Run any Skill in Manus with one click

Get Started

$pwd:

binary-modification

Name: Binary Modification
Author: buzzer-re

// Modify binary behavior using natural language — explore, plan, patch, save

Run Skill in Manus

$ git log --oneline --stat

stars:628

forks:72

updated:March 3, 2026 at 03:15

SKILL.md

readonly

name	Binary Modification
description	Modify binary behavior using natural language — explore, plan, patch, save
tags	["modification","patching","exploration","game-hacking","binary"]
mode	exploration
author	Rikugan
version	1

Task: Modify the binary's behavior based on the user's natural language description. You will autonomously explore the binary to understand it, formulate a concrete plan, and apply minimal patches.

Phase 1: Exploration Strategy

Your goal is to build enough understanding of the binary to know WHERE and HOW to make the requested change. Use exploration_report to log every significant finding.

Step 1: Orientation (1-2 turns)

get_binary_info — architecture, format, size
list_imports + list_exports — what APIs does the binary use?
search_strings / list_strings_filter with keywords from the user's request
- For a game mod request mentioning "snake", search for: "snake", "score", "point", "length", "size", "spawn", "init", "level", "life", "speed"
- Cast a wide net with goal-relevant keywords

Step 2: Targeted Search (2-5 turns)

From string hits, use xrefs_to to find which functions reference them
From import hits, use xrefs_to to find call sites
search_functions for names containing relevant keywords
Build a shortlist of candidate functions
Log each candidate with exploration_report(category="function_purpose")

Step 3: Deep Dive (3-10 turns)

decompile_function on the most promising candidates
Trace data flow: where does the target value come from? Where is it used?
Identify exact instructions and constants that control the behavior
Use get_il for detailed intermediate representation when needed
Form concrete hypotheses and log with exploration_report(category="hypothesis")
- Example: "Changing the constant 3 at 0x401248 to 6 would double the snake's initial length"
- Example: "Multiplying the score increment at 0x4015C2 by 2 would double points"

Step 4: Transition Decision

When you have identified ALL locations that need to change, call phase_transition(to_phase="plan")
If you're stuck or the binary is too complex, use ask_user to get hints
Don't transition too early — make sure you understand the full picture

Phase 2: Planning Guidelines

When you transition to the PLAN phase, you will receive a synthesis prompt with your accumulated findings. Create a numbered plan where each step specifies:

Exact address to modify (hex)
Current behavior at that address (what the code does now)
Desired behavior (what it should do after the patch)
Patch strategy (which bytes/instructions to change, new values)

Be precise. The plan will be shown to the user for approval before execution.

Example format:

1. Change snake initial length constant at 0x401248 from 3 to 6 (mov eax, 3 -> mov eax, 6)
2. Double score increment at 0x4015C2: change `add [score], 10` to `add [score], 20`

Phase 3: Execution

The agent host determines which patching skill to use:

IDA Pro: activate smart-patch-ida via activate_skill
Binary Ninja: activate smart-patch-binja via activate_skill

The host is visible in the system prompt context. Activate the correct skill at the start of Phase 3, then follow its workflow for each planned change.

After each patch, you MUST call:

exploration_report(category="patch_result", address=..., summary="...", original_hex="...", new_hex="...")

This is required for the Phase 4 save gate to know what was applied.

Safety Rules

Never exceed original instruction boundaries
NOP-pad if new instructions are shorter
Always backup before patching
Always verify after patching
Revert on failure (write back original bytes)
Minimal changes only — patch the fewest bytes possible

related-skills.json

same repository

deobfuscation.md

from "buzzer-re/Rikugan"

Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly

2026-03-07628

binary-ninja-scripting.md

from "buzzer-re/Rikugan"

Write and execute Binary Ninja Python scripts — full API reference included

2026-03-05628

ida-scripting.md

from "buzzer-re/Rikugan"

Write and execute IDAPython scripts — full API reference included

2026-03-04628

linux-malware-analysis.md

from "buzzer-re/Rikugan"

Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping

2026-03-03628

smart-patch-binary-ninja.md

from "buzzer-re/Rikugan"

Patch binary code in Binary Ninja using natural language — read, assemble, write, verify

2026-03-03628

smart-patch-ida-pro.md

from "buzzer-re/Rikugan"

Patch binary code in IDA Pro using natural language — read, assemble, write, verify

2026-03-03628

package.json

"author": "buzzer-re"

"repository": "buzzer-re/Rikugan"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Computer Occupations, All OtherComputer and Mathematical Occupations15-1299L4

name	Binary Modification
description	Modify binary behavior using natural language — explore, plan, patch, save
tags	["modification","patching","exploration","game-hacking","binary"]
mode	exploration
author	Rikugan
version	1

Task: Modify the binary's behavior based on the user's natural language description. You will autonomously explore the binary to understand it, formulate a concrete plan, and apply minimal patches.

Phase 1: Exploration Strategy

Your goal is to build enough understanding of the binary to know WHERE and HOW to make the requested change. Use exploration_report to log every significant finding.

Step 1: Orientation (1-2 turns)

get_binary_info — architecture, format, size
list_imports + list_exports — what APIs does the binary use?
search_strings / list_strings_filter with keywords from the user's request
- For a game mod request mentioning "snake", search for: "snake", "score", "point", "length", "size", "spawn", "init", "level", "life", "speed"
- Cast a wide net with goal-relevant keywords

Step 2: Targeted Search (2-5 turns)

From string hits, use xrefs_to to find which functions reference them
From import hits, use xrefs_to to find call sites
search_functions for names containing relevant keywords
Build a shortlist of candidate functions
Log each candidate with exploration_report(category="function_purpose")

Step 3: Deep Dive (3-10 turns)

decompile_function on the most promising candidates
Trace data flow: where does the target value come from? Where is it used?
Identify exact instructions and constants that control the behavior
Use get_il for detailed intermediate representation when needed
Form concrete hypotheses and log with exploration_report(category="hypothesis")
- Example: "Changing the constant 3 at 0x401248 to 6 would double the snake's initial length"
- Example: "Multiplying the score increment at 0x4015C2 by 2 would double points"

Step 4: Transition Decision

When you have identified ALL locations that need to change, call phase_transition(to_phase="plan")
If you're stuck or the binary is too complex, use ask_user to get hints
Don't transition too early — make sure you understand the full picture

Phase 2: Planning Guidelines

When you transition to the PLAN phase, you will receive a synthesis prompt with your accumulated findings. Create a numbered plan where each step specifies:

Exact address to modify (hex)
Current behavior at that address (what the code does now)
Desired behavior (what it should do after the patch)
Patch strategy (which bytes/instructions to change, new values)

Be precise. The plan will be shown to the user for approval before execution.

Example format:

1. Change snake initial length constant at 0x401248 from 3 to 6 (mov eax, 3 -> mov eax, 6)
2. Double score increment at 0x4015C2: change `add [score], 10` to `add [score], 20`

Phase 3: Execution

The agent host determines which patching skill to use:

IDA Pro: activate smart-patch-ida via activate_skill
Binary Ninja: activate smart-patch-binja via activate_skill

The host is visible in the system prompt context. Activate the correct skill at the start of Phase 3, then follow its workflow for each planned change.

After each patch, you MUST call:

exploration_report(category="patch_result", address=..., summary="...", original_hex="...", new_hex="...")

This is required for the Phase 4 save gate to know what was applied.

Safety Rules

Never exceed original instruction boundaries
NOP-pad if new instructions are shorter
Always backup before patching
Always verify after patching
Revert on failure (write back original bytes)
Minimal changes only — patch the fewest bytes possible

binary-modification

Phase 1: Exploration Strategy

Step 1: Orientation (1-2 turns)

Step 2: Targeted Search (2-5 turns)

Step 3: Deep Dive (3-10 turns)

Step 4: Transition Decision

Phase 2: Planning Guidelines

Phase 3: Execution

Safety Rules

More from this repository

Phase 1: Exploration Strategy

Step 1: Orientation (1-2 turns)

Step 2: Targeted Search (2-5 turns)

Step 3: Deep Dive (3-10 turns)

Step 4: Transition Decision

Phase 2: Planning Guidelines

Phase 3: Execution

Safety Rules

More from this repository