Skip to content

Latest commit

 

History

History
52 lines (35 loc) · 3.09 KB

Radare2.md

File metadata and controls

52 lines (35 loc) · 3.09 KB

Radare2 is an open-source reverse engineering framework that provides a set of tools for analyzing binary code. It is a highly flexible and feature-rich suite that is used by security professionals, researchers, and developers for various tasks such as disassembly, debugging, analysis, and exploitation. Here are some key features and commands associated with Radare2:

Key Features:

  1. Architecture Support:

    • Radare2 supports a wide range of architectures, including x86, x86-64, ARM, MIPS, PowerPC, and many more.

  2. Disassembly and Analysis:

    • Radare2 allows users to disassemble and analyze binary code. It provides various commands for navigating through disassembled code, inspecting instructions, and understanding program flow.

  3. Graphical and Text-Based Interfaces:

    • Radare2 can be used through both a command-line interface (CLI) and a graphical user interface (GUI) called Cutter. Cutter simplifies the use of Radare2, especially for those who prefer a more visual approach.

  4. Scripting Support:

    • Radare2 provides scripting capabilities using its built-in scripting language (R2Script). This allows users to automate tasks, create custom analyses, and extend Radare2's functionality.

  5. Debugging Support:

    • Radare2 includes a built-in debugger that supports both local and remote debugging. It allows users to set breakpoints, step through code, inspect and modify registers, and interact with the program during runtime.

  6. Binary Patching:

    • Radare2 enables users to patch binary files. This can be useful for binary modification, such as changing instructions or altering program behavior.

  7. File Format Support:

    • Radare2 supports various file formats, including ELF, PE, Mach-O, and others. It can analyze and work with different executable and binary formats.

  8. Plugin System:

    • Radare2 has a modular architecture with a plugin system. Users can extend its functionality by adding or developing plugins for specific tasks.

Common Commands:

  1. Opening a Binary:

    radare2 <binary>
    • Opens Radare2 and loads the specified binary.

  2. Navigating Through Code:

    • Commands like s (seek), pdf (print disassembly function), and VV (visual mode) are used for navigating and exploring the disassembled code.

  3. Analyzing Functions:

    • Commands like af (analyze function) and afl (analyze function list) help in analyzing and understanding functions in the binary.

  4. Debugging:

    • Commands like db (set breakpoint), dc (continue execution), and dr (view and modify registers) are used for debugging.

  5. Scripting:

    • Radare2 allows users to create scripts using its scripting language. Scripts can automate tasks and perform custom analyses.

  6. Quitting Radare2:

    • Typing q quits Radare2.

Radare2 is a powerful and versatile tool, but it has a steep learning curve. Documentation and community support play important roles in mastering its features and capabilities. Cutter, the graphical front-end for Radare2, provides a more user-friendly experience for those who prefer a visual interface.