IdeaWell

Project ideas from Hacker News discussions.

Ghidra by NSA

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Project‑file stability is a deal‑breaker

“I once tried learning how to RE with radare2 but got very frustrated by frequent project file corruption … I never actually got further.” – aktau
“I got corruption a lot, like every 4‑5 saves … I was just a git reset --hard away from restoring a good state.” – alberto‑m

2. Ghidra vs. IDA (and Binary Ninja) – cost, usability, and feature set

“IDA is far far better at interrupting tasks/crash recovery … Ghidra just leaves you with nothing.” – apple1417
“IDA is the better tool if you're being paid to work with architectures that IDA supports well … Ghidra is the better tool if you're dealing with exotic architectures.” – q3k
“Binary Ninja deserves a mention … I much prefer Binary Ninja for the task of building up an understanding of large binaries.” – alexrp

3. NSA’s open‑source release and the “backdoor” debate

“It’s a NSA open‑source reverse‑engineering framework … the public face of Ghidra works at Praxis.” – bri3d
“There’s no NSA backdoor in Ghidra … it’s just a program that will often be running on disconnected systems.” – dizzy9

4. AI/MCP integration is reshaping RE workflows

“The gains come from pairing Ghidra with a coding agent. It works amazing well.” – cactusplant7374
“There is MCP for Ghidra … I highly recommend it.” – quux0r
“AI is not that terrible at using Ghidra … we released a benchmark on that.” – jakozaur

These four threads capture the discussion’s core concerns: reliability of project files, comparative strengths of the major tools, the implications of NSA‑originated open‑source software, and the emerging role of AI‑powered assistants in reverse engineering.

🚀 Project Ideas

Ghidra GitSync

Summary

  • A Ghidra plugin that stores the entire analysis database in a Git repository, auto‑commits after each major change, and allows easy rollback or branching of analysis states.
  • Provides a lightweight, version‑controlled checkpoint system that eliminates project file corruption and supports collaborative analysis.

Details

Key Value
Target Audience Reverse engineers using Ghidra who work on long‑term projects or in teams.
Core Feature Git‑based state persistence, auto‑commit, branch/merge support, visual diff of analysis changes.
Tech Stack Java (Ghidra API), JGit, SQLite for local cache, optional web UI with React.
Difficulty Medium
Monetization Hobby

Notes

  • “I got corruption a lot, like every 4‑5 saves” – users like aktau and alberto‑m would love a reliable checkpoint system.
  • Enables “git reset --hard” style recovery without external tooling, directly inside Ghidra.
  • Encourages discussion on best‑practice branching for large binaries and collaborative reverse engineering.

Rizin PE Stack Variable Enhancer

Summary

  • A lightweight, cross‑platform wrapper that patches Rizin’s Windows 32‑bit PE analysis to correctly discover stack variables, addressing the current bug that hampers embedded and legacy binary analysis.
  • Provides a CLI and API for automated batch analysis of PE files.

Details

Key Value
Target Audience Reverse engineers working on Windows 32‑bit binaries, especially in embedded or legacy contexts.
Core Feature Automatic patching of Rizin’s PE parser, enhanced stack variable detection, and a command‑line interface for batch processing.
Tech Stack Rust (for performance and safety), FFI bindings to Rizin core, Docker for reproducible builds.
Difficulty Medium
Monetization Hobby

Notes

  • “There is a gap in Windows (32‑bit) PE support” – aktau and others frustrated by stack variable discovery would appreciate a quick fix.
  • The tool can be distributed as a Docker image, making it easy to integrate into CI pipelines or local workflows.
  • Sparks discussion on community‑driven patches and the importance of maintaining backward compatibility.

AI‑MCP‑as‑a‑Service for Ghidra

Summary

  • A cloud service that runs Ghidra with integrated LLM‑powered Machine‑Learning Code Proxies (MCPs), providing automated renaming, decompilation suggestions, and vulnerability scanning.
  • Offers a REST API and a browser‑based IDE for interactive reverse engineering.

Details

Key Value
Target Audience Hobbyists and professionals who want AI assistance without installing heavy local models.
Core Feature LLM‑driven MCPs, real‑time code analysis, auto‑rename, vulnerability detection, and exportable reports.
Tech Stack Python (FastAPI), OpenAI/Claude API, Docker, PostgreSQL for session storage, WebSocket for live updates.
Difficulty High
Monetization Revenue‑ready: subscription tiers (free, pro, enterprise).

Notes

  • “AI MCPs for Ghidra” – quux0r and tomasphan already discuss MCPs; a hosted service removes the need to run large models locally.
  • Enables “think for me SaaS” for reverse engineering, aligning with the trend of LLM‑assisted code analysis.
  • Provides a platform for community‑built MCP plugins, fostering discussion on best practices and model fine‑tuning.

Exotic Architecture SLEIGH Hub

Summary

  • A web platform that hosts, curates, and distributes SLEIGH definitions for exotic architectures, with version control, community reviews, and integration hooks for Ghidra, IDA, and Binary Ninja.

Details

Key Value
Target Audience Reverse engineers needing support for uncommon CPUs (e.g., AVR, Z80, WebAssembly).
Core Feature Central repository of SLEIGH files, automated CI tests against sample binaries, marketplace for custom definitions, and API for tool integration.
Tech Stack Node.js (Express), PostgreSQL, GitHub Actions for CI, Docker for sandboxed testing, Vue.js for frontend.
Difficulty Medium
Monetization Hobby

Notes

  • “IDAs missing exotic architectures” – q3k and bri3d highlight the pain of lacking decompilers for many CPUs.
  • The hub would allow contributors to submit new SLEIGH files, receive feedback, and ensure compatibility across tools.
  • Encourages community collaboration and could become a go‑to resource for “exotic architecture support” discussions.

Read Later