AI Reverse Engineering in Practice: Automating Crawler Encryption Cracking with MCP Workflows
Build an MCP-based AI workflow to dramatically accelerate crawler encryption reverse engineering.
This article explains how to build an AI reverse engineering workflow using Chrome MCP, Remus MCP, and LLM APIs to achieve semi-automated deobfuscation, pure algorithm reconstruction, and environment simulation for protocol crawlers. Testing shows it can compress Xiaohongshu X-S cracking from days to hours at just ¥20-30 in token costs, though users still need reverse engineering fundamentals and account risk control remains unsolved.
Introduction: AI Is Reshaping How Reverse Engineering Works
Traditional crawler reverse engineering—extracting code, simulating environments, and deobfuscating—often takes days or even a week, and demands deep technical expertise from developers. Today, however, by combining AI with MCP (Model Context Protocol) workflows, these tasks can be completed in just hours.
This article provides a detailed guide on building an MCP-based AI reverse engineering workflow to achieve semi-automated processing of protocol crawler deobfuscation, pure algorithm reconstruction, and environment simulation.
Core Toolchain Overview
What Is MCP?
MCP (Model Context Protocol) is essentially a model context linking protocol that allows us to pass business logic to AI, which then invokes various tools to complete specific tasks. Simply put, MCP is the standardized interface for "directing AI to do work."
MCP was originally proposed and open-sourced by Anthropic in late 2024, aiming to solve the standardization problem of connecting large language models with external tools and data sources. Before MCP, every AI application needed custom integration code for different tools, leading to severe ecosystem fragmentation. MCP adopts a client-server architecture and defines a unified JSON-RPC protocol, enabling AI models to discover and invoke external tools through standardized interfaces. In reverse engineering scenarios, MCP's value lies in its ability to orchestrate discrete capabilities—browser debugging, code analysis, file operations—into a unified workflow, allowing AI to switch between tools collaboratively just like a human engineer.
Essential Tools Checklist
The complete workflow requires the following core components:
- Chrome MCP — For browser debugging, enabling encryption localization, instrumentation analysis, call stack tracing, and more
- Remus MCP — For JS analysis, deobfuscation, and related processing
- Qwen/DeepSeek API — Providing LLM reasoning capabilities (Qwen 3.5 Plus or Qwen Coder Plus recommended)
- AST Deobfuscation Skill Pack — Integrating AST syntax tree processing for code restoration
AST (Abstract Syntax Tree) deobfuscation is a technique that parses obfuscated JavaScript code into a tree structure, then restores code readability by traversing and transforming nodes. Common obfuscation techniques include: control flow flattening (breaking sequential logic into switch-case state machines), string encryption (replacing plaintext strings with decryption function calls), dead code injection, and variable name obfuscation. AST deobfuscation tools (such as Babel plugins) identify these obfuscation patterns through pattern matching, perform constant folding, dead code elimination, control flow recovery, and other transformations, ultimately outputting readable code close to the original logic. This process is essentially the reverse application of compiler optimization.
Environment Requirements
- Node.js 20.0+
- Python 3.7+
- Editor: Qwen Edit (command-line mode) or VS Code + Roo Code plugin (visual mode)
Detailed Setup Steps
Step 1: Install MCP Tools
After cloning the two core repositories from GitHub, place them in the same working directory. For Remus MCP, execute:
npm install
npm run start
The first command installs dependencies, and the second starts the MCP service. Watch out for port conflicts—if a local service is already using the same port, you'll need to free it first.
Step 2: Configure Chrome Debugging Environment
Chrome MCP doesn't require additional installation, but you need to create a launch script (.bat file) that:
- Kills previous Chrome processes (to prevent port conflicts)
- Restarts Chrome in remote debugging mode
Key configuration items:
- Chrome installation path (change to your actual path)
- UserData configuration location (recommended: place it under your AI project directory)
Chrome's remote debugging protocol (Chrome DevTools Protocol, or CDP) is the technical foundation of this step. CDP allows external programs to control the Chrome browser via WebSocket connections, performing page navigation, DOM manipulation, network interception, JavaScript execution, and more. Chrome MCP communicates with the browser through CDP, enabling AI to set breakpoints, view call stacks, and monitor network requests just like a human developer using DevTools.
Step 3: Configure Model API
Using Alibaba's Bailian platform to obtain an API Key is recommended:
- Log in to the Bailian platform and select the Beijing region
- First-time users get approximately 1 million free tokens
- Create an API Key and save it
For users in China, Qwen and DeepSeek are recommended; for international users, Claude or Codex are good options. Note that reverse engineering work consumes far more input tokens than output tokens, since large JS files need to be fed into the model.
In AI-assisted reverse engineering scenarios, token consumption shows a clear input-heavy pattern. A typical obfuscated JS file may contain hundreds of thousands of characters (approximately 100,000-300,000 tokens), while the AI's analysis output is usually only a few thousand tokens. Taking the Qwen model as an example, input token pricing is approximately ¥0.004/thousand tokens, and output is approximately ¥0.012/thousand tokens. When processing Xiaohongshu's X-S, you need to feed large JS files multiple times for analysis, deobfuscation, and logic reasoning, with cumulative input potentially reaching millions of tokens, bringing the total cost to the ¥20-30 range. In comparison, the market price for outsourcing the reverse engineering of an X-S signature is ¥300-500, with much longer delivery timelines.
Step 4: Write MCP Configuration File
The configuration file (synthes.json) is located in the .qwen hidden folder under the user directory and contains three core sections:
- Working path configuration — Where AI-generated code and analysis results are stored
- Chrome MCP connection — Uses npx to maintain automatic updates
- Remus MCP connection — Uses node to point to local files
After configuration, restart the terminal, type qwen to enter the interactive interface, and verify that all MCP services have started successfully.
Practical Demonstrations
Case 1: Government Website Data Decryption
For a government website that returns encrypted data, the task is initiated with the following prompt:
Create a project folder in the current working path. The target website returns dynamically encrypted data. Debug the browser to decrypt the data and implement pure algorithm reconstruction locally using Node.js.
AI workflow:
- Automatically creates the project directory
- Invokes Chrome MCP to visit the target website
- Analyzes network requests and locates encryption logic
- Identifies AES encryption algorithm, extracts IV and Key
- Generates a local decryption script
- Successfully collects and decrypts data
The entire process takes approximately 10-15 minutes, with AI automatically identifying the AES algorithm and implementing pure algorithm decryption. "Pure algorithm reconstruction" here means reproducing the encryption/decryption process locally through mathematics and cryptographic algorithms without relying on a browser environment. AES (Advanced Encryption Standard) is currently the most widely used symmetric encryption algorithm, and its security relies on key secrecy rather than the algorithm itself. In web scenarios, since frontend code is visible to users, AES keys and initialization vectors (IVs) are often hardcoded in JS or generated through predictable methods, making reverse extraction possible.
Case 2: Xiaohongshu X-S Signature Analysis
Xiaohongshu's X-S parameter involves JSVMP protection and code obfuscation. Traditional manual analysis takes 1-2 days.
JSVMP (JavaScript Virtual Machine Protection) is an advanced code protection technique whose core idea is to compile original JavaScript code into custom bytecode (opcodes), then execute these bytecodes at runtime through a self-implemented virtual machine interpreter. This means that even if an attacker obtains the complete JS file, they only see the VM's dispatch loop and arrays of unreadable bytecodes, not the original business logic. Traditional JSVMP cracking requires reverse-analyzing the VM's instruction set, operand stack, and register mapping relationships—an extremely labor-intensive process.
AI workflow approach:
- First use online AI to generate targeted prompts
- Have Chrome MCP visit Xiaohongshu and locate the encryption entry point
- Save the obfuscated JS file locally
- Invoke AST deobfuscation skills for code restoration
- Analyze the restored code logic
- Implement environment simulation or pure algorithm emulation
Environment simulation is one of the core techniques in protocol crawler reverse engineering. When encrypted JS code runs in a browser, it accesses numerous browser environment APIs (such as window, document, navigator, canvas, etc.), and the return values of these APIs participate in signature calculation. When extracting encrypted code to run independently in a Node.js environment, the code will error or produce incorrect results due to the absence of these browser objects. Environment simulation involves building mock versions of these browser objects and APIs in Node.js so that the encrypted code can execute correctly outside the browser. High-quality environment simulation requires precisely mimicking every environment characteristic the target website detects, including UA, screen resolution, WebGL fingerprints, and more.
According to testing, completing the environment simulation for Xiaohongshu's X-S takes approximately 40 minutes and consumes about ¥20-30 in tokens (using the Qwen model).
Key Insights and Considerations
Limitations of AI-Assisted Reverse Engineering
- Reverse engineering fundamentals are still required — If you don't understand reverse engineering, you won't even know what to ask AI to do. AI may "go off track," requiring manual intervention to correct its direction.
- Prompts are the core skill — Learning to decompose tasks and guide AI step by step is the key competency. For complex tasks, it's recommended to proceed incrementally rather than throwing everything at once.
- Risk control remains unsolved — AI can currently handle encryption signatures, decryption simulation, environment patching, and unpacking/decompilation, but account-level risk control remains a bottleneck.
Account risk control refers to a platform's technical system for identifying abnormal access through multi-dimensional behavioral analysis. Even with perfectly reconstructed encryption signatures, platforms can still identify crawler traffic through device fingerprint correlation, abnormal access frequency, behavioral sequence analysis (such as missing normal browse-click-scroll behavior chains), IP reputation scoring, and more. Risk control systems are typically based on machine learning models that make real-time decisions across hundreds of feature dimensions, making pure protocol-level simulation difficult to fully bypass. This is why even though AI can solve technical encryption problems, large-scale data collection still faces challenges.
Cost and Efficiency Comparison
| Target | Traditional Approach | AI-Assisted |
|---|---|---|
| Xiaohongshu X-S | 1-2 days, ¥500 | 40 minutes, ¥20-30 in tokens |
| Rui Shu encryption | 3-7 days | 3-4 hours |
| Simple AES decryption | Several hours | 10-15 minutes |
Verified Feasible Targets
According to testing, the following encryption systems can all be processed through the AI workflow: JD H5ST, Pinduoduo Anti-Content, Tencent Tianyu CAPTCHA, Akamai, Shape Security, and other international solutions, as well as reverse engineering of mini-programs, Android apps, and iOS applications.
Rui Shu (River Security) is a leading Chinese dynamic security protection vendor whose Bot protection products are widely deployed across government, financial, and telecom industry websites. Rui Shu's core protection mechanisms include: dynamic tokens (generating different encrypted JS on each visit), Cookie encryption verification, mouse trajectory and behavior detection, and multi-layer code obfuscation with self-verification. Since its JS code changes dynamically with each page load, traditional static analysis methods are virtually ineffective, requiring real-time parsing of dynamically generated encryption logic. Rui Shu is widely recognized in the industry as one of the most difficult web protection solutions to crack in China. The AI workflow compresses its cracking time from the traditional 3-7 days to 3-4 hours, demonstrating enormous efficiency gains.
Akamai is one of the world's largest CDN and web security providers, whose Bot Manager product identifies automated access through browser fingerprint collection, sensor data analysis, JavaScript challenges, and multi-layer protection. JD H5ST is JD.com's proprietary frontend signature scheme that employs a multi-version iteration strategy, with each version having different algorithm structures, increasing the ongoing maintenance cost of reverse engineering.
Future Outlook
It's worth noting that MCP itself may soon be replaced by more advanced solutions. New tools like OpenClio no longer rely on MCP's logical architecture and can directly collect data from multiple platforms based on protocols with one click. The pace of technological iteration far exceeds imagination—while MCP workflows perform excellently today, more efficient alternatives are already on the way.
This rapid iteration reflects a universal trend in the AI toolchain space: evolution from manually orchestrated tool protocols (like MCP) toward higher-level autonomous Agent architectures. Future AI reverse engineering tools may no longer require humans to define specific tool invocation flows. Instead, AI will autonomously plan, execute, and verify the entire reverse engineering process, with humans only needing to provide the final objective.
For practitioners, the core advice is: embrace AI as an efficiency tool, but don't abandon your understanding of underlying reverse engineering principles. AI is an accelerator, not a replacement—at least not yet.
Key Takeaways
- A complete AI reverse engineering workflow can be built using Chrome MCP and Remus MCP combined with LLM APIs
- AI-assisted reverse engineering can compress encryption cracking work that traditionally takes days into just hours, at a cost of only ¥20-30 in tokens
- Verified to handle mainstream encryption schemes including JD H5ST, Xiaohongshu X-S, and Pinduoduo Anti-Content
- AI currently cannot solve account-level risk control issues and still requires users to have basic reverse engineering knowledge to guide the AI's direction
- MCP technology itself faces the trend of being replaced by more advanced solutions like OpenClio, with extremely rapid technological iteration
Related articles
TutorialsCursor + Codex Dual-IDE Collaboration: A Practical Methodology for Open-Source Project Customization
A complete methodology for open-source project customization based on real-world experience, detailing the Cursor+Codex dual-IDE workflow, seven-stage process, MVP validation, and AI source code reading techniques.
TutorialsCursor Multi-Agent in Practice: Building a Full-Stack Next.js Blog in 50 Minutes
Build a full-stack blog in 50 minutes using Cursor IDE's multi-Agent mode with Next.js, Clerk auth, and Supabase. Learn the 4-phase AI Agent workflow and key integration pitfalls.
TutorialsBuilding an AI Software Factory from Scratch: A Cursor Engineer's Hands-On Experience with Multi-Agent Collaboration
Cursor engineer Eric shares practical insights on building an AI software factory: automation levels, guardrail design, parallel Agent management, and scaling to 1000+ Agents for 24/7 development.