Questions tagged [radare2]

Use this tag for problems related to or involving Radare2, a portable reversing framework for dissembling , analyzing, and debugging binaries.

Radare2, sometimes referred to as r2, is a portable set of tools designed for reverse engineering binaries.

From the official website:

Radare is a LGPL portable reversing framework that can:

Disassemble (and assemble for) many different architectures

Debug natively or use remote targets (gdb, r2pipe, winedbg, windbg)

Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku

Perform forensics on filesystems and data carving

Be scripted in Python, Javascript, Go and more

Support collaborative analysis using the embedded webserver

Visualize data structures of several file types

Patch programs to uncover new features or fix vulnerabilities

Use powerful analysis capabilities to speed up reversing

Aid in software exploitation

Related Resources

70 questions

votes

1 answer

Is there a simple way to dump the export object value from a shared library?

For example, there is a symbol named country, I can get its information (type, address, and length) by nm -D -S $ nm -D libs_ma.so -S w _ITM_deregisterTMCloneTable w _ITM_registerTMCloneTable w…

asked Jan 30 '22 at 07:41

progquester

1,228
14
23

votes

1 answer

How to find which shared library exported which imported symbol in my binary?

I am trying to find the shared library which imported an external symbol. Currently I can get all imported symbols by using nm or many alternatives such as using radare2. I can also get the libraries which the binary is dependent on by using ldd.…

linux binary reverse-engineering elf radare2

asked Dec 26 '21 at 18:05

xdxdxd

votes

1 answer

How do in install radare2 from source offline?

Hi I downloaded radare2 source code and ran ./sys/install.sh However it actually failed due to connection time out to codeload.github.com while under terminal prints "ar: creating libr_winkd.a". I tried to google and search offline install method…

radare2

asked Dec 25 '21 at 07:15

Shore

votes

1 answer

How to find the Cross reference of a function or a string using r2pipe?

I am working on a malware detection project where I am using both radare2 and r2pipe. I know how to find the cross references of a function and string with the help of "axt @function_address/string_address" command. But the problem is that same…

cross-reference malware-detection radare2

asked May 19 '21 at 17:42

RAMA

votes

1 answer

Dump function bytes from a native .DLL on command line

I would like to list all exported functions in a DLL and dump their bytes. It's pretty trivial to list all the exports using either dumpbin or rabin2 from the radare2 package. I also found a way to disassemble the whole DLL using dumpbin but there's…

c windows assembly dll radare2

asked Mar 17 '21 at 23:21

detunized

15,059
3
48
64

votes

1 answer

Seeking into a specific function in gdb

While doing reverse engineering i always need to seek into specific functions. I used to work with radare2 with the command s , which set a breakpoint on the first instruction of function_name. Is there a similar method in gdb?

gdb reverse-engineering radare2

asked Jan 26 '21 at 11:49

Garde Des Ombres

votes

0 answers

Save Radare2 terminal output into text file for Mac

I am trying to use Radare2 to save opcode sequences from PE32 files. Does anyone know how I can save the output Radare2 prints onto terminal after I call the "pd" command onto a text file? I am also wondering if there might be a way to do this in…

bash malware radare2

asked Jun 11 '20 at 01:32

Allen Ye

votes

1 answer

How to modify machine code in radare2 under the cursor by incrementing and decrementing single bytes?

In Radare2, it should be possible, in visual mode, with the cursor active (press c), to increment and decrement a single byte of raw machine code. While doing this, it should update in real time the new assembled machine code, e.g. incrementing 0x50…

assembly reverse-engineering radare2

asked May 26 '20 at 04:33

AttributedTensorField

votes

1 answer

How to go to a highlighted function in radare2?

In radare2, after hitting "v", I can scroll through the code, and also selection function calls with the cursor. I'm curious how I can jump to the definition of a function, as in "step into" a function call that's highlighted.

radare2

asked Nov 28 '19 at 01:59

AlphaCentauri

votes

1 answer

Python 2.7.6 r2pipe.open fails to load binary file

I installed r2pipe, but it is not running. I do not understand. Python 2.7.6 (default, Mar 22 2014, 22:59:56) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import r2pipe >>> r2 =…

python radare2

asked Jun 06 '15 at 09:10

unnamed

Prev 1 2 3 4