Comment by darksim905
2 days ago
What was your setup for this and did you have any preferences set in Claude to get started with something like this?
2 days ago
What was your setup for this and did you have any preferences set in Claude to get started with something like this?
I use Claude on the desktop, and only occasionally Claude Code. It's the one that recommended Ghidra. Walked me through the install. Taught me the basics (G to go to an address, etc). Would tell me where to go, and what to paste back to it. It eventually converged on where to find the iv and credentials and so forth (after acting confused for awhile), and then wrote the python script for me that decrypts. I'd like to think my questions (and challenges to its assertions) were intelligent enough to spur it towards the solution, but self-flattery is all that is.
The dll in question was pretty obvious just from the filename alone that it was where the magic happened.
If you want something similar, you might just start by asking it if it would be feasible to decompile the software in question to reverse engineer the decryption, that you'd heard Ghidra was a big deal. Keep nudging it to guide you along that sort of path.