HOME

TheInfoList



Click Here for Items Related To - Radare2
OR:
Radare2 on:   [Wikipedia]   [Google]   [Amazon]

Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the
command line A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
. Built around a
disassembler A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembl ...
for
computer software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
which generates assembly language
source code In computing, source code, or simply code, is any collection of code, with or without comment (computer programming), comments, written using a human-readable programming language, usually as plain text. The source code of a Computer program, p ...
from machine-executable code, it supports a variety of executable formats for different processor architectures and
operating systems An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
.


History

Radare2 was created in February 2006, aiming to provide a
free Free may refer to: Concept * Freedom, having the ability to do something, without having to obey anyone/anything * Freethought, a position that beliefs should be formed only on the basis of logic, reason, and empiricism * Emancipate, to procur ...
and simple command-line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks, for forensic purposes. Since then, the project has grown with the aim changed to provide a complete framework for analyzing binaries while adhering to several principles of the
Unix philosophy The Unix philosophy, originated by Ken Thompson, is a set of cultural norms and philosophical approaches to minimalist, modular software development. It is based on the experience of leading developers of the Unix operating system. Early Unix d ...
. In 2009, the decision was made to completely rewrite it, to get around limitations in the initial design. Since then, the project continued to grow, and attracted several resident developers. In 2016, the first ''r2con'' took place in
Barcelona Barcelona ( , , ) is a city on the coast of northeastern Spain. It is the capital and largest city of the autonomous community of Catalonia, as well as the second most populous municipality of Spain. With a population of 1.6 million within ...
, gathering more than 100 participants, featuring various talks about various features and improvements of the framework. Radare2 has been the focus of multiple presentations at several high-profile security conferences, like th
recon
hack.lu,
33c3 The Chaos Communication Congress is an annual conference organized by the Chaos Computer Club. The congress features a variety of lectures and workshops on technical and political issues related to security, cryptography, privacy and online ...
.


Features and usage

Radare2 has a steep
learning curve A learning curve is a graphical representation of the relationship between how proficient people are at a task and the amount of experience they have. Proficiency (measured on the vertical axis) usually increases with increased experience (the ...
since its main executable binaries are operated by command line and does not have a GUI by itself. Originally built around a hexadecimal editor, it has now a multitude of tools and features, and also bindings for several languages. Meanwhile it has a WebUI and the official graphical user interface project for Radare2 is called Iaito.


Static analysis

Radare2 is able to assemble and disassemble a lot of software programs, mainly executables, but it can also perform binary diffing with graphs, extract information like relocations symbols, and various other types of data. Internally, it uses a
NoSQL A NoSQL (originally referring to "non- SQL" or "non-relational") database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases. Such databases have existed ...
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases spa ...
name
sdb
to keep track of analysis information that can be inferred by radare2 or manually added by the user. Since it is able to deal with malformed binaries, it has also been used by software security researchers for analysis purposes.


Dynamic analysis

Radare2 has a built-in
debugger A debugger or debugging tool is a computer program used to test and debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its execut ...
that is lower-level than GDB. It can also interface with GDB and WineDBG to debug
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
binaries on other systems. In addition, it can also be used as a kernel debugger with
VMWare VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...
.


Software exploitation

Since it features a disassembler and a low-level debugger, radare2 can be useful to developers of exploits. The software has features which assist in exploit development, such as a ROP gadget search engine and mitigation detection. Because of the software's flexibility and support for many file formats, it is often used by capture the flag teams and other security-oriented personnel. Radare2 can also assist in creating shellcodes with its 'ragg2' tool, similar to metasploit.


Graphical user interface (GUI)

Project /github.com/hteso/iaito Iaitohas been developed as the first dedicated graphical user interface (GUI) for radare2; it's been forked by /github.com/radareorg/cutter Cutteras secondly developed graphical user interface (GUI) for radare2. When the Cutter project was separated from radare2 project in 2020
Iaito
was re-developed to be the current official radare2 graphical user interface (GUI) maintained by radare2 project members.


Supported architectures/formats

* Recognized file formats **
COFF The Common Object File Format (COFF) is a format for executable, object code, and shared library computer files used on Unix systems. It was introduced in Unix System V, replaced the previously used a.out format, and formed the basis for ext ...
and derivatives, including Win32/64/generic PE ** ELF and derivatives **
Mach-O Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format. Mach-O is used by some systems based on the ...
(
Mach Mach may refer to Mach number, the speed of sound in local conditions. It may also refer to: Computing * Mach (kernel), an operating systems kernel technology * ATI Mach, a 2D GPU chip by ATI * GNU Mach, the microkernel upon which GNU Hurd is bas ...
) and derivatives **
Game Boy The is an 8-bit fourth generation handheld game console developed and manufactured by Nintendo. It was first released in Japan on April 21, 1989, in North America later the same year, and in Europe in late 1990. It was designed by the same te ...
and
Game Boy Advance The (GBA) is a 32-bit handheld game console developed, manufactured and marketed by Nintendo as the successor to the Game Boy Color. It was released in Japan on March 21, 2001, in North America on June 11, 2001, in the PAL region on June 22, 2 ...
cartridges ** MZ (
MS-DOS MS-DOS ( ; acronym for Microsoft Disk Operating System, also known as Microsoft DOS) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and a few oper ...
) ** Java class **
Lua 5.1 Lua ( ; from meaning ''moon'') is a lightweight programming language, lightweight, High-level programming language, high-level, multi-paradigm programming language designed primarily for Scripting language, embedded use in applications. Lua i ...
and Python bytecode ** dyld cache dump ** Dex ( Dalvik EXecutable) **
Xbox Xbox is a video gaming brand created and owned by Microsoft. The brand consists of five video game consoles, as well as applications (games), streaming services, an online service by the name of Xbox network, and the development arm by th ...
xbe format ** Plan9 binaries ** WinRAR virtual machineTavis Ormandy - Fun with Constrained Programming
/ref> **
File system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one lar ...
like the ext family, ReiserFS, HFS+,
NTFS New Technology File System (NTFS) is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT family. It superseded File Allocation Table (FAT) as the preferred f ...
, FAT, ... ** DWARF and PDB file formats for storing additional debug information ** Raw binary * Instruction sets **
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the devel ...
x86 family **
ARM architecture ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configure ...
**
Atmel AVR AVR is a family of microcontrollers developed since 1996 by Atmel, acquired by Microchip Technology in 2016. These are modified Harvard architecture 8-bit RISC single-chip microcontrollers. AVR was one of the first microcontroller families ...
series ** Brainfuck ** Motorola 68k and H8 ** Ricoh 5A22 ** MOS 6502 ** Smartcard PSOS Virtual Machine **
Java virtual machine A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The JVM is detailed by a specification that formally describ ...
** MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l **
PowerPC PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple– IBM ...
**
SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system developed ...
Family ** TMS320Cxxx series ** Argonaut RISC Core ** Intel 51 series: 8051/80251b/80251s/80930b/80930s **
Zilog Z80 The Z80 is an 8-bit computing, 8-bit microprocessor introduced by Zilog as the startup company's first product. The Z80 was conceived by Federico Faggin in late 1974 and developed by him and his 11 employees starting in early 1975. The first wor ...
** CR16 ** Cambridge Silicon Radio (CSR) ** AndroidVM Dalvik **
DCPU-16 ''0x10c'' (pronounced "ten to the c") is an Unfinished creative work, unfinished Open world, sandbox science fiction video game previously under development by Mojang AB. It was announced on April 3, 2012, by Markus Persson, the game's lead desi ...
** EFI bytecode ** Game Boy (z80-like) ** Java Bytecode ** Malbolge ** MSIL/CIL **
Nios II Nios II is a 32-bit embedded processor architecture designed specifically for the Altera family of field-programmable gate array (FPGA) integrated circuits. Nios II incorporates many enhancements over the original Nios architecture, making it mo ...
**
SuperH SuperH (or SH) is a 32-bit reduced instruction set computing (RISC) instruction set architecture (ISA) developed by Hitachi and currently produced by Renesas. It is implemented by microcontrollers and microprocessors for embedded systems. At t ...
**
Spc700 The Super Nintendo Entertainment System (SNES), commonly shortened to Super NES or Super Nintendo, is a 16-bit home video game console developed by Nintendo that was released in 1990 in Japan and South Korea, 1991 in North America, 1992 in E ...
** Systemz ** TMS320 ** V850 **
Whitespace White space or whitespace may refer to: Technology * Whitespace characters, characters in computing that represent horizontal or vertical space * White spaces (radio), allocated but locally unused radio frequencies * TV White Space Database, a mec ...
** XCore


References


Further reading

* * *


External links

* {{official website
Radare2's blog

radare2 Git repository

Iaito Git repository
Disassemblers Cross-platform free software Debuggers Free software programmed in C Software using the LGPL license