We take things apart to make them work.
Hemis is a reverse-engineering studio. We build instruments — compilers, decoders, and agent harnesses — for finding bugs, exposing vulnerabilities, and recovering meaning from machine code.
Origin.
Every tool here exists because something in the field refused to do its job.
Hemis began with mine fields in Ukraine.
We tried using commercial drones to survey active mine fields — autonomous low-altitude passes, multispectral capture, ground-contour following. The drones flew. They took pictures. They were useless.
Flight controllers that couldn't track terrain at the altitudes the mission needed. Mission planners that aborted on the first GPS dropout. SDKs that hid every primitive worth touching behind a wall of marketing-grade abstractions. The autonomy that the brochure promised was nowhere in the binary that shipped.
To make those drones safe enough — and capable enough — to do the job, we had to take them apart. Strip the firmware. Read the flight stack. Patch the autopilot. Replace what was broken with something that worked.
That work taught us that the world is full of devices that should have been open, and weren't. Hemis builds the tools we wished we'd had when we started taking those drones apart.
Products.
Tools we ship, written for our own work first.
-
Shipping · beta Pixie
Compile any architecture into Binary Ninja.
JIT-compiles Ghidra Sleigh processor specifications to native ARM64. 146 architectures across 38 families. Every operation exposed as MCP tools so an LLM agent can sweep an entire firmware tree in one pass.
Visit Pixie → -
In development Dixie
Coming soon.
The next thing in the line. Same lineage as Pixie — built from real reverse-engineering work, written first for ourselves. We'll announce when it's ready to put in your hands.
Get notified ↗
Practice.
What we work on, and what shapes the tools we build.
-
a.
UAV & flight stacks
Autopilot firmware, MAVLink stacks, RC link layers, ESC and gimbal protocols. Replacing closed autonomy with something the operator can audit and trust.
-
b.
Embedded & IoT firmware
SoCs, MCUs, and the long tail of proprietary processors. From Cortex-M to MSP430 to TriCore — if it ships in volume, it ends up on our bench eventually.
-
c.
Supply-chain integrity
Diffing firmware versions across batches. Detecting backdoors, regressions, and quiet capability changes. Verifying that the binary in the field is the binary you signed off on.
-
d.
Proprietary & obscure ISAs
Custom processors that no commercial tool supports. Writing the Sleigh spec, compiling the decoder, getting a working decompiler in front of the analyst — at the speed the work needs.
Working on something that should be open?
We take on a small number of consulting engagements alongside the product work. Firmware audits, custom Sleigh specs, autonomy retrofits, and the occasional "we've never seen anything like this binary" investigations.