I'm an independent security researcher and systems engineer from Brazil, working at the intersection of compiler infrastructure and binary analysis. My current research focuses on decompiler pipeline architecture, SSA-based variable recovery, and MLIR dialect design for reverse engineering.
I founded @AkashaCorporation to build the next generation of reverse engineering tooling. My flagship project, HikariSystem HexCore, is an open-source binary analysis IDE with native engines for disassembly, emulation, and MLIR-based decompilation — battle-tested against real malware, kernel modules, and AAA game binaries.
"Helix: Multi-Level IR Decompilation via MLIR Dialect Lowering with Empirical Pipeline Loss Analysis"
The first application of MLIR's multi-level dialect framework to binary decompilation. Through instrumented analysis of 70+ real-world functions across Linux kernel drivers, Windows PE game binaries, and CTF executables, the paper identifies that the primary decompilation quality bottleneck is at the register-to-variable recovery boundary, where a single-variable-per-register model causes cascading elimination of 99.7% of recovered assignments.
Solutions: SSA variable splitting with reverse post-order traversal, Ghidra-inspired type recovery, and SCC-based irreducible CFG detection. Result: kbase_jit_allocate went from 14 lines to 133 lines (4.4% → 42.9% vs IDA Pro), with 0 crashes across 70 test files.
Status: Draft complete · Target venues: CC, CGO, USENIX Security
A comprehensive open-source binary analysis IDE built as a fork of code-oss, providing a unified environment for malware analysis, reverse engineering, and threat hunting. Native engines for disassembly, emulation, decompilation, and patching — all running in-process via N-API bindings without external installations.
Battle-tested against: ARM Mali GPU kernel driver (mali_kbase.ko, 45MB, 7,313 functions), Rise of the Tomb Raider (Windows PE64), Riot Vanguard (anti-cheat), CTF binaries, and live malware samples with API hashing, anti-VM, and anti-debug.
Stack: TypeScript · C++23 · MLIR · LLVM 18.1.8 · Capstone · Unicorn · Remill · Z3 · Souper · Electron · Node.js N-API
C++23/MLIR pipeline with 19 analysis passes organized into three custom dialects: HelixLow (machine-level), HelixMid (ISA-agnostic typed SSA), and HelixHigh (C-level constructs). The first decompiler built on MLIR's multi-level IR framework.
v0.9.0 highlights:
- 70/70 test files crash-free, 100% confidence on all functions
- SSA variable splitting with RPO + immediate dominator seeding
- Ghidra-inspired type recovery (44% typed parameters, from 0%)
- SCC-based irreducible CFG detection via Tarjan's algorithm
- Variable coalescing, dynamic array detection, alias analysis, RTTI class naming
- Per-function confidence scoring with quality penalties and bonuses
A novel pre-lift CFG analysis engine using .pdata/.symtab boundaries, recursive descent disassembly, and jump table resolution to discover basic blocks and function boundaries before reaching the lifter. On kbase_jit_allocate (2,137 bytes), Pathfinder discovers 142 leaders from 479 instructions — a level of pre-lift CFG visibility no existing decompiler provides.
The first Windows N-API port of Google Souper with Z3 SMT solving. Makes Souper's superoptimization and constraint-solving accessible to Node.js applications on Windows. Empirical finding: near-zero impact on production binaries, but valuable for obfuscated/cryptographic analysis. Documented as a negative result — useful for the community to know.
A clean-room, Apache-2.0 licensed dynamic analysis framework in Rust + C++23. Four tiers: Unicorn-driven CPU emulation, multi-format binary loaders (PE/ELF/Mach-O), OS-level abstraction (Windows + Linux syscalls, API hooks, VFS, Registry, TEB/PEB), and Frida-style instrumentation with SharedArrayBuffer zero-copy event pipeline. Designed to replace Qiling.
| Achievement | Impact |
|---|---|
| Helix MLIR pipeline | First decompiler built on MLIR's multi-level dialect framework |
| SSA variable splitting | Resolved 99.7% assignment loss in decompiler dead-code elimination |
| Pathfinder CFG engine | Discovered 142 leaders in 2KB of kernel code (pre-lift) |
| First Windows Souper port | Google Souper + Z3 accessible from Node.js on Windows |
| SAB zero-copy IPC | Lock-free SharedArrayBuffer ring buffer eliminating 65% TSFN drop rate |
| HEXCORE_DEFEAT v3 emulation | 1M instructions executed, 23,128 API calls captured against custom anti-analysis malware |
| Pipeline loss analysis methodology | First per-stage operation survival data for any decompilation pipeline |
| MSVC C++ data import handling | Solved std::cout vbtable access in PE emulation |
Compiler & Systems
Binary Analysis & Reverse Engineering
Application & Web
DevOps & Tools
Decompilation pipeline architecture · MLIR dialect design · SSA-based variable recovery · Binary lifting and CFG recovery · Type inference in stripped binaries · Anti-analysis evasion · Dynamic instrumentation · Kernel-level reverse engineering
Open to discussions, collaborations, and PhD opportunities in compiler infrastructure or binary analysis.
"Code is like art, and bugs are just unexpected features."
— Decoding the Unknown, one dialect at a time.