Radare2 is a complete rewrite of radare, which provides a set of libraries and tools to work with binary files.
Unix-Like Reverse Engineering Framework and Commandline Tools Security: radare2
Radare2 is an open source and multi-platform Reverse Engineering framework which supports assembly and disassembly many architectures and binary formats, it represents a set of small command-line utilities that can be used together or independently:
radare2, rabin2, rasm2, rahash2, radiff2, rafind2, ragg2, rarun2, rax2.
Features (radare2 can):
- Run on
Linux, *BSD, Windows, OSX, Android, iOS, Solarisand
- Disassemble and assemble for many different architectures.
- Debug with local native and remote debuggers (
gdb, rap, webui, r2pipe, winedbg, windbg)
- Be scripted in
- Support collaborative analysis using the embedded webserver.
- Perform forensics on filesystems and data carving
- Visualize data structures of several file types.
- Patch programs to uncover new features or fix vulnerabilities.
- Use powerful analysis capabilities to speed up reversing.
- Aid in software exploitation.
- i386, x86-64, ARM, MIPS, PowerPC, SPARC, RISC-V, SH, m68k, AVR, XAP, System Z, XCore, CR16, HPPA, ARC, Blackfin, Z80, H8/300, V810, V850, CRIS, XAP, PIC, LM32, 8051, 6502, i4004, i8080, Propeller, Tricore, Chip8 LH5801, T8200, GameBoy, SNES, MSP430, Xtensa, NIOS II, Dalvik, WebAssembly, MSIL, EBC, TMS320 (c54x, c55x, c55+, c66), Hexagon, Brainfuck, Malbolge, DCPU16
- ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems.
- Windows (since XP), GNU/Linux, OS X, [Net|Free|Open]BSD, Android, iOS, OSX, QNX, Solaris, Haiku, FirefoxOS
- Vala/Genie, Python (2, 3), NodeJS, Lua, Go, Perl, Guile, PHP, Newlisp, Ruby, Java, OCaml, etc.
radare2is the main framework tool, which uses the core of the hexadecimal editor and debugger. radare2 allows you to open a number of input/output sources as if they were simple, plain files, including: disks, network connections, kernel drivers, processes under debugging, etc. It has an advanced command line interface for: analyzing data, data comparison, binary patching, disassembling, searching, replacing, and visualizing.
rabin2: a program which can extract information from executable binaries, such as: ELF, PE, Java CLASS, Mach-O, and any format supported by r2 plugins (exported symbols, imports, file information, cross references (xrefs), library dependencies, and sections).
rasm2: a command line assembler and disassembler for multiple architectures (including Intel x86 and x86-64, MIPS, ARM, PowerPC, Java, and myriad of others).
rahash2: A block-based hash tool. From small text strings to large disks, rahash2 supports multiple algorithms including:
MD4, MD5, CRC16, CRC32, SHA1, SHA256, etc.
rarun2: a launcher for running programs within different environments, with different arguments, permissions, directories, and overridden default file descriptors. rarun2 is useful for:
- Solving crackmes, Fuzzing, Test suites.
rax2: a minimalistic mathematical expression evaluator for the shell that is useful for making base conversions between:
- floating point values, hexadecimal representations, hexpair strings to ASCII, octal to integer, etc.
radiff2: a binary diffing utility that implements multiple algorithms. It supports:
- byte-level or delta diffing for binary files,
- code-analysis diffing to find changes in basic code blocks obtained from the radare code analysis.
ragg2: a frontend for r_egg. ragg2 compiles programs written in a simple high-level language into tiny binaries for
x86, x86-64, and
rafind2: a program to find byte patterns in files.
Clone it from the github repo:
$ git clone https://github.com/radare/radare2.git
To install, simply run the following command:
if you want to make system wide install without using root privileges. To update radare2 system wide, just re-run the previous commands.
To start using radare2 pm –
r2pm,you need to initialize packages:
$ r2pm init
You need to refresh packages database, before installing any package:
$ r2pm update
Then you can install packages with the following command:
$ r2pm install [package name]
Building with meson + ninja
Building with mason has been tested to work on the following hosts:
Install meson and ninja through
pm or with
$ r2pm -i meson
Then compile radare2:
$ python ./sys/meson.py --prefix=/usr --shared --install
Make sure you’ve installed
valabind if you want to build the bindings. To install
Python bindings, run the following:
$ r2pm install lang-python2 #lang-python3 for python3 bindings $ r2pm install r2api-python $ r2pm install r2pipe-py
There are also
r2pipe bindings (API interface which interacts with prompt, passes commands, etc.).
$ npm install r2pipe # NodeJS $ gem install r2pipe # Ruby $ pip install r2pipe # Python
-h to see avalaible commands:
$ radare2 -h Usage: r2 [-ACdfLMnNqStuvwzX] [-P patch] [-p prj] [-a arch] [-b bits] [-i file] [-s addr] [-B baddr] [-m maddr] [-c cmd] [-e k=v] file|pid|-|--|= -- run radare2 without opening any file - same as 'r2 malloc://512' = read file from stdin (use -i and -c to run cmds) -= perform !=! command to run all commands remotely -0 print \x00 after init and every command -2 close stderr file descriptor (silent warning messages) -a [arch] set asm.arch -A run 'aaa' command to analyze all referenced code -b [bits] set asm.bits -B [baddr] set base address for PIE binaries -c 'cmd..' execute radare command -C file is host:port (alias for -c+=http://%s/cmd/) -d debug the executable 'file' or running process 'pid' -D [backend] enable debug mode (e cfg.debug=true) -e k=v evaluate config var -f block size = file size -F [binplug] force to use that rbin plugin -h, -hh show help message, -hh for long -H ([var]) display variable -i [file] run script file -I [file] run script file before the file is opened -k [OS/kern] set asm.os (linux, macos, w32, netbsd, ...) -l [lib] load plugin file -L list supported IO plugins ...
To see detailed explanations and usage examples, click the documentation button below.