Skip to main content

/

/

Stats

Actions

Tags

Stats

Actions

Tags

ClaudePluginHub

Community directory for discovering and installing Claude Code plugins.

Find plugins for your project

AI-powered recommendations based on your stack.

Product

Browse Plugins
Marketplaces
Pricing
About
Contact

Resources

Learning Center
Blog
Weekly Digest
Claude Code Docs
Plugin Guide
Plugin Reference
Plugin Marketplaces

Community

Browse on GitHub
Get Support

Legal

Terms of Service
Privacy Policy

Browse · Plugins · Top Plugins · Marketplaces · Components · Technologies · Skills · Agents · Commands · Hooks · MCP Servers · LSP Servers · Output Styles · Themes · Monitors

Categories · Productivity · Development · Testing · Deployment · Security · Documentation · Data · Utilities

© 2025 ClaudePluginHub

Community Maintained · Not affiliated with Anthropic

ClaudePluginHub

ClaudePluginHub

Tools Learn Pricing

Search everything...

reverse-engineering | communitytools

Home
Skills
communitytools
reverse-engineering

Skill

reverse-engineering

From communitytools

Static-first analysis of compiled binaries (ELF/PE/Mach-O) and custom-VM bytecode for CTF and malware reverse engineering. Covers opcode inversion, callfuscation, MBA deobfuscation, and encrypted-handler decryption.

Popularity

Stars

342

Forks

64

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/communitytools:reverse-engineering

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Reverse engineering compiled binaries (ELF, PE, Mach-O) and bytecode artifacts to recover algorithms, validate inputs, or build static solvers. Focused on the recurring CTF / malware-analysis pattern of a host binary that loads a "program" file under a custom ISA — recognising the dispatcher loop, mapping opcodes to Python lambdas, and inverting the transformation chain in pure Python without e...

Supporting Files

reference/INDEX.mdreference/custom-vm-bytecode.mdreference/reverse-engineering-principles.mdreference/scenarios/anti-debug/int3-detection-bypass.mdreference/scenarios/anti-debug/isdebuggerpresent-bypass.mdreference/scenarios/anti-debug/ptrace-bypass.mdreference/scenarios/anti-debug/timing-checks-bypass.mdreference/scenarios/custom-vm/bytecode-disassembly.mdreference/scenarios/dynamic-analysis/frida-hooking.mdreference/scenarios/dynamic-analysis/gdb-scripting.mdreference/scenarios/dynamic-analysis/ltrace-strace.mdreference/scenarios/kernel/kernel-rootkit-module.mdreference/scenarios/obfuscation/callfuscation.mdreference/scenarios/obfuscation/d-fiber-callfuscation.mdreference/scenarios/obfuscation/hash-dispatcher-chain.mdreference/scenarios/obfuscation/mba-deobfuscation.mdreference/scenarios/obfuscation/packed-binaries.mdreference/scenarios/obfuscation/python-bytecode-payload.mdreference/scenarios/obfuscation/string-obfuscation.mdreference/scenarios/static-analysis/disassembly-recipe.md

SKILL.md

23 lines · ~419 tokens

Stats

LanguagePython

Stars342

Forks64

MaintenanceExcellent

Last CommitJun 9, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

reverse-engineering

binary-analysis

Stats

LanguagePython

Stars342

Forks64

MaintenanceExcellent

Last CommitJun 9, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

reverse-engineering

binary-analysis

Reverse Engineering

Scope

Reverse engineering compiled binaries (ELF, PE, Mach-O) and bytecode artifacts to recover algorithms, validate inputs, or build static solvers. Focused on the recurring CTF / malware-analysis pattern of a host binary that loads a "program" file under a custom ISA — recognising the dispatcher loop, mapping opcodes to Python lambdas, and inverting the transformation chain in pure Python without executing the host. Also covers callfuscation (control-flow chunking), MBA (mixed boolean-arithmetic) operator obfuscation, encrypted-handler tricks, and three-layer deobfuscation pipelines.

When to use

A binary plus a "program data" file are delivered together and the binary appears to be an interpreter (themed opcode names, dispatcher switch / jump table).
Disassembly reveals a while(true){ op = mem[pc++]; switch(op){...}; } style loop or jump-table indexed by opcode.
The binary is heavily obfuscated (callfuscation, MBA wrappers, encrypted handlers in .data decrypted to RWX at startup).
You need to recover an algorithm or check function from native code without dynamic execution (anti-debug, wrong arch, no TTY).
Static-first reverse engineering is preferred (faster, more reliable than emulator chains).

References

reference/custom-vm-bytecode.md — recognising and inverting custom stack/register/tape VMs; callfuscation linearization; MBA operator identification; encrypted-handler decryption.

$

npx claudepluginhub transilienceai/communitytools

Similar Skills

ctf-rev

15

Provides a structured methodology for CTF reverse engineering challenges: triage, packing detection, decompiler selection, dynamic analysis, anti-debug bypass, custom VM disassembly, and symbolic execution.

cybersec-toolkit

reverse-engineer

37.9k

Guides binary reverse engineering with disassembly, decompilation, static/dynamic analysis using IDA Pro, Ghidra, radare2, x64dbg, and scripting via IDAPython, r2pipe, pwntools.

antigravity-awesome-skills

View reverse-engineer

ctf-rev

23

Solves CTF reverse engineering challenges using systematic analysis to extract flags, keys, or passwords from crackmes, binary bombs, key validators, and obfuscated code.