Context7-style knowledge base for Reverse Engineering. Two surfaces, one content source: - GitHub Pages site (Astro 6 + Pagefind) at content/**/*.md entries - pip-installable MCP server (re-library-mcp) for Claude/Cursor/etc. over stdio, exposing search_re, get_entry, list_categories, list_entries, and get_anti_analysis_techniques Schema is the Zod schema in src/content.config.ts, mirrored as a Pydantic model in mcp-server/src/re_library_mcp/schema.py. The schema-drift test in mcp-server/tests/test_schema_sync.py keeps them in lockstep. DRM content policy: no specific DRM system is named in any entry. The drm/ category is strictly lint-checked against a denylist (mcp-server/tests/test_no_drm_names.py). The 8 anchor entries (one per category) demonstrate the schema and template; the rest of the corpus is open for contribution. Phase 1-3 of the plan: scaffolding, content schema + 8 anchor entries, and the MCP server are complete. 30 tests pass; site builds to 19 pages with Pagefind search index. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
3.0 KiB
RE-Library
A context7-style knowledge base for Reverse Engineering. Curated markdown entries on techniques, anti-analysis bypass, mobile internals, packers, and the tools that pull them apart. Read it on the web, or wire it into Claude / Cursor / any MCP client.
The site is live at https://heretek-ai.github.io/RE-Library/.
What's in it
Eight categories, ~50 entries (growing):
| Category | What it covers |
|---|---|
android |
APK structure, smali, native libs, Frida on Android, repackaging, SSL pinning, root detection |
ios |
IPA structure, ObjC runtime, Swift demangling, jailbreak detection, Frida on iOS, Objection |
anti-analysis |
Anti-debug, anti-VM, anti-sandbox, anti-Frida, anti-dumper, code integrity, detection patterns |
drm |
CDM architecture, security levels, key ladders, proxy/relay, attestation (no system names) |
packers |
UPX, Themida, VMProtect, OLLVM, custom packers |
tools |
Ghidra, IDA, Binary Ninja, Frida, Xposed, Magisk, Hopper, radare2 |
native |
PE, ELF, Mach-O, dynamic analysis, syscalls, hooking |
web-hybrid |
Electron, WebAssembly, browser extensions, hybrid frameworks, Cordova |
The drm/ category intentionally doesn't name any specific DRM system. The
content describes architectures, security models, and protocol shapes; readers
who know the space will recognise which system is being described. See
CONTRIBUTING.md for the full content policy.
Use it from an MCP client
The MCP server is a Python package (re-library-mcp) that exposes the same
content over the Model Context Protocol. Install and configure:
pip install re-library-mcp
Add to your MCP client config (e.g. claude_desktop_config.json):
{
"mcpServers": {
"re-library": {
"command": "python",
"args": ["-m", "re_library_mcp"]
}
}
}
Then ask your assistant things like:
- "What are the main ways to bypass SSL pinning on Android?"
- "Show me anti-debug techniques for native code on Linux."
- "List the categories and how many entries each has."
The server fetches the latest content from this repo on startup and returns search results, full entry text, and category summaries.
Run the site locally
npm install
npm run dev
# → http://localhost:4321/RE-Library/
Build the static site + Pagefind index:
npm run build
# → dist/ (deploy dist/ to any static host)
Repository layout
content/ single source of truth — every entry is a .md file
src/ Astro site (content collections, pages, styles)
public/ static assets (favicon, etc.)
mcp-server/ Python MCP server (publishable to PyPI as `re-library-mcp`)
.github/ CI + GitHub Pages deploy
Contributing
See CONTRIBUTING.md for the entry template, schema
reference, DRM guardrail, and how to run the test suite.
License
MIT. Entry content is provided for educational and research purposes; no warranty of fitness for any particular use.