Computer Forensics

radare2 – Reverse Engineering Framework

Posted on

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files

Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..

The core of the hexadecimal editor and debugger. radare2 allows you to open a number of input/output sources as if they were simple, plain files, including disks, network connections, kernel drivers, processes under debugging, and so on. It implements an advanced command line interface for moving around a file, analyzing data, disassembling, binary patching, data comparison, searching, replacing, visualizing. It can be scripted with a variety of languages, including Ruby, Python, Lua, and Perl.

Radare is a portable reversing framework that can…

  • Disassemble (and assemble for) many different architectures
  • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
  • Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
  • Perform forensics on filesystems and data carving
  • Be scripted in Python, Javascript, Go and more
  • Support collaborative analysis using the embedded webserver
  • Visualize data structures of several file types
  • Patch programs to uncover new features or fix vulnerabilities
  • Use powerful analysis capabilities to speed up reversing
  • Aid in software exploitation

 

radare2 is portable !

  • Architectures:

    • 6502, 8051, CRIS, H8/300, LH5801, T8200, arc, arm, avr, bf, blackfin, csr, dalvik, dcpu16, gameboy, i386, i4004, i8080, m68k, malbolge, mips, msil, msp430, nios II, powerpc, rar, sh, snes, sparc, tms320 (c54x c55x c55+), V810, x86-64, zimg, risc-v.
  • File Formats:

    • bios, CGC, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-64, MZ, PE, PE+, TE, COFF, plan9, dyldcache, Commodore VICE emulator, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs.
  • Operating Systems:

    • Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS
  • Bindings:

    • Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAML, …

 

 

Dependencies

radare2 can be built without any special dependency, just use make and get a working toolchain (gcc, clang, tcc, ..)

Optionally you can use libewf for loading EnCase disk images.

To build the bindings you need latest valabind, g++ and swig2.

 

Install

The easiest way to install radare2 from git is by running the following command:

$ sys/install.sh

If you want to install radare2 in the home directory without using root privileges and sudo, simply run:

$ sys/user.sh

 

Package manager

Radare2 has its own package manager – r2pm. It’s packages repository is on GitHub too. To start to use it for the first time you need to initialize packages:

$ r2pm init

And to refresh packages before installation/updating a new one:

$ r2pm update

To install package use the command

$ r2pm install [package name]

To update package use the command

$ r2pm update [package name]

 

The Radare2 project is a set of small command-line utilities

that can be used together or independently.

radare2

The core of the hexadecimal editor and debugger. radare2 allows you to open a number of input/output sources as if they were simple, plain files, including disks, network connections, kernel drivers, processes under debugging, and so on.

It implements an advanced command line interface for moving around a file, analyzing data, disassembling, binary patching, data comparison, searching, replacing, visualizing. It can be scripted with a variety of languages, including Ruby, Python, Lua, and Perl.

 

rabin2

A program to extract information from executable binaries, such as ELF, PE, Java CLASS, and Mach-O. rabin2 is used by the core to get exported symbols, imports, file information, cross references (xrefs), library dependencies, sections, etc.

 

rasm2

A command line assembler and disassembler for multiple architectures (including Intel x86 and x86-64, MIPS, ARM, PowerPC, Java, and MSIL).

 

rahash2

An implementation of a block-based hash tool. From small text strings to large disks, rahash2 supports multiple algorithms, including MD4, MD5, CRC16, CRC32, SHA1, SHA256, SHA384, SHA512, par, xor, xorpair, mod255, hamdist, or entropy. rahash2 can be used to check the integrity of, or track changes to, big files, memory dumps, and disks.

 

radiff2

A binary diffing utility that implements multiple algorithms. It supports byte-level or delta diffing for binary files, and code-analysis diffing to find changes in basic code blocks obtained from the radare code analysis, or from the IDA analysis using the rsc idc2rdb script.

 

rafind2

A program to find byte patterns in files.

 

ragg2

A frontend for r_egg. ragg2 compiles programs written in a simple high-level language into tiny binaries for x86, x86-64, and ARM.

 

rarun2

A launcher for running programs within different environments, with different arguments, permissions, directories, and overridden default file descriptors. rarun2 is useful for:

  • Crackmes
  • Fuzzing
  • Test suites

 

rax2

A minimalistic mathematical expression evaluator for the shell that is useful for making base conversions between floating point values, hexadecimal representations, hexpair strings to ASCII, octal to integer, etc. It also supports endianness settings and can be used as an interactive shell if no arguments are given.

 

Related Items:, , , ,

Recommended for you

To Top

Pin It on Pinterest

Share This