What is reverse engineering and why is it hard?

Reverse engineering means figuring out how a compiled program works when you only have the executable — no source code. You load it into a disassembler like IDA Pro or Binary Ninja, which converts the raw machine code into something humans can read. It's used by malware analysts, security researchers, CTF competitors, and developers debugging third-party software. It's hard because compiled code is dense, stripped of variable names and comments, and often intentionally obfuscated.

What does Rikugan actually do?

Rikugan puts an AI agent directly inside IDA Pro or Binary Ninja. You describe what you want in plain English — 'find the login function,' 'what does this do,' 'make this always return true' — and the agent reads the binary, navigates the disassembler, and answers or acts. It has 60+ tools that directly control the disassembler: jumping to functions, reading decompiled code, following cross-references, adding annotations, renaming variables.

What is a practical example of using Rikugan?

You're analyzing a suspicious executable. You open it in Binary Ninja, hit Ctrl+Shift+I to open Rikugan, and type '/explore'. The agent maps the whole binary — all the imported libraries, suspicious strings, interesting functions — then spawns parallel sub-agents to analyze each section. In minutes you have a structured summary of what the program does, what it talks to on the network, and which functions are worth investigating. Manually this takes hours.

What is natural language patching (/modify)?

You describe in plain English what you want the program to do differently, and Rikugan finds the relevant code and patches it. Example: '/modify make this maze game easy, let me pass through walls' — the agent finds the collision detection logic and removes it. Or '/modify make the login always succeed' — it finds the password check and patches the branch so it always returns true. Used for CTFs, malware sandboxing, and license analysis.

What is deobfuscation and why does Rikugan's matter?

Malware and commercial software often deliberately scramble their own code to resist analysis — shuffling execution order, inserting fake branches, using complex math instead of simple operations. Rikugan's /deobfuscation command detects and removes these patterns automatically using Binary Ninja's intermediate language. A deobfuscation task that took 4.5 minutes manually took 1.5 minutes with Rikugan — 3x faster.

Security researchers analyzing malware. CTF (Capture The Flag) competitors solving binary challenges. Penetration testers examining compiled software. Developers debugging closed-source libraries. Anyone who needs to understand a program they don't have source code for. It supports IDA Pro and Binary Ninja — the two most widely used professional disassemblers.

Rikugan: An AI Agent That Reads and Modifies Programs You Don't Have the Source Code For

By Prahlad Menon Published 2026-03-14 3 min read

Imagine you find a suspicious file on a compromised machine. You don’t have the source code. You don’t know who wrote it or what it does. You only have the compiled executable — millions of raw machine instructions that your computer understands but humans can barely read.

This is the daily reality of malware analysis, security research, and binary exploitation. The field is called reverse engineering, and until now it’s been almost entirely manual work.

Rikugan puts an AI agent inside the tools security researchers already use — IDA Pro and Binary Ninja — and gives it the ability to read, navigate, and modify compiled programs on your behalf, in plain English.

A quick primer: what is a disassembler?

When software is compiled, the human-readable source code is converted into raw machine instructions — sequences of bytes the CPU understands but humans find nearly unreadable. A disassembler like IDA Pro or Binary Ninja converts those bytes back into something humans can work with: assembly code, and crucially, a higher-level “decompiled” view that looks something like C.

The problem: decompiled code has no variable names (they were stripped out), no comments, and no structure beyond what the tool can infer. Figuring out what sub_140012AB0(v3, v8 + 0x18, 1) actually does requires reading the whole function, following references, understanding context — and doing that for hundreds of functions in a large binary takes days.

Rikugan is an AI agent that does this work with you, inside the disassembler, responding to plain English.

What it looks like in practice

Scenario 1: Understanding a suspicious executable

You receive a file that your antivirus flagged but didn’t block. You open it in Binary Ninja and hit Ctrl+Shift+I to open Rikugan.

You: /explore

Rikugan’s orchestrator immediately maps the binary: all imported Windows APIs (network calls? registry writes? process injection?), interesting strings (URLs, file paths, error messages), and notable functions. It then spawns parallel sub-agents to dive into each section simultaneously, like a team splitting up to cover ground faster. In a few minutes you get back a structured report:

“This binary imports WSAStartup and connect — it makes outbound network connections. Strings include ‘C2.malware-domain.com’ and a base64-encoded payload. The main function decodes the payload, writes it to %TEMP%, and executes it. The four functions worth examining are sub_1400012A0 (network), sub_140002B10 (decode), sub_140003C20 (write), sub_140004D30 (execute).”

Manually building that picture takes hours. Rikugan does it in minutes.

Scenario 2: Solving a CTF binary challenge

You’re in a Capture The Flag competition. The challenge is a crackme — a program that asks for a password and says “Wrong!” if you get it wrong. You need to find the correct password, or just make the program always say “Correct!” regardless.

You: /modify make the login always succeed regardless of what password I enter

Rikugan explores the binary, finds the authentication function, reads the branch that compares your input to the expected value, and patches the conditional jump so it always takes the “success” path. No assembly knowledge required. You describe the outcome; it handles the binary.

Scenario 3: Analyzing obfuscated malware

Commercial malware — ransomware, infostealers, rootkits — deliberately scrambles its own code to resist analysis. Common techniques:

Control flow flattening: instead of if → do A → do B, the code becomes a giant switch(state) dispatcher that bounces between random-looking blocks, hiding the actual logic
Opaque predicates: fake if branches that always go the same way, inserted purely to confuse analysts
MBA expressions: (x | y) + (x & y) instead of x + y — mathematically equivalent but far harder to read

Rikugan’s /deobfuscation command (Binary Ninja only) enters plan mode and systematically identifies and removes all of these patterns using Binary Ninja’s intermediate language:

You: /deobfuscation

From the repo: a manual deobfuscation workflow that took ~4:30 ran in ~1:30 with Rikugan. Roughly 3x speedup. For heavily obfuscated samples, the difference between “analyzable in an afternoon” and “takes a week” is real.

Scenario 4: Understanding a closed-source library

You’re integrating a third-party SDK that has no documentation for a particular function. You load it into IDA Pro and ask:

You: what does the function at 0x140012AB0 actually do? explain it in plain English

Rikugan reads the decompiled output, follows the cross-references to understand what data it receives and what it calls, and explains: “This function validates a license key. It checks the first 8 bytes against a hardcoded value, then calls a CRC32 function on the remaining bytes and compares the result to a value stored in the registry at HKLM\Software\Company\License.”

You now know exactly what the function does without reading a line of assembly.

Under the hood

Rikugan has 60+ tools that directly control the disassembler: navigate to functions, read decompiled code, follow cross-references, search strings, add comments, rename variables, define types, run scripts (with explicit permission prompts). It runs an in-process agent loop — no external MCP server, no context switching to a browser tab.

Findings are saved to RIKUGAN.md in your project — persistent across sessions, shareable with teammates. The same pattern as CLAUDE.md or soul.py memory files: the agent’s knowledge lives in a version-controlled file.

Supports Anthropic, OpenAI, and Ollama (local models, air-gapped environments).

What you need before installing Rikugan

Rikugan is a plugin — it runs inside a disassembler. You need one installed first.

Step 1: Install a disassembler

Binary Ninja — recommended if you’re new to RE.

Download from binary.ninja
Personal license is $499 one-time. There’s a free demo version that handles most common binaries, and a student discount.
Install it, open any .exe or .dll, and it will automatically disassemble it. The left panel shows functions, center shows disassembly/decompiled code, right panel shows cross-references.
Rikugan’s /deobfuscation feature is Binary Ninja only.

IDA Free — the industry-standard tool, free tier available.

Download from hex-rays.com/ida-free — free for non-commercial use, supports x86/x64 binaries.
The full IDA Pro license costs thousands of dollars and is used by professional security teams. IDA Free is enough to get started with Rikugan.

Ghidra — completely free and open-source, but not supported by Rikugan yet.

The NSA’s Ghidra is excellent and costs nothing. Worth knowing it exists if cost is a barrier — Rikugan support may come later.

Step 2: Get an LLM API key

Rikugan needs an LLM to do its reasoning. Choose one:

Anthropic (Claude) — console.anthropic.com. Recommended. ~$15/month for moderate use.
OpenAI (GPT-4) — platform.openai.com.
Ollama (local) — ollama.com. Run a model on your own machine. Free, works offline — useful if you’re analyzing sensitive binaries you don’t want leaving your machine.

Step 3: Install Rikugan

# Linux / macOS — auto-detects IDA Pro or Binary Ninja
curl -fsSL https://raw.githubusercontent.com/buzzer-re/Rikugan/main/install.sh | bash

# Windows
irm https://raw.githubusercontent.com/buzzer-re/Rikugan/main/install.ps1 | iex

On first run, Rikugan asks which disassembler you’re using and which LLM provider/key to use. After that, open any binary in your disassembler, hit Ctrl+Shift+I, and the chat panel appears.

The broader point

Every field with complex, specialized tooling and a steep learning curve is about to get its own Rikugan. Security research is just one of the first. The pattern — an agent that lives inside your professional tool, speaks its language, and translates between what you want and what the tool needs — is going to show up in radiology workstations, financial analysis platforms, scientific instrumentation software.

The days of copy-paste-into-ChatGPT-and-hope are ending. Domain-specific agents that actually understand the context are the next step.