Overview
What is Radare2 MCP Server?
Radare2 MCP Server is an MCP (Model Context Protocol) server that bridges the radare2 reverse engineering framework with AI agents such as OpenCode, Mai, VSCode, Claude, and CLION. Built entirely in C using native radare2 APIs, it enables seamless binary analysis, connects to local or remote radare2/iaito sessions via r2pipe, and supports both stdin/stdout and HTTP communication modes. It is designed for security researchers and developers who want to use AI to assist with binary analysis.
How to use Radare2 MCP Server?
Install via r2pm -Uci r2mcp. Then configure your MCP client (e.g., Claude Desktop, VSCode, Zed) with the command "r2pm" and arguments ["-r", "r2mcp"]. Alternatively, build from source with make install or use the Docker image. The server can also run as a radare2 core plugin (r2mcp start inside r2) or as a standalone HTTP server using r2mcp -H <port>. HTTP mode supports bearer authentication, session multiplexing via X-Session-ID, and fine-grained tool configuration.
Key features of Radare2 MCP Server
- Fully written in C using native radare2 APIs
- Works from CLI, as an r2 plugin, or as an MCP server
- Seamless binary analysis with radare2
- Connects to any local or remote r2/iaito session via r2pipe
- Supports readonly mode, sandbox lock, and restrict tools
- Optional raw access to run r2 commands or r2js scripts
Use cases of Radare2 MCP Server
- Automated binary analysis with AI agents in VSCode, Claude, or Zed
- Interactive reverse engineering in Claude Desktop
- Remote binary analysis via r2pipe across networked sessions
- Using radare2 as a core plugin for on-the-fly analysis within an existing r2 session
- Integrating AI-powered reverse engineering into CI/CD pipelines (via Docker)
FAQ from Radare2 MCP Server
What is the difference between stdin/stdout and HTTP mode?
Stdin/stdout is the default MCP communication model. HTTP mode (-H <port>) enables session multiplexing via the X-Session-ID header and supports bearer authentication with the -a option.
Does Radare2 MCP Server require radare2 to be installed?
Yes. The package is installed via r2pm or built from source using radare2โs native APIs. A radare2 installation (version 6.1.2 or later recommended) is required.
Can Radare2 MCP Server connect to an already running radare2 session?
Yes. It can connect to any local or remote r2/iaito session using r2pipe. The r2 core plugin mode also reuses the current RCore object, so MCP tools operate on the file and analysis state already loaded.
How do I secure the HTTP server?
Use -a <token> to set a bearer token, or -A to generate a random token printed on stderr. The R2MCP_AUTH_TOKEN environment variable can also be used.
Is there a readonly mode for safety?
Yes. Radare2 MCP Server supports a readonly mode, sandbox lock, and can restrict which tools are exposed. The r2mcp.readonly and r2mcp.sandbox eval keys control these settings.