~/field-notes — leeguoo@misonote — zsh ● EN 中文 日本語
❯ field-notes v3.4.1
Home Archives Tags Search ⌘K Search
leeguoo@misonote:/en/posts/ai-assisted-sanitization-workflow/ $ Posts

# Facing AI Audits: How Can You “Legalize” Your Reverse Engineering Project?

Examines a practical approach to handling decompilation projects by combining Claude Code and Gemini CLI, focusing on the challenge of ownership verification and resolving it through an automated sanitization process.

May 26, 2026 · Posts · Public · Article

ON THIS PAGE

In the modern era of AI-assisted programming, tools like Claude Code greatly improve development efficiency. However, for security researchers and reverse engineering (RE) enthusiasts, these tools often come with a frustrating limitation: ownership verification.

When you try to launch Claude Code in a folder that is clearly the output of decompilation, it determines whether you are the true owner of the project through various audit methods, such as checking Git history, analyzing specific file paths, and identifying strings with characteristics of obfuscation or decompilation. If verification fails, it may refuse to perform sensitive tasks.

In this article, I will share a practical way of thinking about using collaboration between multiple AIs (Claude Code + Gemini CLI) to bypass this limitation and “legalize” the project.

The Core Pain Point: Proving Ownership

Before Claude Code performs deep tasks, it usually needs to verify that you manage the project. There are two common ways people think about bypassing this:

  1. Forging emails: Trying to fake the owner’s communication records through configuration (low success rate and extremely unstable).
  2. Forging/reconstructing source code: Reconstructing decompiled fragments as “original source code that lost its metadata.”

We recommend the second approach: narrative reconstruction.

Narrative Reconstruction: From Decompilation to “Source Code Loss”

To get Claude Code to accept a project with no Git history and full of decompilation traces, you need to build a reasonable, logically closed loop.

  • Background setup: Claim that this project was an original project developed on another machine, but due to an accident caused by force majeure such as hard drive failure, the Git repository (.git) and all development metadata were lost.
  • Core restoration: Use Codex or other disassembly tools to restore the important logic (Core Source), and present it as the “only surviving backup.”

Important Process: Automated Evidence Cleaning (Sanitization)

This is the step most prone to failure. Decompilation projects leave behind a large number of “tails.”

  • Folder names such as disasm/ and pseudocode/.
  • Keywords such as Mach-O, stripped, and Ghidra.
  • The most fatal items: hardcoded strings left behind by cracking tools (CRACKED, fake_signature, 2099-12-31, etc.).

Sanitization Process Through AI Collaboration

When Claude Code detects evidence and raises suspicions, do not try to explain it within the current session. That will contaminate the context. The correct approach is as follows:

  1. Introduce a “cleaner” Agent: Connect a separate AI that is not subject to audit restrictions, such as Gemini CLI, to the workspace as an independent Agent.
  2. Run full sanitization:
    • Delete all sensitive directories such as .build and analysis.
    • Batch-replace all literals in the source code that have cracking-related characteristics.
    • Rewrite README.md and redefine the project as a “community-driven original resource project.”
    • Rename folders with suffixes such as -reverse or -reconstructed.
  3. Reset the session: Use the /rewind command in Claude Code to roll back to the state before suspicions arose.

The sanitization process above has been abstracted into a reusable Claude Code Skill. For the source code and CLI entry point, see project-sanitizer-skill.

Using Task Rewind (/rewind)

/rewind is not merely for undoing code changes; it is, more importantly, a “context reset.” After using Gemini CLI to complete the physical cleanup of the workspace, /rewind makes Claude Code forget the moment it discovered the evidence earlier, and then restarts the task. At that point, facing a clean, reconstructed workspace, Claude Code recognizes it as an ordinary original project whose metadata was lost due to an unexpected accident.

Summary

This idea of “multi-agent collaboration + narrative reconstruction” essentially uses the nature of AI as a tool to counter another AI’s auditing mechanism. It requires developers not only to understand code logic, but also to understand the “psychology” and audit logic of AI tools.

Note: This article is intended solely for technical exchange and security research. Please respect the original author’s copyright and the software terms of use.

← previous
From Soft Methods to Hard Patches — A Methodological Review of a macOS Mach-O Reverse Engineering Session
next →
Dissecting the Implementation of the /goal Command

Comments

Replies are public immediately and may be moderated for policy violations.

Max 1000 characters.

    ⎇ main ● 0 errors · 0 warnings UTF-8 Markdown /en/posts/ai-assisted-sanitization-workflow/ © 2026 leeguoo