Skip to content

Latest commit

 

History

History
49 lines (39 loc) · 4.53 KB

r2.md

File metadata and controls

49 lines (39 loc) · 4.53 KB

What is R2?

  • Radare2 is an open-source reverse engineering platform that goes beyond expectations.
  • It provides a wide range of functionalities, including disassembly, data analysis, patching, data comparison, searching, replacing, virtualization, and many more. Additionally, it has a powerful scripting engine and can run on almost all mainstream platforms, such as GNU/Linux, Windows, *BSD, iOS, OSX, Solaris, among others. Radare2 is truly a powerful tool for reverse engineering and analysis.
  • The commands in R2 are listed below.

li

  • The iI command is used in r2 to display important information about a binary file.
  • This information includes the file format, architecture, and bitness of the binary.
  • The file format refers to whether the binary file is in the ELF or PE format, for example. Architecture refers to the type of machine architecture, such as x86 or ARM. Bitness refers to whether the binary file is 32-bit or 64-bit.
  • Understanding this information can help determine the appropriate analysis techniques and tools to use. For example, knowing the architecture can guide whether to use ARM-specific or x86-specific tools.
  • Understanding the bitness can inform how to approach memory analysis and debugging.

pdf

The pdf command in radare2 is a powerful tool for displaying the assembly code and pseudo code of the current function. With the pdf command, users can quickly understand the operations of the current function and the execution flow of each instruction.

When using the pdf command, users can specify different options to control the display content and format. Here are some commonly used options:

  • pdf: Displays the assembly code and pseudo code of the current function.
  • pdf@: Displays the assembly code and pseudo code of the function at the specified address.
  • pdf~: Searches for functions whose name or comment contains the specified regular expression and displays their assembly code and pseudo code.
  • pdfj: Displays the JSON format representation of the current function, including information such as instructions, blocks, and operations.
  • pdfd: Displays the data flow graph of the current function, which shows the flow path of data in the function.
  • pdfm: Displays the call graph of the current function, which shows the call relationship between the current function and other functions.
  • By using different options with the pdf command, users can obtain different levels of analysis results, helping with reverse engineering and binary analysis. For example, using the pdfd option can help identify the data flow path in the function and determine the source and destination of the data flow, which can help understand the behavior and purpose of the function.

Overall, the pdf command is a powerful and flexible tool in radare2 that can help users with function-level analysis and reverse engineering.

afl & izz

The afl command in radare2 is used for fuzzing binaries with American Fuzzy Lop (AFL) instrumentation. AFL is a popular binary fuzzing tool that leverages instrumentation and genetic algorithms to find vulnerabilities in programs. With the afl command, users can easily prepare and run AFL fuzzing sessions on their target binary, and visualize the coverage data collected during the fuzzing process.

The afl command has various options that can be used to fine-tune the fuzzing process. Here are some commonly used options:

  • afl: Starts the AFL fuzzing process on the current binary.
  • afl-config: Configures the AFL environment variables and settings.
  • afl-showmap: Displays the code coverage information collected during the AFL fuzzing process.
  • afl-cmin: Minimizes the test cases collected during the AFL fuzzing process.

Another powerful command in radare2 is the izz command, which is used for analyzing the import and export tables of the target binary. With the izz command, users can quickly identify the external functions that the binary relies on and their details such as address, size, and function name. The izz command can be useful in reverse engineering and malware analysis, as it helps understand the binary's dependencies and behavior.

Some commonly used options with the izz command include:

  • izz: Displays both the import and export tables of the binary.
  • izz-: Displays only the import table.
  • izz+: Displays only the export table.
  • izz~: Searches for symbols whose name or comment contains the specified regular expression and displays their details.
  • Overall, the afl and izz commands are two powerful tools in radare2 that can help users with binary fuzzing and function analysis.