NeFut Logo NeFut
Admin Login

[CS.AI] Revolutionary Source Code Recovery Using Anchor-Based Retrieval and LLM Reasoning

Published at: 2026-07-14 22:00 Last updated: 2026-07-15 02:00
#LLM #Open Source #Reverse Engineering

We present a practical pipeline for recovering source code from stripped binary functions by combining reverse engineering, anchor-based source code retrieval, and large language model reasoning. Our binary-to-source-code retrieval method aims to identify the source function from a source code database instead of generating approximate decompiled pseudocode.

The method first extracts anchors such as strings, constants, external calls, and available function names using Ghidra. It retrieves candidate files via an inverted-index search database, narrows down to likely function snippets, and re-ranks them with a large language model (LLM) based on disassembly, decompiled code, and source metadata. Confident matches can also serve as anchors in later passes.

In an evaluation backed by our high-fidelity source code database on a stripped, optimized tcpdump binary, our proposed binary-to-source matching method achieves 95.2% assembly instruction coverage. Experiments on a GitHub-based retrieval database showed lower performance with 35.5% instruction coverage on average, mainly due to retrieval misses. These results indicate that source-level binary recovery excels with high-quality databases and remains a useful tool in noisy environments.

Blogger's Review: This study demonstrates how to effectively combine reverse engineering with the advantages of large language models to significantly improve source code recovery rates from binary files. Such technology has broad application potential in security and reverse engineering fields, especially when dealing with complex or incomplete binaries. As the quality of datasets improves, the effectiveness of this method will become even more pronounced.

Original Source: https://arxiv.org/abs/2607.09452

[h] Back to Home