Skip to content

rothackers/Rothalyx

BranchesTags

Repository files navigation

ROTHALYX RE FRAMEWORK

ROTHALYX RE FRAMEWORK logo

ROTHALYX RE FRAMEWORK is a native reverse engineering framework and desktop workstation for binary analysis, disassembly, graph reconstruction, decompilation, debugging, scripting, and AI-assisted analyst workflows.

The repository contains the C++ core, the native Qt desktop application, the CLI, the public SDK, fuzzing harnesses, and the release packaging used to ship desktop builds for Linux, macOS, and Windows.

Developed by Regaan R, security researcher and founder of ROT Independent Security Research Lab.

What Rothalyx Does

Rothalyx is built around a single native analysis pipeline:

  1. load a binary into a normalized image model
  2. map sections and symbols into a virtual address space
  3. decode instructions through the architecture layer
  4. discover functions, basic blocks, edges, loops, and cross-references
  5. lift into IR and SSA
  6. run analysis, recovery, and simplification passes
  7. generate decompiler output and persisted project data
  8. expose the result through the desktop app, CLI, SDK, plugins, and optional AI workflows

The product is designed so the desktop UI, CLI, and automation layers all sit on the same core instead of reimplementing behavior in parallel.

Core Capabilities

Current source tree capabilities include:

  • native Qt desktop application for project-based reverse engineering
  • CLI for analysis, automation, packaging, and scripted workflows
  • PE, ELF, and Mach-O loading
  • address-space mapping, rebasing, and symbol resolution
  • disassembly across the supported architecture layer
  • function discovery, CFG recovery, xrefs, and call graph generation
  • IR, SSA, optimization, type recovery, and decompiler generation
  • runtime debugging integration
  • SQLite-backed project persistence
  • Python-based plugins and automation
  • optional AI-assisted summaries, rename suggestions, pattern detection, and vulnerability hints
  • fuzzing, exploit workflow helpers, and distributed analysis infrastructure

Desktop Application

The primary user interface is the native Qt Widgets application:

  • startup launcher for new or existing projects
  • function, import, export, string, and xref navigation
  • disassembly, decompiler, CFG, call graph, hex, debugger, coverage, and annotation views
  • comments, type annotations, version history, and workspace persistence
  • Settings -> AI for hosted-model or local-LLM configuration
  • Help -> About for product and author information

Run it from a build tree:

cmake --preset dev
cmake --build --preset dev
./build/dev/apps/desktop_qt/rothalyx_desktop_qt

Open a binary directly:

./build/dev/apps/desktop_qt/rothalyx_desktop_qt /path/to/binary.exe

Open a saved project database:

./build/dev/apps/desktop_qt/rothalyx_desktop_qt /path/to/project.sqlite

AI Integration

AI is optional. Rothalyx works without a hosted model.

The desktop app supports:

  • OpenAI
  • Anthropic
  • Gemini
  • OpenAI-compatible gateways
  • local LLM endpoints
  • heuristic-only mode

Secrets are stored through the host platform rather than normal app settings:

  • Windows Credential Manager
  • macOS Keychain
  • Linux Secret Service via secret-tool

Build From Source

Requirements

  • CMake 3.26 or newer
  • a C++20 compiler
  • Ninja
  • SQLite3 development files
  • Qt 6 Widgets development files for the desktop build
  • Capstone and cURL when building the full toolchain

Build

cmake --preset dev
cmake --build --preset dev

Without presets:

cmake -S . -B build -G Ninja
cmake --build build

Test

ctest --test-dir build/dev --output-on-failure

CLI

Basic analysis:

./build/dev/apps/cli/rothalyx_cli /path/to/binary

AI-assisted analysis with a hosted provider:

export ROTHALYX_AI_BACKEND=openai
export ROTHALYX_OPENAI_API_KEY=...
export ROTHALYX_OPENAI_MODEL=gpt-5-mini
./build/dev/apps/cli/rothalyx_cli ai-model /path/to/binary [/path/to/project.sqlite]

Packages and Releases

The repository includes packaging and GitHub Actions release workflows for:

  • Windows installer
  • macOS DMG
  • Linux AppImage
  • Debian package
  • Arch package

For Arch-based systems, the packaged build can be installed from the repository root:

makepkg -si

Repository Layout

  • apps/desktop_qt
    Native Qt desktop application.
  • apps/cli
    Command-line tooling.
  • core
    Reverse engineering core, debugger, persistence, SDK, plugins, and AI integration.
  • docs
    Public technical documentation.
  • fuzz
    Sanitizer-backed hostile-input runners.
  • scripts
    Release and packaging helpers.
  • tests
    Regression and workflow test coverage.

Documentation

Project Policies

License

Rothalyx is licensed under the GNU Affero General Public License v3.0 or later.

About

Rothalyx RE FRAMEWORK is a cross-platform reverse engineering framework for binary analysis, disassembly, graph recovery, decompilation, debugging, and security research.

rothalyx.rothackers.com

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

ROTHALYX RE FRAMEWORK v1.0.3 - Branding And Packaging Refresh Latest
Apr 9, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages