An Autonomous AI Reverse Engineering Agent
A8ther is a sandboxed AI agent that autonomously reverse engineers compiled binaries — identifying compilers, decompiling code, reconstructing logic, and translating it into human-readable source code in multiple programming languages.
A8THER.mp4
- 🔍 Binary Analysis — Automatically identifies file types, architectures, and compiler toolchains
- 🧬 AI-Powered Decompilation — Uses Ghidra + LLM reasoning to reconstruct high-level code
- 🌍 Multi-Language Translation — Translates recovered logic into Python, Rust, Java, and more
- 🔒 Sandboxed Execution — All analysis runs inside an isolated Docker container
- 🧠 Autonomous Agent — ReAct-style reasoning loop that plans and executes analysis steps
- 💬 Interactive Chat — Ask questions about the binary and get AI-powered explanations
- 🛡️ Vulnerability Detection — Identifies potential security issues in decompiled code
User → Frontend → FastAPI Backend → AI Agent → Docker Sandbox → RE Tools
↓
LLM Reasoning
↓
Code + Explanation
- Python 3.11+
- Docker
- OpenAI API key (or compatible LLM)
# Clone the repo
git clone <repo-url>
cd A8ther
# Build deterministic dual sandbox images (required for execution engine)
./docker/build_sandboxes.sh
# This creates:
# - a8ther-sandbox-amd64 (from docker/Dockerfile.amd64)
# - a8ther-sandbox-arm64 (from docker/Dockerfile.arm64)
# Install backend dependencies
cd backend
pip install -r requirements.txt
# Set your API key
export OPENAI_API_KEY=your-key-here
# Run the backend
uvicorn main:app --reload
# The frontend is automatically served at http://localhost:8000
# In Docker mode, uploaded binaries are stored in Docker volume 'a8ther-sandbox-data'
# (mounted inside each sandbox at /workspace/uploads)
# In local mode (A8THER_USE_DOCKER=false), uploads are stored in ./uploads by defaultA8ther/
├── backend/ # FastAPI server + AI agent
│ ├── main.py # API endpoints
│ ├── agent.py # ReAct agent loop
│ ├── tools.py # Tool definitions
│ ├── executor.py # Docker command executor
│ ├── prompts.py # LLM prompts
│ └── requirements.txt
├── docker/ # Sandbox images (executor runtime)
│ ├── Dockerfile.amd64
│ ├── Dockerfile.arm64
│ └── build_sandboxes.sh
├── ghidra_scripts/ # Headless Ghidra scripts
│ └── decompile.py
├── frontend/ # Web UI
│ ├── index.html
│ ├── style.css
│ └── app.js
├── samples/ # Test binaries
└── README.md
- Malware Analysis — Safely analyze suspicious executables
- Legacy Software Recovery — Reconstruct source code from old binaries
- Vulnerability Discovery — Find security issues in compiled software
- Software Auditing — Verify compiler toolchains and library usage
- FastAPI + Python
- OpenAI GPT-4 / compatible LLM
- Docker
- Ghidra (headless)
- Vanilla JS + CSS
Built at HooHacks 2026 🎓