconds.

Comment

Inspiration? Modern software is often a black box. Whether it’s malware, legacy systems, or third-party executables, understanding what a compiled program does without access to its source code is a slow, manual, and highly specialized process.

We were inspired by the gap between powerful reverse engineering tools and the expertise required to use them effectively. While tools like Ghidra can decompile binaries, they don’t actually explain what a program is doing — that interpretation is still left to humans. As such, we decided to use Ghidra to make an agent that can go above and beyond.

At the end of the day, like many others, we just wanted to answer a question:

What if software could explain itself?

What does it do? A8THER is an AI-powered reverse engineering agent that transforms a compiled binary into human-readable code and explanations, while giving users an interactive way to explore and understand the program.

At its core, it analyzes an unknown executable inside a secure environment, extracts relevant signals using reverse engineering tools, and then reconstructs the program’s logic into readable code.

Beyond static output, A8THER includes an embedded chatbot interface that allows users to ask questions about the program in natural language, such as what specific functions do or how data flows through the system. It can also execute commands through an integrated terminal interface, enabling users to trigger additional analysis steps dynamically without leaving the application. Once the code is reconstructed, the system can translate it into the user’s preferred programming language, making it more accessible regardless of technical background. In addition, A8THER highlights potential security concerns by identifying suspicious patterns or vulnerabilities within the code, helping users quickly understand not just what a program does, but whether it poses a risk.

What typically takes hours of expert analysis can now be done in seconds.

How did we built it? We built A8THER as a modular system that combines backend orchestration, sandboxed execution, traditional reverse engineering tools, and an AI reasoning layer.

The backend, implemented in Python, manages API routing, user interaction, and communication between components. All binary analysis is performed inside a Docker-based sandbox to ensure safe execution of potentially malicious files, with a mounted workspace that allows controlled file access. We also used CSS, HTML, and JavaScript to create the frontend of our webpage.

Within this environment, we integrated tools such as file, strings, objdump, and readelf for static analysis, along with Ghidra in headless mode to generate decompiled pseudo-code.

On top of this, we implemented an LLM-based agent that follows a structured reasoning loop, selecting which tools to run, interpreting their outputs, and synthesizing them into higher-level representations of program behavior.

The key innovation is the agentic workflow — instead of passively processing data, the AI actively decides how to analyze the binary step by step.

What challenges did we run into? One of the biggest challenges we faced was integrating Ghidra into our pipeline in a reliable way. While Ghidra is a powerful decompiler, running it in headless mode from our backend proved unstable, as it would frequently crash or fail during binary analysis depending on the input. This made it difficult to maintain a consistent workflow, so we had to build safeguards around execution and handle failures gracefully to keep the system responsive.

We also ran into performance issues, as decompilation and analysis could take significantly longer than expected, especially for larger binaries, which conflicted with our goal of creating a near real-time experience. We were able to optimize by selecting the architecture (either ARM64 or AMD64) dynamically, and caching binaries in a SQLite3 database.

Another major challenge was ensuring that our integrated terminal remained secure and controlled. Initially, getting the terminal appearing in the frontend was a challenge, but using WebSockets and Xterm.js, a fully functionally terminal with only specified libraries was displayed on our website, and also allowed autonomous agents to also run various commands on it.

What accomplishments were we most proud of? We are proud of building a fully functional end-to-end system that takes a binary as input and produces meaningful, interpretable output. The integration of an autonomous AI agent that can guide its own analysis process represents a significant step beyond static decompilation tools.

We also successfully created an interactive interface that combines chatbot-based exploration with terminal-level control, giving users both high-level explanations and low-level access. Additionally, implementing a secure sandboxed environment ensured that our system could analyze potentially unsafe binaries without compromising safety.

Overall, we transformed a traditionally complex and manual workflow into something structured, automated, and accessible, and that is an accomplishment we are most proud of.

What did we learn? Through this project, we learned that reverse engineering is fundamentally an interpretive problem, not just a technical one. While tools can extract information, understanding requires context, reasoning, and the ability to connect multiple signals together.

We also learned that AI systems are most effective when integrated into structured workflows, rather than used in isolation, and that designing reliable agent behavior requires careful constraints and iteration. AI is also capable of a lot more than we thought; we were all extremely surprised to see the agent's accuracy and efficiency in completing such a difficult task.

Additionally, we gained experience working with containerization, system-level tools, and the challenges of building secure environments for untrusted code execution.

What's next for A8THER? 1) Improve user's ability to interface with the agents, by adding chatbot / terminal where users can speak to agents, and both users and agents can run commands in terminal 2) Optimize overall runtime, make it faster 3) Expand support for more architectures and binary formats. 4) Enhance security analysis to better detect vulnerabilities and suspicious patterns. 5) Collaborative systems by using hosting Docker sandboxes and allowing multiple users to use one system.

Built With

Share this project:

Updates