cryptaxFeb 28, 2025

Decai decompiling a malicious shellcode.
The instructions are not so readable, if you're not used to syscalls int 0x80. AI does it for you.

https://asciinema.org/a/4PY8wn2TPg2oBdDQ0Q5bgMYjk

#r2ai #decai #r2 #malware #shellcode #syscall #linux

Nice decompilation of Linux shellcode

sha256: fd8441f8716ef517fd4c3fd552ebcd2ffe2fc458bb867ed51e5aaee034792bde Uses Mistral AI. The assembly instructions spot calls to syscall, and see it's socket calls, sleep etc.

asciinema.org
cryptaxJan 30, 2025

A blog post on r2ai / decai by @pancake which shows decompiling to Swift :

https://www.nowsecure.com/blog/2025/01/29/decompiling-apps-with-ai-language-models/

#radare2 #decai #decompile #AI

Decompiling Apps With AI Language Models - NowSecure

Artificial intelligence (AI) language models are emerging as valuable tools for mobile security analysts and developers, offering significant benefits such as aiding in structured vulnerability assessments or generating code.

cryptaxJan 6, 2025

r2ai solves my CrackMe in a few seconds. It's both elegant and educational.

Read this: https://cryptax.medium.com/cracking-my-own-crackme-with-r2ai-5629bcc7d5fe

And view @dnakov video at r2con: https://www.youtube.com/watch?v=UxE5GNUBCXo

cc: @radareorg

#radare2 #r2ai #decai #crackme

Cracking my own CrackMe with r2ai - @cryptax - Medium

Recently, I viewed the excellent “Cracking binaries with r2ai visual mode” by Daniel Nakov, at r2con 2024. In September 2024, I had tried and failed to get AI crack my own simple crackme, but Daniel…

Medium
cryptaxDec 12, 2024

I've been running decai with Claude AI on a malware named Goldoon.

Ghidra is usually quite good to decompile, but just compare the decompiled output with r2 (@radareorg) decai/Claude and ghidra!
This is marvelous. So much clear and concise + Claude immediately thought this was malicious (I didn't hint anything).

NB. I will talk about this at @1ns0mn1h4ck

#AI #radare2 #decai #ghidra

Show threadcryptaxDec 10, 2024

@radareorg the program was implemented using Swift, which does not disassemble very nicely. So, I tried decai. Output in C wasn't nice, but output in Java is quite usable. At least, the password is very visible.

#decai #radare2

 radare Nov 9, 2024
When you find a method with a curious name and what to know what it’s doing with #decai.
(But don’t use it for cheating, you know 😜)
#r2con2024
 radare Nov 9, 2024
Once again #r2ai, #decai and #r2frida to the rescue!
They were really helpful in @as0ler’s, combining them in the process.
#r2con2024
 radare Nov 9, 2024
Tomorrow we’ll be able to see how #decai was really helpful to decompile the STM8 firmware. So don’t miss it!
#r2con2024
 radare Nov 9, 2024
Some more examples of #decai decompilation.
And with -Q command you can also ask if the code is vulnerable and where, and it will answer that! Isn’t it awesome?
#r2con2024
 radare Nov 9, 2024
Decompiling with #decai provides a really nice output, as you can see in the example below. But even with more complex binaries the results are surprising.
#r2con2024