Not the person you asked but I frequently use Claude (Opus primarily) to reverse engineer embedded hardware. It uses a mix of Ghidra, Radare2, and just the arm-none-* tools. I can’t say I have a particular workflow though, I just say “we’re reverse engineering foo.bin. It’s the firmware for a servomotor. We talk to the servo over RS485 and it seems that if I send it command X it will sometimes silently reject the command. Can you dig into the data reception and command parsing layers to see if there’s an explanation. Let’s keep notes in @20260704-reverse-engineer-foo-motor.qmd”
It works great just like that.
> Let’s keep notes in @20260704-reverse-engineer-foo-motor.qmd
Curious - why like this? I usually tell it to write down the analysis once all is clear, so I'm wondering if your approach is better.