IDA Pro MCP serves as a Model Context Protocol (MCP) server that enables AI-assisted reverse engineering directly within IDA Pro. It connects your IDA instance to various AI assistants, allowing them to analyze and interact with your disassembled code.
idapyswitch to switch to the newest Python versionInstall or upgrade the IDA Pro MCP package:
pip install --upgrade git+https://github.com/mrexodia/ida-pro-mcp
Configure the MCP servers and install the IDA Plugin:
ida-pro-mcp --install
Important: Completely restart IDA/Visual Studio Code/Claude for the installation to take effect. Claude runs in the background and needs to be quit from the tray icon.
When working with AI assistants, use specific prompting to avoid hallucinations. Here's a recommended prompt template:
Your task is to analyze a crackme in IDA Pro. You can use the MCP tools to retrieve information. In general use the following strategy:
- Inspect the decompilation and add comments with your findings
- Rename variables to more sensible names
- Change the variable and argument types if necessary (especially pointer and array types)
- Change function names to be more descriptive
- If more details are necessary, disassemble the function and add comments with your findings
- NEVER convert number bases yourself. Use the convert_number MCP tool if needed!
- Do not attempt brute forcing, derive any solutions purely from the disassembly and simple python scripts
- Create a report.md with your findings and steps taken at the end
- When you find a solution, prompt to user for feedback with the password you found
check_connection(): Check if the IDA plugin is runningget_metadata(): Get metadata about the current IDBget_current_address(): Get the address currently selected by the userget_current_function(): Get the function currently selected by the userconvert_number(text, size): Convert a number to different representationsget_function_by_name(name): Get a function by its nameget_function_by_address(address): Get a function by its addressdecompile_function(address): Decompile a function at the given addressdisassemble_function(start_address): Get assembly code for a functionrename_function(function_address, new_name): Rename a functionset_function_prototype(function_address, prototype): Set a function's prototypelist_functions(offset, count): List all functions (paginated)list_globals(offset, count): List all globals (paginated)list_globals_filter(offset, count, filter): List matching globals (filtered)list_strings(offset, count): List all strings (paginated)list_strings_filter(offset, count, filter): List matching strings (filtered)get_xrefs_to(address): Get all cross references to an addressget_xrefs_to_field(struct_name, field_name): Get all references to a struct fieldget_entry_points(): Get all entry points in the databaseset_comment(address, comment): Set a comment for an addressrename_local_variable(function_address, old_name, new_name): Rename a local variablerename_global_variable(old_name, new_name): Rename a global variableset_global_variable_type(variable_name, new_type): Set a global variable's typedeclare_c_type(c_declaration): Create or update a local typeset_local_variable_type(function_address, variable_name, new_type): Set a local variable's typedbg_get_call_stack(): Get the current call stackdbg_get_registers(): Get all registers and their valuesdbg_run_to(address): Run the debugger to a specified addressdbg_exit_process(): Exit the debuggerdbg_continue_process(): Continue the debuggerdbg_enable_breakpoint(address, enable): Enable/disable a breakpointdbg_list_breakpoints(): List all breakpointsdbg_set_breakpoint(address): Set a breakpointdbg_delete_breakpoint(address): Delete a breakpointdbg_start_process(): Start the debuggerYou can run an SSE server to connect to the user interface:
uv run ida-pro-mcp --transport http://127.0.0.1:8744/sse
After installing idalib, you can run a headless SSE server:
uv run idalib-mcp --host 127.0.0.1 --port 8745 path/to/executable
When using AI assistants with IDA Pro:
convert_number MCP function for number conversionsThere are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"cursor-rules-mcp": {
"command": "npx",
"args": [
"-y",
"cursor-rules-mcp"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.