From 05b2741ec05b0f634952156f4569c84800ed4db5 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Mon, 4 May 2026 20:30:07 -0400
Subject: [PATCH] pi: generic-ize ghidra skill (drop game-specific examples)

---
 home/progs/pi.nix | 59 +++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 30 deletions(-)

diff --git a/home/progs/pi.nix b/home/progs/pi.nix
index b8ef605..2a8bc75 100644
--- a/home/progs/pi.nix
+++ b/home/progs/pi.nix
@@ -152,7 +152,8 @@ in
     # OMP discovers servers from this file at startup. The ghidra entry below
     # spawns pyghidra-mcp on stdio when the agent invokes any of its tools.
     ".omp/agent/mcp.json".text = builtins.toJSON {
-      "$schema" = "https://raw.githubusercontent.com/can1357/oh-my-pi/main/packages/coding-agent/src/config/mcp-schema.json";
+      "$schema" =
+        "https://raw.githubusercontent.com/can1357/oh-my-pi/main/packages/coding-agent/src/config/mcp-schema.json";
       mcpServers = {
         ghidra = {
           command = lib.getExe pyghidra-mcp;
@@ -297,57 +298,55 @@ in
       A headless MCP server is configured at `mcpServers.ghidra` in
       `~/.omp/agent/mcp.json` and binds Ghidra's analysis engine to MCP tools
       you can call directly. The Ghidra install lives at
-      `${pkgs.ghidra}/lib/ghidra`; pyghidra-mcp picks it up via the
+      `''${pkgs.ghidra}/lib/ghidra`; pyghidra-mcp picks it up via the
       GHIDRA_INSTALL_DIR env var that's wired into the binary's wrapper.
 
       ## When to use this
 
-      - Static analysis of any compiled binary you have on disk (or extract
-        from a game install, container image, firmware dump, etc.).
-      - Finding the decision logic behind a runtime behavior. E.g. where in
-        F1 23's executable the adaptive-trigger code lives and what params
-        it passes.
-      - Extracting embedded tuning tables from `.rdata`/`.data` sections.
-      - Discovering which Sony / Steam / Windows HID APIs a game calls.
+      - Static analysis of any compiled binary you have on disk.
+      - Finding the decision logic behind an observed runtime behavior, when
+        the source isn't available.
+      - Extracting embedded tables/constants from `.rdata`/`.data` sections.
+      - Discovering which APIs (libc, OS, vendor SDKs) a binary imports and
+        where it calls them.
+      - Recovering structures, function signatures, and type information
+        from a stripped binary.
 
       ## Workflow
 
       The first invocation imports a binary into a fresh Ghidra project and
       runs auto-analysis (10-90 minutes depending on size). Subsequent calls
-      are fast.
+      hit the cached project and are fast.
 
-      Typical exploration sequence for a stripped C++ game binary:
+      Typical exploration sequence for a stripped binary:
 
-      1. `list_strings(filter="DualSense")` (or other relevant substring) to
-         find string literals; Codemasters/Ubisoft typically don't strip these.
-      2. `list_imports()` filtered for HID / Sony / Steam APIs to find the
-         haptic call surface.
-      3. `get_xrefs_to(<address-of-string-or-import>)` to surface call sites.
+      1. `list_strings(filter="<substring>")` to find string literals
+         related to the behavior you're investigating.
+      2. `list_imports()` filtered for the API surface you care about
+         (e.g. HID, networking, crypto) to find call sites.
+      3. `get_xrefs_to(<address-of-string-or-import>)` to surface every
+         function that touches the symbol.
       4. `decompile_function_by_address(<addr>)` to read C-pseudocode.
       5. `set_decompiler_comment` and `rename_function` as you identify
          components, so the database remembers your findings across calls.
 
       ## Loading a binary
 
-      Drop the binary somewhere readable (don't commit to git — license + size)
-      and pass the absolute path to pyghidra-mcp's import tool:
-
-      ```
-      /tmp/games/f1_23/F1_23_dx12.exe
-      /tmp/games/cyberpunk/Cyberpunk2077.exe
-      ```
-
-      Auto-analysis runs once per binary; the project database persists in
+      Drop the binary somewhere readable (don't commit to git — size + often
+      proprietary) and pass the absolute path to pyghidra-mcp's import tool.
+      Auto-analysis runs once; the project database persists in
       `~/.cache/pyghidra-mcp/` so re-invocations are fast.
 
       ## What this is NOT for
 
-      - Dynamic capture — use usbmon + Wireshark for live HID traffic.
-      - PS5 binaries — encrypted, out of scope.
-      - Decoding live network traffic — separate tooling.
+      - Dynamic / runtime analysis — use a debugger, usbmon/strace, or a
+        protocol sniffer for that.
+      - Encrypted/DRM-protected binaries — out of scope without the keys.
+      - Network-traffic decoding on the wire — separate tooling.
 
-      Reverse engineering for interoperability is permitted under DMCA §1201(f)
-      and analogous EU provisions. Don't share decrypted/cracked binaries.
+      Reverse engineering for interoperability, security research, and
+      bug-fix purposes is permitted under DMCA §1201(f) and analogous EU
+      provisions. Don't share decrypted or cracked binaries.
     '';
 
   };