Jump to content

Radare2

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Wiae (talk | contribs) at 13:58, 16 November 2015 (Disambiguating links to PDB (link changed to Protein Data Bank (file format)) using DisamAssist.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Radare2
Original author(s)pancake
Developer(s)pancake
Stable release
0.9.9.[1] / June 5, 2015; 9 years ago (2015-06-05)
Repository
Written inC[2]
Operating systemMicrosoft Windows, Mac OS X, Linux, BSD, Haiku, Android, IPhone OS, Solaris, MeeGo
Available inEnglish
TypeDisassembler
LicenseLGPL
Websiteradare.org

Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processors and operating systems.

History

It was created in February 2006, aiming to provide a free and simple command line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks, for forensic purposes. Since then, the project has grown with the aim changed to provide a complete framework for analyzing binaries while adhering to several principles of the Unix philosophy.

In 2009, the decision was made to completely rewrite it, to get around limitations in the initial design. Since then, the project continued to grow, and attracted several resident developers.

Features and usage

Since it doesn't have a GUI, it has a steep learning curve. Originally built around a hexadecimal editor, it has now a multitude of tools and features, and also bindings for several languages.[3]

Static analysis

Radare2 is able to assemble and disassemble a lot of things, but it can also perform binary diffing with graphs,[4] extract information like relocations symbols, and various other types of data. Internally, it uses a NoSQL database named sdb to keep track of analysis information, that can be inferred by radare2, or manually added by the user. Since it is able to deal with malformed binaries, it has also been used by software security researchers for analysis purposes[5][6][7]

Dynamic analysis

Radare2 has a built-in debugger, that is lower-level than the classic GDB. However, it can also interface itself with the GNU debugger, or even WineDBG[8] to debug Windows binaries on other systems. It is even possible to use it as a kernel-debugger with VMWare. Also there is a support for the WinDBG protocol.

Software exploitation

Since it features a disassembler and a low-level debugger, radare2 can be useful to exploit developers. The software has features which assist in exploit development, such as a ROP gadget search engine and mitigation detection. Because of the software's flexibility and support for many file formats, it is often used by capture the flag teams[9][10] and other security-oriented personnel.[11] Radare2 can also assist in creating shellcodes with its 'ragg2' tool, similar to metasploit.

Supported architectures/formats

References

Further reading

  • The radare book. pancake. 2008. p. 152. {{cite book}}: External link in |title= (help)
  • The r2-book