📌Overview

Purpose: The IDA Pro MCP aims to simplify the process of reverse engineering by providing a user-friendly MCP (Model Context Protocol) server for the IDA Pro environment.

Overview: This MCP server enables seamless interaction with IDA Pro, facilitating various reverse engineering tasks through a straightforward plugin that requires minimal setup. Users can easily access and manipulate functions within the IDA database, improving the overall reversing workflow.

Key Features:

Function Retrieval: Methods like get_function_by_name(name) and get_function_by_address(address) allow users to quickly locate specific functions, enhancing navigation and analysis efficiency.
Decompilation and Disassembly: Features such as decompile_function(address) and disassemble_function(address) provide users with the ability to obtain high-level representation and assembly code respectively, aiding in detailed examination of code behavior.
Manipulation Tools: Users can rename variables and functions, set prototypes, and adjust comments directly within IDA's pseudocode and disassembly through functions like rename_function(function_address, new_name), set_decompiler_comment(address, comment), and set_disassembly_comment(address, comment), thereby streamlining the analysis process.
Lightweight Setup: Requires only copying a single file (mcp-plugin.py) to the IDA plugin directory without additional dependencies, making installation straightforward.
Extensibility: New functionalities can be added easily, allowing users to adapt the plugin to their specific needs with minimal overhead, encouraging rapid development and innovation in reverse engineering tools.

IDA Pro MCP

Simple MCP Server to allow vibe reversing in IDA Pro.

The binaries and prompt for the video are available in the mcp-reversing-dataset repository.

Available functionality

check_connection: Check if the IDA plugin is running.
get_metadata(): Get metadata about the current IDB.
get_function_by_name(name): Get a function by its name.
get_function_by_address(address): Get a function by its address.
get_current_address(): Get the address currently selected by the user.
get_current_function(): Get the function currently selected by the user.
convert_number(text, size): Convert a number (decimal, hexadecimal) to different representations.
list_functions(offset, count): List all functions in the database (paginated).
list_strings(offset, count): List all strings in the database (paginated).
search_strings(pattern, offset, count): Search for strings containing the given pattern (case-insensitive).
decompile_function(address): Decompile a function at the given address.
disassemble_function(start_address): Get assembly code (address: instruction; comment) for a function.
get_xrefs_to(address): Get all cross references to the given address.
get_entry_points(): Get all entry points in the database.
set_comment(address, comment): Set a comment for a given address in the function disassembly and pseudocode.
rename_local_variable(function_address, old_name, new_name): Rename a local variable in a function.
rename_global_variable(old_name, new_name): Rename a global variable.
set_global_variable_type(variable_name, new_type): Set a global variable's type.
rename_function(function_address, new_name): Rename a function.
set_function_prototype(function_address, prototype): Set a function's prototype.
declare_c_type(c_declaration): Create or update a local type from a C declaration.
set_local_variable_type(function_address, variable_name, new_type): Set a local variable's type.

Prerequisites

Python (https://www.python.org/downloads/) (3.11 or higher)
Use idapyswitch to switch to the newest Python version
IDA Pro (https://hex-rays.com/ida-pro) (8.3 or higher, 9 recommended)
Supported MCP Client (pick one you like)
- Cline (https://cline.bot)
- Roo Code (https://roocode.com)
- Claude (https://claude.ai/download)
- Cursor (https://cursor.com)
- VSCode Agent Mode (https://github.blog/news-insights/product-news/github-copilot-agent-mode-activated/)
- Other MCP Clients (https://modelcontextprotocol.io/clients#example-clients)

Installation

Install (or upgrade) the IDA Pro MCP package:

pip install --upgrade git+https://github.com/mrexodia/ida-pro-mcp

Configure the MCP servers and install the IDA Plugin:

ida-pro-mcp --install

Important: Make sure you completely restart IDA/Visual Studio Code/Claude for the installation to take effect. Claude runs in the background and you need to quit it from the tray icon.

Prompt Engineering

LLMs are prone to hallucinations and you need to be specific with your prompting. For reverse engineering, the conversion between integers and bytes is especially problematic. Below is a minimal example prompt, feel free to start a discussion or open an issue if you have good results with a different prompt:

Your task is to analyze a crackme in IDA Pro. You can use the MCP tools to retrieve information. In general use the following strategy:

Inspect the decompilation and add comments with your findings

Rename variables to more sensible names

Change the variable and argument types if necessary (especially pointer and array types)

Change function names to be more descriptive

If more details are necessary, disassemble the function and add comments with your findings

NEVER convert number bases yourself. Use the convert_number MCP tool if needed!

Do not attempt brute forcing, derive any solutions purely from the disassembly and simple python scripts

Create a report.md with your findings and steps taken at the end

When you find a solution, prompt to user for feedback with the password you found

This prompt was just the first experiment, please share if you found ways to improve the output!

Tips for Enhancing LLM Accuracy

Large Language Models (LLMs) are powerful tools, but they can sometimes struggle with complex mathematical calculations or exhibit "hallucinations" (making up facts). Make sure to tell the LLM to use the convert_number MCP and you might also need math-mcp for certain operations.

LLMs will not perform well on obfuscated code. Before trying to use an LLM to solve the problem, take a look around the binary and spend some time (automatically) removing the following things:

String encryption
Import hashing
Control flow flattening
Code encryption
Anti-decompilation tricks

You should also use a tool like Lumina or FLIRT to try and resolve all the open source library code and the C++ STL, this will further improve the accuracy.

Manual Installation

Note: This section is for LLMs and power users who need detailed installation instructions.

Manual MCP Server Installation (Cline/Roo Code)

To install the MCP server yourself, follow these steps:

Install uv globally:
- Windows: pip install uv
- Linux/Mac: curl -LsSf https://astral.sh/uv/install.sh | sh
Clone this repository, for this example C:\MCP\ida-pro-mcp.
Navigate to the Cline/Roo Code MCP Servers configuration.
Click on the Installed tab.
Click on Configure MCP Servers, which will open cline_mcp_settings.json.
Add the ida-pro-mcp server with the configuration shown in the original text.

To check if the connection works you can perform the following tool call:

<use_mcp_tool>
<server_name>github.com/mrexodia/ida-pro-mcp</server_name>
<tool_name>check_connection</tool_name>
<arguments></arguments>
</use_mcp_tool>

IDA Plugin installation

The IDA Pro plugin will be installed automatically when the MCP server starts. If you disabled the --install-plugin option, use the following steps:

Copy (not move) src/ida_pro_mcp/mcp-plugin.py into your plugins folder (%appdata%\Hex-Rays\IDA Pro\plugins on Windows).
Open an IDB and click Edit -> Plugins -> MCP to start the server.

Comparison with other MCP servers

There are a few IDA Pro MCP servers available, but this one was created for the following reasons:

Fully automated installation.
Avoid unnecessary boilerplate and dependencies for easier adding of new features.
Enjoy learning new technologies.

If you want to check others, here is a list:

https://github.com/taida957789/ida-mcp-server-plugin (SSE protocol only, requires installing dependencies in IDAPython).
https://github.com/fdrechsler/mcp-server-idapro (MCP Server in TypeScript, excessive boilerplate required).
https://github.com/MxIris-Reverse-Engineering/ida-mcp-server (custom socket protocol, boilerplate).

Feel free to open a PR to add your IDA Pro MCP server here.

Development

Adding new features is easy. Just add a new @jsonrpc function to mcp-plugin.py and the functionality becomes available without extra boilerplate.

To test the MCP server:

uv run mcp dev src/ida_pro_mcp/server.py

This opens a web interface at http://localhost:5173 for interacting with MCP tools.

You can also POST a JSON-RPC request directly to http://localhost:13337/mcp.

After enabling symbolic links on Windows, you can run:

uv run ida-pro-mcp --install

Generate the changelog of direct commits to main branch:

git log --first-parent --no-merges 1.2.0..main "--pretty=- %s"