icloudza

icloudza / algokiller-plugin

Public

ARM64 trace evidence analysis & cipher algorithm recovery — Claude Desktop plugin with skills + local MCP server driving the native ak_search engine over GB-scale trace files

github.comicloudzaalgokiller-plugin arm64 binary-analysis claude-code claude-desktop cryptanalysis
15
10
100% credibility
Found May 12, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A plugin for Claude Desktop that equips AI with tools to analyze large execution traces from mobile apps, recovering encryption algorithms and tracing data flows.

How It Works

1
🔍 Discover the Helper

You hear about a clever plugin that helps AI assistants uncover hidden codes and patterns in app recordings from phones.

2
📱 Record App Activity

Using a simple recorder tool, you capture what an app does on your phone during login or messaging, saving it as a trace file on your computer.

3
⚙️ Add to Your AI Assistant

In your Claude Desktop app, you add the plugin with a quick marketplace command, and it's ready to use.

4
🧠 Feed the Trace

You share the trace file with your AI and ask it to recover a secret cipher or explain app behavior using special commands like /algokiller.

5
🔎 Explore Findings

The AI searches for clues like encryption constants, call patterns, and data flows, sharing breakdowns and reminders to stay on track.

6
💾 Save Discoveries

Your recovered code and analysis reports get saved automatically in a personal folder for easy review.

Unlock the Secrets

You now have clear explanations and working code recreating the app's hidden algorithms, ready to understand or test further.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is algokiller-plugin?

This Python-based Claude Desktop plugin analyzes ARM64 traces from GumTrace (Frida-powered dynamic tracers for iOS/Android) to recover cipher algorithms and trace execution flows. Feed it GB-scale trace files via slash commands like `/algokiller:ciphertext Recover X-Sign header cipher`, and it runs ak_search—a native engine with 14 subcommands—for searches, data flows, call graphs, and crypto constant scans. Users get structured artifacts like recovered Python implementations or analysis reports saved to `~/AlgoKiller/artifacts`.

Why is it gaining traction?

It bundles the algokiller methodology into Claude skills and MCP tools (25 total), handling ARM64 specifics like crypto extensions (AES/SHA/SM3/SM4) and register flows without external deps—zero Python libraries needed. Unlike raw Frida traces or generic tools, it auto-classifies hits (origin/copy/consume), injects anti-drift reminders, and pairs with static tools (radare2/objdump) or Binary Ninja MCP for dynamic-static analysis. Developers praise the one-line marketplace install and GB-file indexing (30s on Apple Silicon).

Who should use this?

Mobile reverse engineers tracing ARM64 iOS/Android apps for cipher recovery (e.g., app token signing). Security analysts auditing execution flows in packet tracer arm64 or trace32 arm64 captures. Teams on ubuntu arm64 github actions runners needing local algorithm analysis without cloud uploads.

Verdict

Worth a spin for ARM64 trace pros—solid docs and Claude integration make it instantly usable despite 15 stars and 1.0% credibility score. Still early (v0.9.x); test on small traces first, as maturity lags behind polished tools like Ghidra Frida scripts.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.