Xrefer AI
AI-Powered Reverse Engineering

Understand any binary
10x faster

Xrefer AI connects directly to your Ghidra workflow. Analyze decompiled functions, rename variables, and ask questions about code — all without leaving your decompiler.

No credit card required — 100 free credits on sign up

How it works

Three steps from install to insight.

01

Install Plugin

Drop the Ghidra script into your Script Manager. One-time setup takes under two minutes.

02

Select Function

Left-click any decompiled function in XreferAI and choose an analyze action from the context menu or ask AI your own question.

03

Get Insights

Receive instant analysis, automatic renaming, function documentation and answers directly inside Ghidra.

Live Example

See the difference

Raw Ghidra output → AI-analyzed, renamed, and explained in seconds.

Before — Raw Ghidra Output
FUN_00401a20.c
/* WARNING: Globals starting with '_' overlap smaller symbols */

void FUN_00401a20(int param_1, char *param_2)
{
  int   iVar1;
  uint  uVar2;
  char *pcVar3;
  int   local_10;
  int   local_c;

  local_10 = 0;
  local_c = 0;
  while (local_10 < param_1) {
    uVar2 = FUN_00401890(param_2 + local_c);
    iVar1 = (int)uVar2;
    *(param_2 + local_10) =
        *(param_2 + local_10) ^ (byte)iVar1;
    local_c = local_c + 4;
    if (param_1 <= local_c) {
      local_c = 0;
    }
    local_10 = local_10 + 1;
  }
  return;
}
↓ AI
After — Xrefer AI AI Analysis
xorDecryptBuffer.c
/**
 * XOR-decrypts a buffer using a rolling 4-byte key.
 * Key cycles through the buffer repeating every 4 bytes.
 *
 * @param bufferLen  Number of bytes to decrypt
 * @param buffer     Buffer modified in-place
 */
void xorDecryptBuffer(int bufferLen, char *buffer)
{
  int   byteValue;
  uint  keyWord;
  char *keyPtr;
  int   dataIndex;  // byte being decrypted
  int   keyOffset;  // wraps 0,4,8,…

  dataIndex = 0;
  keyOffset = 0;
  while (dataIndex < bufferLen) {
    /* read 4-byte key word at key position */
    keyWord   = readUint32LE(buffer + keyOffset);
    byteValue = (int)keyWord;
    /* XOR byte with LSB of key word */
    buffer[dataIndex] ^= (byte)byteValue;
    keyOffset += 4;
    if (bufferLen <= keyOffset) {
      keyOffset = 0;  // reset key
    }
    dataIndex++;
  }
}

AI Explanation

XOR cipher with a rolling 4-byte key — each byte XOR'd with the LSB of a key word read from the buffer itself, wrapping every 4 bytes. Consistent with lightweight obfuscation or malware loader patterns.

Simple pricing

Buy credits when you need them. No subscriptions.

Starter
$5
500 credits
Get started
Most popular
Pro
$10
1,200 credits
Get started
Team
$25
3,500 credits
Get started
Enterprise
Custom
Volume credits
  • ✓ Custom credit volume
  • ✓ Dedicated support
  • ✓ Priority processing
  • ✓ Custom integrations
Contact us →

New accounts receive 100 free credits. 1 credit ≈ 100 tokens.