IDA Pro MCP
Simple MCP Server to allow vibe reversing in IDA Pro.
The binaries and prompt for the video are available in the mcp-reversing-dataset repository.
Available functionality:
check_connection: Check if the IDA plugin is running.
get_metadata(): Get metadata about the current IDB.
get_function_by_name(name): Get a function by its name.
get_function_by_address(address): Get a function by its address.
get_current_address(): Get the address currently selected by the user.
get_current_function(): Get the function currently selected by the user.
convert_number(text, size): Convert a number (decimal, hexadecimal) to different representations.
list_functions(offset, count): List all functions in the database (paginated).
list_strings(offset, count): List all strings in the database (paginated).
search_strings(pattern, offset, count): Search for strings containing the given pattern (case-insensitive).
decompile_function(address): Decompile a function at the given address.
disassemble_function(start_address): Get assembly code (address: instruction; comment) for a function.
get_xrefs_to(address): Get all cross references to the given address.
get_entry_points(): Get all entry points in the database.
set_comment(address, comment): Set a comment for a given address in the function disassembly and pseudocode.
rename_local_variable(function_address, old_name, new_name): Rename a local variable in a function.
rename_global_variable(old_name, new_name): Rename a global variable.
set_global_variable_type(variable_name, new_type): Set a global variable's type.
rename_function(function_address, new_name): Rename a function.
set_function_prototype(function_address, prototype): Set a function's prototype.
declare_c_type(c_declaration): Create or update a local type from a C declaration.
set_local_variable_type(function_address, variable_name, new_type): Set a local variable's type.
Prerequisites
- Python (3.11 or higher)
- IDA Pro (8.3 or higher, 9 recommended)
- Supported MCP Client (pick one you like)
Installation
Install (or upgrade) the IDA Pro MCP package:
Configure the MCP servers and install the IDA Plugin:
Important: Make sure you completely restart IDA/Visual Studio Code/Claude for the installation to take effect. Claude runs in the background and you need to quit it from the tray icon.
Prompt Engineering
LLMs are prone to hallucinations and you need to be specific with your prompting. For reverse engineering the conversion between integers and bytes are especially problematic. Below is a minimal example prompt, feel free to start a discussion or open an issue if you have good results with a different prompt:
Your task is to analyze a crackme in IDA Pro. You can use the MCP tools to retrieve information. In general use the following strategy:
This prompt was just the first experiment, please share if you found ways to improve the output!
Tips for Enhancing LLM Accuracy
Large Language Models (LLMs) are powerful tools, but they can sometimes struggle with complex mathematical calculations or exhibit "hallucinations" (making up facts). Make sure to tell the LLM to use the
conver_number MCP and you might also need math-mcp for certain operations.Another thing to keep in mind is that LLMs will not perform well on obfuscated code. Before trying to use an LLM to solve the problem, take a look around the binary and spend some time (automatically) removing the following things:
- String encryption
- Import hashing
- Control flow flattening
- Code encryption
- Anti-decompilation tricks
You should also use a tool like Lumina or FLIRT to try and resolve all the open source library code and the C++ STL, this will further improve the accuracy.
Manual Installation
Note: This section is for LLMs and power users who need detailed installation instructions.
Manual MCP Server Installation (Cline/Roo Code)
To install the MCP server yourself, follow these steps:
- Install uv globally:
- Clone this repository, for this example
C:\MCP\ida-pro-mcp.
- Navigate to the Cline/Roo Code MCP Servers configuration (see screenshot).
- Click on the Installed tab.
- Click on Configure MCP Servers, which will open
cline_mcp_settings.json.
- Add the
ida-pro-mcpserver:
To check if the connection works you can perform the following tool call:
IDA Plugin installation
The IDA Pro plugin will be installed automatically when the MCP server starts. If you disabled the
--install-plugin option, use the following steps:- Copy (not move)
src/ida_pro_mcp/mcp-plugin.pyin your plugins folder (%appdata%\Hex-Rays\IDA Pro\pluginson Windows).
- Open an IDB and click
Edit -> Plugins -> MCPto start the server.
Comparison with other MCP servers
There are a few IDA Pro MCP servers floating around, but I created my own for a few reasons:
- Installation should be fully automated.
- The architecture of other plugins make it difficult to add new functionality quickly (too much boilerplate of unnecessary dependencies).
- Learning new technologies is fun!
If you want to check them out, here is a list (in the order I discovered them):
- https://github.com/taida957789/ida-mcp-server-plugin (SSE protocol only, requires installing dependencies in IDAPython).
- https://github.com/fdrechsler/mcp-server-idapro (MCP Server in TypeScript, excessive boilerplate required to add new functionality).
- https://github.com/MxIris-Reverse-Engineering/ida-mcp-server (custom socket protocol, boilerplate).
Feel free to open a PR to add your IDA Pro MCP server here.
Development
Adding new features is a super easy and streamlined process. All you have to do is add a new
@jsonrpc function to `mcp-plugin.py` and your function will be available in the MCP server without any additional boilerplate! Below is a video where I add the get_metadata function in less than 2 minutes (including testing):To test the MCP server itself:
This will open a web interface at http://localhost:5173 and allow you to interact with the MCP tools for testing.
For testing I create a symbolic link to the IDA plugin and then POST a JSON-RPC request directly to
http://localhost:13337/mcp. After enabling symbolic links you can run the following command:Generate the changelog of direct commits to
main:IDA Pro MCP
Simple MCP Server to allow vibe reversing in IDA Pro.
The binaries and prompt for the video are available in the mcp-reversing-dataset repository.
Available functionality:
check_connection: Check if the IDA plugin is running.
get_metadata(): Get metadata about the current IDB.
get_function_by_name(name): Get a function by its name.
get_function_by_address(address): Get a function by its address.
get_current_address(): Get the address currently selected by the user.
get_current_function(): Get the function currently selected by the user.
convert_number(text, size): Convert a number (decimal, hexadecimal) to different representations.
list_functions(offset, count): List all functions in the database (paginated).
list_strings(offset, count): List all strings in the database (paginated).
search_strings(pattern, offset, count): Search for strings containing the given pattern (case-insensitive).
decompile_function(address): Decompile a function at the given address.
disassemble_function(start_address): Get assembly code (address: instruction; comment) for a function.
get_xrefs_to(address): Get all cross references to the given address.
get_entry_points(): Get all entry points in the database.
set_comment(address, comment): Set a comment for a given address in the function disassembly and pseudocode.
rename_local_variable(function_address, old_name, new_name): Rename a local variable in a function.
rename_global_variable(old_name, new_name): Rename a global variable.
set_global_variable_type(variable_name, new_type): Set a global variable's type.
rename_function(function_address, new_name): Rename a function.
set_function_prototype(function_address, prototype): Set a function's prototype.
declare_c_type(c_declaration): Create or update a local type from a C declaration.
set_local_variable_type(function_address, variable_name, new_type): Set a local variable's type.
Prerequisites
- Python (3.11 or higher)
- IDA Pro (8.3 or higher, 9 recommended)
- Supported MCP Client (pick one you like)
Installation
Install (or upgrade) the IDA Pro MCP package:
Configure the MCP servers and install the IDA Plugin:
Important: Make sure you completely restart IDA/Visual Studio Code/Claude for the installation to take effect. Claude runs in the background and you need to quit it from the tray icon.
Prompt Engineering
LLMs are prone to hallucinations and you need to be specific with your prompting. For reverse engineering the conversion between integers and bytes are especially problematic. Below is a minimal example prompt, feel free to start a discussion or open an issue if you have good results with a different prompt:
Your task is to analyze a crackme in IDA Pro. You can use the MCP tools to retrieve information. In general use the following strategy:
This prompt was just the first experiment, please share if you found ways to improve the output!
Tips for Enhancing LLM Accuracy
Large Language Models (LLMs) are powerful tools, but they can sometimes struggle with complex mathematical calculations or exhibit "hallucinations" (making up facts). Make sure to tell the LLM to use the
conver_number MCP and you might also need math-mcp for certain operations.Another thing to keep in mind is that LLMs will not perform well on obfuscated code. Before trying to use an LLM to solve the problem, take a look around the binary and spend some time (automatically) removing the following things:
- String encryption
- Import hashing
- Control flow flattening
- Code encryption
- Anti-decompilation tricks
You should also use a tool like Lumina or FLIRT to try and resolve all the open source library code and the C++ STL, this will further improve the accuracy.
Manual Installation
Note: This section is for LLMs and power users who need detailed installation instructions.
Manual MCP Server Installation (Cline/Roo Code)
To install the MCP server yourself, follow these steps:
- Install uv globally:
- Clone this repository, for this example
C:\MCP\ida-pro-mcp.
- Navigate to the Cline/Roo Code MCP Servers configuration (see screenshot).
- Click on the Installed tab.
- Click on Configure MCP Servers, which will open
cline_mcp_settings.json.
- Add the
ida-pro-mcpserver:
To check if the connection works you can perform the following tool call:
IDA Plugin installation
The IDA Pro plugin will be installed automatically when the MCP server starts. If you disabled the
--install-plugin option, use the following steps:- Copy (not move)
src/ida_pro_mcp/mcp-plugin.pyin your plugins folder (%appdata%\Hex-Rays\IDA Pro\pluginson Windows).
- Open an IDB and click
Edit -> Plugins -> MCPto start the server.
Comparison with other MCP servers
There are a few IDA Pro MCP servers floating around, but I created my own for a few reasons:
- Installation should be fully automated.
- The architecture of other plugins make it difficult to add new functionality quickly (too much boilerplate of unnecessary dependencies).
- Learning new technologies is fun!
If you want to check them out, here is a list (in the order I discovered them):
- https://github.com/taida957789/ida-mcp-server-plugin (SSE protocol only, requires installing dependencies in IDAPython).
- https://github.com/fdrechsler/mcp-server-idapro (MCP Server in TypeScript, excessive boilerplate required to add new functionality).
- https://github.com/MxIris-Reverse-Engineering/ida-mcp-server (custom socket protocol, boilerplate).
Feel free to open a PR to add your IDA Pro MCP server here.
Development
Adding new features is a super easy and streamlined process. All you have to do is add a new
@jsonrpc function to `mcp-plugin.py` and your function will be available in the MCP server without any additional boilerplate! Below is a video where I add the get_metadata function in less than 2 minutes (including testing):To test the MCP server itself:
This will open a web interface at http://localhost:5173 and allow you to interact with the MCP tools for testing.
For testing I create a symbolic link to the IDA plugin and then POST a JSON-RPC request directly to
http://localhost:13337/mcp. After enabling symbolic links you can run the following command:Generate the changelog of direct commits to
main: