IDA Swarm - Democratizing Reverse Engineering Through AI
Revolutionary Mission
IDA Swarm fundamentally transforms reverse engineering from an esoteric skill into an accessible capability through AI-powered multi-agent collaboration. This project empowers individuals to understand, analyze, and study software, advancing software transparency and consumer understanding of digital systems
Important Context
IDA Swarm is a research and educational tool that extends IDA Proβs capabilities through AI automation. Like IDA Pro itself, hex editors, and debuggers, this tool has legitimate uses in security research, education, and software analysis. While IDA Pro has a cost barrier, IDA Swarm democratizes the expertise required to use these tools effectively.
Demo
Why Thisβ¦
IDA Swarm - Democratizing Reverse Engineering Through AI
Revolutionary Mission
IDA Swarm fundamentally transforms reverse engineering from an esoteric skill into an accessible capability through AI-powered multi-agent collaboration. This project empowers individuals to understand, analyze, and study software, advancing software transparency and consumer understanding of digital systems
Important Context
IDA Swarm is a research and educational tool that extends IDA Proβs capabilities through AI automation. Like IDA Pro itself, hex editors, and debuggers, this tool has legitimate uses in security research, education, and software analysis. While IDA Pro has a cost barrier, IDA Swarm democratizes the expertise required to use these tools effectively.
Demo
Why This Matters
The Problem
- Traditional reverse engineering requires years of specialized training
- Complex tools are expensive and difficult to master
- Understanding software internals remains inaccessible to most users
Our Solution
- AI agents that guide users through complex analysis
- Works with IDA Pro 9.0 beta for research purposes
- Teaches users how to analyze and understand software
- Multi-agent collaboration makes expert-level analysis accessible
Important Notice: Passion Project
This is a PASSION PROJECT
- Expect bugs and instability
- MCP server has known bugs
- Designed around IDA Pro 9.0.240807 beta
- Process architecture due to IDAlib limitations in this version
- Active experimentation - Code changes frequently as new ideas are tested
Architecture Overview
Primary Mode: Direct IDA Integration
ββββββββββββββββββββββββββββ
β IDA Pro Instance β
β ββββββββββββββββββββββ β
β β Orchestrator β β
β β (Qt UI Dialog) β β
β ββββββββββββ¬ββββββββββ β
βββββββββββββββΌβββββββββββββ
β Process Spawn
ββββββββββββββββββΌβββββββββββββββββ
βΌ βΌ βΌ
βββββββββββ βββββββββββ βββββββββββ
β Agent 1 β β Agent 2 β β Agent N β
β (IDA) βββββΊβ (IDA) βββββΊβ (IDA) β
βββββββββββ βββββββββββ βββββββββββ
β² β² β²
ββββββββββββββββββΌβββββββββββββββββ
IRC Communication
(Swarm)
Optional: External Tool Integration via MCP
- Orchestrator: Central coordinator with two interface modes:
- Native mode (default): Qt dialog interface directly within IDA Pro
- MCP mode (optional): External control via MCP server, still spawns visible IDA instances
- AI Agents: Specialized IDA instances performing focused analysis tasks
- IRC Server: Inter-agent communication (WIP) and conflict resolution
- MCP Server (optional): Enables external tool integration (Claude, etc.)
- Tool System: Comprehensive IDA Pro operation framework
- Patching Engine: Multi-architecture binary modification with Keystone
Prerequisites
Required Software
Designed around IDA Pro 9.0 Beta (Version 9.0.240807)
- IDAlib is broken in this version, necessitating our process-based approach
Qt 5.15.2 (IDAβs custom build)
- Download sources from https://hex-rays.com/blog/ida-8-4-qt-5-15-2-sources-build-scripts
- macOS: Extract to
/Users/Shared/Qt/5.15.2-arm64(directory name must include -arm64 for Qt to build correctly!) - Linux: Same idea
Build Tools
- CMake 3.16+
- C++20 compliant compiler
- Keystone assembler (built automatically)
Claude API Access
- Anthropic API key required
Installation
1. Clone Repository
git clone https://github.com/shells-above/ida-swarm.git
cd ida-swarm
2. Configure Build
Edit CMakeLists.txt to set your paths:
# IDA SDK path
set(IDASDK_PATH "/path/to/idasdk90")
# IDA Pro plugins directory
set(IDA_PLUGINS_PATH "/path/to/ida/plugins")
# Qt installation (IDA's custom build)
set(QTDIR "/path/to/qt-5.15.2")
3. Build Project
mkdir build && cd build
cmake ..
make
make install # Installs plugin to IDA plugins directory
4. Configure API Access
Copy and edit the configuration file:
cp llm_re_config.json.example ~/.idapro/llm_re_config.json
Edit with your API key:
{
"api": {
"auth_method": "api_key",
"api_key": "sk-ant-..."
}
}
Usage
Direct IDA Pro Usage
- Open your target binary in IDA
- Wait for initial analysis to complete
- Run the plugin:
Edit β Plugins β IDA Swarm - Enter your analysis request in the dialog
Key Features
Multi-Agent Collaboration
- Orchestrator spawns agents for different analysis aspects
- Agents work in parallel on isolated database copies
- IRC-based communication for real-time collaboration (WIP)
- Automatic conflict resolution through consensus mechanisms
Binary Patching System
- Assembly and byte-level patching with multi-architecture support via Keystone
- Dual patching: Synchronizes changes to both IDA database and actual binary file
- Real-time patch replication: All patches instantly broadcast to all agents
- Conflict resolution: When agents patch the same location differently, they must debate and reach consensus
Code Injection System
- Temporary workspace allocation: Agents develop code in temporary IDA segments
- No-go zones: Prevents agents from allocating overlapping memory regions
- Code cave detection: Automatically finds and claims unused space in binaries
- Relocation: Code developed in temp segments is relocated to permanent locations
Analysis Tools
- Function analysis and cross-referencing
- Data structure identification
- String and constant analysis
- Control flow understanding
- Decompilation integration
The Design Tension: Independence vs Collaboration
We faced a fundamental design choice that affects the entire system:
Option 1: Complete Independence
- Each agent has its own isolated database
- Agents reach conclusions independently without bias
- Conflicts arise naturally when conclusions differ
- Never merge changes to main database
- Pro: No agent can bias anotherβs analysis
- Con: No benefit from collaborative discovery
Option 2: Full Collaboration
- All write operations instantly replicated to all agents
- Agents work on the same database together
- Pro: Maximum information sharing and efficiency
- Con: Early decisions by one agent bias all others
Our Hybrid Approach
We implemented a complex (this may not be ideal, but it is what was made) middle ground:
For Analysis: Agents work independently, then merge results after completion
- Preserves independent reasoning for reverse engineering tasks
- Function names, comments, types can conflict and be resolved
- Final merged result benefits all future agents
For Patching: Real-time replication with conflict resolution
- Patches are instantly shared to keep binaries in sync
- Prevents binary divergence that would be impossible to merge
- But creates the βmultiple truthsβ problem:
- Agent A patches address X to disable a feature
- Agent B patches address X to modify the feature
- Unlike metadata conflicts, neither is βmore correctβ
- Resolution requires negotiation in conflict channels
For Code Injection: Coordinated allocation with no-go zones
- Temporary segments and code caves are immediately claimed
- Prevents allocation conflicts while maintaining independence
- Deterministic addressing ensures consistency
The Unsolvable Problem
Unlike metadata conflicts where agents seek the βmost accurateβ answer, patching conflicts have no objective truth:
- Two agents can validly patch the same code for different purposes
- Both modifications might be βcorrectβ for different goals
- The conflict channel becomes a negotiation rather than a search for truth This is why patches are replicated immediately - to surface these conflicts early rather than discovering incompatible binary states during merge.
Conflict Resolution
When agents disagree on modifications:
- Dedicated IRC channel created (
#conflict_address_tool) - Agents debate and provide reasoning
- For metadata: Agents seek the most accurate representation
- For patches: Agents must negotiate compatible modifications
- Consensus must be reached by all parties
- Orchestrator enforces agreed solution
Project Philosophy
Consumer Rights Philosophy
We believe users should be able to:
- Understand software behavior through analysis
- Analyze how software features and mechanisms work
- Fix bugs and security vulnerabilities
- Research software for interoperability and compatibility
- Learn from the software they use All while respecting intellectual property rights and complying with applicable laws
Known Issues & Limitations
Current Beta Issues
MCP Server is Buggy 1. IDA Integration
- IDAlib is broken in 9.0.240807, which is why I spawn processes which is not ideal
MCP launchd
- I was encountering weird issues with trying to launch ida64 from the terminal on my mac (used to work, but something broke), and using launchd was the only workaround that worked for me
Workarounds
- Session hangs: Restart MCP server and close IDA instances
- Agent failures: Orchestrator will detect and report, continue with remaining agents
- IRC issues: Check
/tmp/ida_swarm_workspace/for debug logs
Technical Deep Dive
Why Spawned Processes?
IDA Pro 9.0.240807 beta has issues with IDAlib (Hex-Raysβ official automation library). Since IDAlib would be perfect for this tool but isnβt working in this beta, I implemented process spawning as a workaround. This approach works reliably and has the side benefit of visual debugging through separate IDA windows.
Communication Architecture
- MCP β Orchestrator: Named pipes (JSON-RPC protocol)
- Orchestrator β Agents: Process spawning with configuration
- Agent β Agent: IRC protocol for real-time collaboration (WIP)
- Agent β IDA: Direct API calls within process
Legitimate Use Cases
IDA Swarm is a research tool designed for:
- Security vulnerability research (DMCA Β§ 1201(j))
- Software interoperability analysis (DMCA Β§ 1201(f))
- Educational and academic research
- Understanding software behavior and functionality Like IDA Pro, Ghidra, and other professional reverse engineering tools, IDA Swarm serves legitimate roles in cybersecurity research and software engineering.
License
Open source for research and educational purposes. Users are responsible for compliance with applicable laws.