TS app rebuilt from binary

A compiled program is the machine-ready version of an app, like a cake after baking; the original TypeScript is the recipe. A social demo posted by 0xSero said GLM-5.1 rebuilt a full TypeScript app from a binary during a 20 million-token run. (x.com) Reverse engineering means analyzing compiled software to recover how it works. The Open Worldwide Application Security Project says the goal is to extract information about source code and internal logic from a binary, and security testers already use those methods in black-box testing. (mas.owasp.org) GLM-5.1 is a new coding-focused model from Z.ai that the company released in early April 2026. Z.ai says the model is designed for “long-horizon” work, can stay on one task for up to eight hours, and keeps improving over hundreds of rounds and thousands of tool calls instead of stalling early. (z.ai, docs.z.ai) In its launch material, Z.ai framed that longer-run behavior as the main change from earlier coding models. The company reported 58.4% on SWE-Bench Pro and said GLM-5.1 kept optimizing a vector database for more than 600 iterations and 6,000 tool calls, reaching 21,500 queries per second. (z.ai, github.com) That matters for binaries because compiled code strips away names, comments and other clues humans rely on. Research on binary-to-source matching has treated that gap as a core reverse-engineering problem, because binaries and source code can look very different after compilation. (arxiv.org, conf.researchr.org) It also puts ordinary software review in a new light. The National Institute of Standards and Technology says source-code analyzers are used to find weaknesses before and after deployment, and the Open Worldwide Application Security Project notes that similar analysis can also be done on bytecode and compiled code at lower levels. (nist.gov, owasp.org) The legal picture is not one rule. The Electronic Frontier Foundation says United States law has allowed some reverse engineering for purposes such as interoperability, while contracts, license terms and anti-circumvention rules can still create risk. (eff.org) The public demo does not, by itself, show that a model can recover the exact original repository line for line. It does show that a model with enough context, time and tool use may infer architecture, behavior and likely source structure from a shipped binary closely enough to rebuild a working app. (x.com, z.ai) The next argument is likely to center on where analysis ends and copying begins. The binary has always contained the app’s behavior; the new part is that a general-purpose model may now be able to turn that behavior back into readable code at scale. (mas.owasp.org, eff.org)