Radare2

Description

Radare2 is a portable reversing framework that can…

  • Disassemble (and assemble for) many different architectures

  • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)

  • Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku

  • Perform forensics on filesystems and data carving

  • Be scripted in Python, Javascript, Go and more

  • Support collaborative analysis using the embedded webserver

  • Visualize data structures of several file types

  • Patch programs to uncover new features or fix vulnerabilities

  • Use powerful analysis capabilities to speed up reversing

  • Aid in software exploitation

Usage

Syntax

radare2 [-dDwntLqv] [-P patch] [-p prj] [-a arch] [-b bits] [-i file] [-s addr] [-B blocksize] [-c cmd] [-e k=v] file|-

Options

 -0           Print \x00 after init and every command
 -a [arch]    set asm.arch
 -A           run 'aa' command to analyze all referenced code
 -b [bits]    set asm.bits
 -B [baddr]   set base address for PIE binaries
 -c 'cmd..'   execute radare command
 -C           file is host:port (alias for -c+=http://%s/cmd/)
 -d           use 'file' as a program to debug
 -D [backend] enable debug mode (e cfg.debug=true)
 -e k=v       evaluate config var
 -f           block size = file size
 -h, -hh      show help message, -hh for long
 -i [file]    run script file
 -k [kernel]  set asm.os variable for asm and anal
 -l [lib]     load plugin file
 -L           list supported IO plugins
 -m [addr]    map file at given address
 -n, -nn      do not load RBin info (-nn only load bin structures)
 -N           do not load user settings and scripts
 -q           quiet mode (no prompt) and quit after -i
 -p [prj]     set project file
 -P [file]    apply rapatch file and quit
 -s [addr]    initial seek
 -S           start r2 in sandbox mode
 -t           load rabin2 info in thread
 -v, -V       show radare2 version (-V show lib versions)
 -w           open file in write mode
 -z, -zz      do not load strings or load them even in raw

Example

cyborg@cyborg:~/Downloads$ r2 STATIC.ELF 
 -- Bindings are mostly powered by tears. Radare2
[0x00000000]> af
[0x00000000]> pz @ [30]
0x00000000  80e9 2e48 fe40 680c ab61 04e7 1388 5403  ...H.@h..a....T.
0x00000010  0000 6440 0074 8800 6840 736f 402d 6206  ..d@.t..[email protected]@-b.
0x00000020  65ec e371 04d4 2d74 0066 6d00 6270 007d  e..q..-t.fm.bp.}
0x00000030  6670 005f 0062 2d2d 0066 7417 0461 88ba  fp._.b--.ft..a..
0x00000040  6124 6624 736d 6161 7362 618b 6271 7466  a$f$smaasba.bqtf
0x00000050  7024 8024 6565 176d 7400 4077 9704 0010  p$.$ee.mt.@w....
0x00000060  802d 7162 400d 7524 6974 406e 6c63 7307  .-qb@.[email protected]
0x00000070  6273 6940 7201 72e3 0061 8001 0000 fa65  [email protected].a.....e
0x00000080  7200 6f7a 2400 3381 7231 7240 6869 6124  [email protected]$
0x00000090  fa6d 6c61 2465 7313 4004 6e24 6773 6374  .mla$es.@.n$gsct
0x000000a0  670b e071 6f6c 6a61 0574 3661 002f 2f00  g..qolja.t6a.//.
0x000000b0  24e3 1071 671b 6500 e304 0073 4300 7369  $..qg.e....sC.si
0x000000c0  0040 0000 6888 0067 4015 8140 1a69 6575  .@..h..g@..@.ieu
0x000000d0  7024 726b 7340 6d24 6940 7275 006d 1c72  [email protected][email protected]
0x000000e0  5424 076f 6169 6377 2488 0276 e39a 7381  T$.oaicw$..v..s.
0x000000f0  0081 7377 6906 6f74 6107 0084 0503 0554  ..swi.ota......T
[0x00000000]> pc c [20]
#define _BUFFER_SIZE 256
unsigned char buffer[256] = {
  0x80, 0x0c, 0x00, 0x0a, 0x53, 0x54, 0x41, 0x54, 0x49, 0x43, 0x2e, 
  0x43, 0x50, 0x50, 0x91, 0x88, 0x1f, 0x00, 0x00, 0x00, 0x1b, 0x54, 
  0x43, 0x38, 0x36, 0x20, 0x42, 0x6f, 0x72, 0x6c, 0x61, 0x6e, 0x64, 
  0x20, 0x54, 0x75, 0x72, 0x62, 0x6f, 0x20, 0x43, 0x2b, 0x2b, 0x20, 
  0x33, 0x2e, 0x30, 0x30, 0x91, 0x88, 0x12, 0x00, 0x00, 0xe9, 0x90, 
  0x23, 0x2f, 0x47, 0x0a, 0x53, 0x54, 0x41, 0x54, 0x49, 0x43, 0x2e, 
  0x43, 0x50, 0x50, 0x71, 0x88, 0x12, 0x00, 0x00, 0xe9, 0x00, 0x18, 
  0x52, 0x18, 0x0a, 0x49, 0x4f, 0x53, 0x54, 0x52, 0x45, 0x41, 0x4d, 
  0x2e, 0x48, 0x17, 0x88, 0x0f, 0x00, 0x00, 0xe9, 0x00, 0x18, 0x52, 
  0x18, 0x07, 0x5f, 0x44, 0x45, 0x46, 0x53, 0x2e, 0x48, 0x00, 0x88, 
  0x0d, 0x00, 0x00, 0xe9, 0x00, 0x18, 0x52, 0x18, 0x05, 0x4d, 0x45, 
  0x4d, 0x2e, 0x48, 0xa6, 0x88, 0x0f, 0x00, 0x00, 0xe9, 0x00, 0x18, 
  0x52, 0x18, 0x07, 0x5f, 0x4e, 0x55, 0x4c, 0x4c, 0x2e, 0x48, 0xe7, 
  0x88, 0x0f, 0x00, 0x00, 0xe9, 0x00, 0x18, 0x52, 0x18, 0x07, 0x43, 
  0x4f, 0x4e, 0x49, 0x4f, 0x2e, 0x48, 0x09, 0x88, 0x06, 0x00, 0x00, 
  0xe5, 0x01, 0x00, 0x00, 0x8c, 0x88, 0x06, 0x00, 0x00, 0xe5, 0x01, 
  0x06, 0x00, 0x86, 0x88, 0x21, 0x00, 0x00, 0xe6, 0x05, 0x64, 0x61, 
  0x74, 0x61, 0x34, 0x18, 0x02, 0xfa, 0xff, 0x05, 0x64, 0x61, 0x74, 
  0x61, 0x33, 0x18, 0x02, 0xfc, 0xff, 0x05, 0x64, 0x61, 0x74, 0x61, 
  0x32, 0x18, 0x02, 0xfe, 0xff, 0xbc, 0x88, 0x05, 0x00, 0x00, 0xe7, 
  0x40, 0x00, 0x4c, 0x88, 0x05, 0x00, 0x00, 0xe7, 0x40, 0x00, 0x4c, 
  0x88, 0x0a, 0x00, 0x00, 0xee, 0x01, 0x00, 0x00, 0x06, 0x00, 0x3c, 
  0x00, 0x3d, 0x88, 0x07, 0x00, 0x00, 0xe5, 0xc0, 0x01, 0x00, 0x00, 
  0xcb, 0x88, 0x10, };
[0x00000000]> p2 [256]
Block size 217579520 is too big Radare2
This block size is too big. Did you mean 'p2 @ [256]' instead?
[0x00000000]> p2 [128]
Block size 402712832 is too big Radare2
This block size is too big. Did you mean 'p2 @ [128]' instead?
[0x00000000]> p2 [200]


radare2 Radare2

                                                                                                                                                                                                                                          
[0x00000000]> / 0
Searching 1 bytes from 0x00000000 to 0x00006aee: 30 
hits: 13
0x0000002e hit0_0 "0"
0x0000002f hit0_1 "0"
0x00000625 hit0_2 "0"
0x0000089b hit0_3 "0"
0x000014d7 hit0_4 "0"
0x000022d5 hit0_5 "0"
0x000022ea hit0_6 "0"
0x0000233d hit0_7 "0"
0x00002376 hit0_8 "0"
0x0000239f hit0_9 "0"
0x000028d5 hit0_10 "0"
0x000029f7 hit0_11 "0"
0x000032c4 hit0_12 "0"
[0x00000000]> pr [200]
�

STATIC.CPP��TC86 Borland Turbo C++ 3.00����#/G
STATIC.CPPq��R
�RMEM.H���R_NULL.H�RCONIO.H    �������!�data4��data3��data2�����@L��@L�
�<=���ˈ
[0x00000000]> 

0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?