I'm an independent security researcher and systems engineer from Brazil, working at the intersection of compiler infrastructure and binary analysis. My current research focuses on decompiler pipeline architecture, SSA-based variable recovery, and MLIR dialect design for reverse engineering.
I founded @AkashaCorporation to build the next generation of reverse engineering tooling. My flagship project, HikariSystem HexCore, is an open-source binary analysis IDE with native engines for disassembly, emulation, and MLIR-based decompilation β battle-tested against real malware, kernel modules, and AAA game binaries.
"Helix: Multi-Level IR Decompilation via MLIR Dialect Lowering with Empirical Pipeline Loss Analysis"
The first application of MLIR's multi-level dialect framework to binary decompilation. Through instrumented analysis of 70+ real-world functions across Linux kernel drivers, Windows PE game binaries, and CTF executables, the paper identifies that the primary decompilation quality bottleneck is at the register-to-variable recovery boundary, where a single-variable-per-register model causes cascading elimination of 99.7% of recovered assignments.
Solutions: SSA variable splitting with reverse post-order traversal, Ghidra-inspired type recovery, and SCC-based irreducible CFG detection. Result: kbase_jit_allocate went from 14 lines to 133 lines (4.4% β 42.9% vs IDA Pro), with 0 crashes across 70 test files.
Status: Draft complete Β· Target venues: CC, CGO, USENIX Security
A comprehensive open-source binary analysis IDE built as a fork of code-oss, providing a unified environment for malware analysis, reverse engineering, and threat hunting. Native engines for disassembly, emulation, decompilation, and patching β all running in-process via N-API bindings without external installations.
Battle-tested against: ARM Mali GPU kernel driver (mali_kbase.ko, 45MB, 7,313 functions), Rise of the Tomb Raider (Windows PE64, AAA game engine), Riot Vanguard (anti-cheat), CTF challenge binaries, and live malware samples (Malware HexCore Defeat.exe v1/v2/v3 with API hashing, anti-VM, and anti-debug).
Tech stack: TypeScript Β· C++23 Β· MLIR Β· LLVM 18.1.8 Β· Capstone Β· Unicorn Β· Remill Β· Z3 Β· Souper Β· Electron Β· Node.js N-API
The decompilation engine inside HexCore. C++23/MLIR pipeline with 19 analysis passes organized into three custom dialects: HelixLow (machine-level), HelixMid (ISA-agnostic typed SSA), and HelixHigh (C-level constructs). The first decompiler built on MLIR's multi-level IR framework.
v0.9.0 highlights:
- 70/70 test files crash-free, 100% confidence on all functions
- SSA variable splitting with RPO + immediate dominator seeding
- Ghidra-inspired type recovery (44% typed parameters, from 0%)
- SCC-based irreducible CFG detection via Tarjan's algorithm
- Variable coalescing, dynamic array detection, alias analysis, RTTI class naming
- Read-before-write initializers, depth-limited expression propagation
- Per-function confidence scoring with quality penalties and bonuses
A novel pre-lift CFG analysis engine that uses .pdata/.symtab boundaries, recursive descent disassembly, and jump table resolution to discover basic blocks and function boundaries before they reach the lifter. On kbase_jit_allocate (2,137 bytes), Pathfinder discovers 142 leaders from 479 instructions β a level of pre-lift CFG visibility that no existing decompiler provides.
Architecture-aware dispatch (x86 recursive descent + x64 batch decode + ARM64 linear decode), MSVC/GCC pattern recognition for jump tables, and tail call detection via function boundary metadata.
The first Windows N-API port of Google Souper with Z3 SMT solving. Souper is a superoptimizer that uses constraint solving to find LLVM IR optimizations missed by traditional compilers. Until now, Souper was only available on Linux as a CLI tool β HexCore's port makes it accessible to Node.js applications on Windows for the first time.
Empirical finding: Near-zero impact on production binaries (kernel modules, ROTTR), but valuable for obfuscated/cryptographic analysis where superoptimization shines. Documented as a negative result β useful for the community to know.
A clean-room, Apache-2.0 licensed dynamic analysis framework built in Rust + C++23. Codenamed Project Azoth (the alchemical name for mercury β the "animating spirit" of transformation), Elixir is HexCore's next-generation emulation engine with four tiers: Unicorn-driven CPU emulation, multi-format binary loaders (PE/ELF/Mach-O), OS-level abstraction (Windows + Linux syscalls, API hooks, VFS, Registry, TEB/PEB), and Frida-style instrumentation with SharedArrayBuffer zero-copy event pipeline.
Designed to replace Qiling and bring Frida-style dynamic instrumentation to HexCore at the emulation layer.
| Achievement | Impact |
|---|---|
| Helix MLIR pipeline | First decompiler built on MLIR's multi-level dialect framework |
| SSA variable splitting | Resolved 99.7% assignment loss in decompiler dead-code elimination |
| Pathfinder CFG engine | Discovered 142 leaders in 2KB of kernel code (pre-lift) |
| First Windows Souper port | Google Souper + Z3 accessible from Node.js on Windows |
| SAB zero-copy IPC | Lock-free SharedArrayBuffer ring buffer eliminating 65% TSFN drop rate |
| HEXCORE_DEFEAT v3 emulation | 1M instructions executed, 23,128 API calls captured against custom anti-analysis malware |
| Pipeline loss analysis methodology | First per-stage operation survival data for any decompilation pipeline |
| MSVC C++ data import handling | Solved std::cout vbtable access in PE emulation (nobody else has this) |
Compiler & Systems
Binary Analysis & RE
App & Web Stack
DevOps & Tools
Decompilation pipeline architecture Β· MLIR dialect design Β· SSA-based variable recovery
Binary lifting and CFG recovery Β· Type inference in stripped binaries
Anti-analysis evasion Β· Dynamic instrumentation Β· Kernel-level reverse engineering
Open to discussions, collaborations, and PhD opportunities in compiler infrastructure or binary analysis.
"Code is like art, and bugs are just unexpected features."
β Decoding the Unknown, one dialect at a time.