Can confirm. Matching decompilation in particular (where you match the compiler along with your guess at source, compile, then compare assembly, repeating if it doesn't match) is very token-intensive, but it's now very viable: https://news.ycombinator.com/item?id=46080498

Of course LLMs see a lot more source-assembly pairs than even skilled reverse engineers, so this makes sense. Any area where you can get unlimited training data is one we expect to see top-tier performance from LLMs.

(also, hi Thomas!)

▲

stackghost 9 hours ago | parent | next [-]

My own experience has been that "ghidra -> ask LLM to reason about ghidra decompilation" is very effective on all but the most highly obfuscated binaries.

Burning tokens by asking the LLM to compile, disassemble, compare assembly, recompile, repeat seems very wasteful and inefficient to me.

	▲	mikestaas 8 hours ago \| parent \| next [-]
		LaurieWired did a good episode about that kind of thing https://www.youtube.com/watch?v=u2vQapLAW88
	▲	kimixa 6 hours ago \| parent \| prev [-]
		That matches my experience too - LLMs are very capable in "translating" between domains - one of the best experience I've had with LLMs is turning "decompiled" source into "human readable" source. I don't think that "Binary Only" closed-source isn't the defense against this that some people here seem to think it is.

▲

echelon 6 hours ago | parent | prev [-]

Has anyone used an LLM to deobfuscate compiled Javascript?

	▲	saagarjha 21 minutes ago \| parent \| next [-]
		I've used it for hobby efforts on Electron/React Native (Hermes bytecode) apps and it seems to work reasonably well
	▲	bitexploder 6 hours ago \| parent \| prev [-]
		Yep. They are good at it.