Radare2
   HOME

TheInfoList



Click Here for Items Related To - Radare2
OR:
Radare2 on:   [Wikipedia]   [Google]   [Amazon]

Radare2 (also known as r2) is a complete
framework A framework is a generic term commonly referring to an essential supporting structure which other things are built on top of. Framework may refer to: Computing * Application framework, used to implement the structure of an application for an op ...
for
reverse-engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
and analyzing binaries; composed of a set of small utilities that can be used together or independently from the
command line A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
. Built around a
disassembler A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly l ...
for
computer software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
which generates assembly language
source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the w ...
from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.


History

Radare2 was created in February 2006, aiming to provide a free and simple command-line interface for a
hexadecimal editor A hex editor (or ''binary file editor'' or ''byte editor'') is a computer program that allows for manipulation of the fundamental binary data that constitutes a computer file. The name 'hex' comes from ' hexadecimal', a standard numerical format f ...
supporting 64 bit offsets to make searches and recovering data from hard-disks, for forensic purposes. Since then, the project has grown with the aim changed to provide a complete framework for analyzing binaries while adhering to several principles of the
Unix philosophy The Unix philosophy, originated by Ken Thompson, is a set of cultural norms and philosophical approaches to minimalist, modular software development. It is based on the experience of leading developers of the Unix operating system. Early Unix de ...
. In 2009, the decision was made to completely rewrite it, to get around limitations in the initial design. Since then, the project continued to grow, and attracted several resident developers. In 2016, the first ''r2con'' took place in
Barcelona Barcelona ( , , ) is a city on the coast of northeastern Spain. It is the capital and largest city of the autonomous community of Catalonia, as well as the second most populous municipality of Spain. With a population of 1.6 million within ci ...
, gathering more than 100 participants, featuring various talks about various features and improvements of the framework. Radare2 has been the focus of multiple presentations at several high-profile security conferences, like th
recon
hack.lu, 33c3.


Features and usage

Radare2 has a steep
learning curve A learning curve is a graphical representation of the relationship between how proficient people are at a task and the amount of experience they have. Proficiency (measured on the vertical axis) usually increases with increased experience (the ...
since its main executable binaries are operated by command line and does not have a
GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...
by itself. Originally built around a hexadecimal editor, it has now a multitude of tools and features, and also bindings for several languages. Meanwhile it has a WebUI and the official graphical user interface project for Radare2 is called Iaito.


Static analysis

Radare2 is able to assemble and disassemble a lot of software programs, mainly executables, but it can also perform binary diffing with graphs, extract information like relocations symbols, and various other types of data. Internally, it uses a NoSQL
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases sp ...
name
sdb
to keep track of analysis information that can be inferred by radare2 or manually added by the user. Since it is able to deal with malformed binaries, it has also been used by
software security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security i ...
researchers for analysis purposes.


Dynamic analysis

Radare2 has a built-in
debugger A debugger or debugging tool is a computer program used to test and debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its executi ...
that is lower-level than
GDB The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Objective-C, Free Pascal, Fortran, Go, and partially others. History GDB was first written by ...
. It can also interface with GDB and WineDBG to debug
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
binaries on other systems. In addition, it can also be used as a kernel debugger with
VMWare VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...
.


Software exploitation

Since it features a disassembler and a low-level debugger, radare2 can be useful to developers of exploits. The software has features which assist in exploit development, such as a ROP gadget search engine and
mitigation Mitigation is the reduction of something harmful or the reduction of its harmful effects. It may refer to measures taken to reduce the harmful effects of hazards that remain ''in potentia'', or to manage harmful incidents that have already occur ...
detection. Because of the software's flexibility and support for many file formats, it is often used by
capture the flag Capture the flag (CTF) is a traditional outdoor sport where two or more teams each have a flag (or other markers) and the objective is to capture the other team's flag, located at the team's "base", and bring it safely back to their own base. ...
teams and other security-oriented personnel. Radare2 can also assist in creating
shellcode In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised m ...
s with its 'ragg2' tool, similar to
metasploit The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. It ...
.


Graphical user interface (GUI)

Project /github.com/hteso/iaito Iaitohas been developed as the first dedicated graphical user interface (GUI) for radare2; it's been forked by /github.com/radareorg/cutter Cutteras secondly developed graphical user interface (GUI) for radare2. When the Cutter project was separated from radare2 project in 2020
Iaito
was re-developed to be the current official radare2 graphical user interface (GUI) maintained by radare2 project members.


Supported architectures/formats

* Recognized file formats **
COFF The Common Object File Format (COFF) is a format for executable, object code, and shared library computer files used on Unix systems. It was introduced in Unix System V, replaced the previously used a.out format, and formed the basis for ex ...
and derivatives, including Win32/64/generic PE **
ELF An elf () is a type of humanoid supernatural being in Germanic mythology and folklore. Elves appear especially in North Germanic mythology. They are subsequently mentioned in Snorri Sturluson's Icelandic Prose Edda. He distinguishes "ligh ...
and derivatives **
Mach-O Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format. Mach-O is used by some systems based on the ...
( Mach) and derivatives **
Game Boy The is an 8-bit fourth generation handheld game console developed and manufactured by Nintendo. It was first released in Japan on April 21, 1989, in North America later the same year, and in Europe in late 1990. It was designed by the same t ...
and
Game Boy Advance The (GBA) is a 32-bit handheld game console developed, manufactured and marketed by Nintendo as the successor to the Game Boy Color. It was released in Japan on March 21, 2001, in North America on June 11, 2001, in the PAL region on June 22, ...
cartridges ** MZ (
MS-DOS MS-DOS ( ; acronym for Microsoft Disk Operating System, also known as Microsoft DOS) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and a few ope ...
) **
Java class A Java class file is a file (with the filename extension) containing Java bytecode that can be executed on the Java Virtual Machine (JVM). A Java class file is usually produced by a Java compiler from Java programming language source files ( fi ...
** Lua 5.1 and
Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (pro ...
bytecode ** dyld cache dump ** Dex ( Dalvik EXecutable) **
Xbox Xbox is a video gaming brand created and owned by Microsoft. The brand consists of five video game consoles, as well as applications (games), streaming services, an online service by the name of Xbox network, and the development arm by the ...
xbe format ** Plan9 binaries **
WinRAR WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR (file format), RAR or Zip (file format), ZIP file formats, and unpack numerous archive file formats. To en ...
virtual machineTavis Ormandy - Fun with Constrained Programming
/ref> ** File system like the
ext Ext, ext or EXT may refer to: * Ext functor, used in the mathematical field of homological algebra * Ext (JavaScript library), a programming library used to build interactive web applications * Exeter Airport (IATA airport code), in Devon, England ...
family,
ReiserFS ReiserFS is a general-purpose, journaling file system initially designed and implemented by a team at Namesys led by Hans Reiser and licensed under GPLv2. Introduced in version 2.4.1 of the Linux kernel, it was the first journaling file sys ...
,
HFS+ HFS Plus or HFS+ (also known as Mac OS Extended or HFS Extended) is a journaling file system developed by Apple Inc. It replaced the Hierarchical File System (HFS) as the primary file system of Apple computers with the 1998 release of Mac OS 8.1 ...
,
NTFS New Technology File System (NTFS) is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT family. It superseded File Allocation Table (FAT) as the preferred fil ...
,
FAT In nutrition, biology, and chemistry, fat usually means any ester of fatty acids, or a mixture of such compounds, most commonly those that occur in living beings or in food. The term often refers specifically to triglycerides (triple est ...
, ... **
DWARF Dwarf or dwarves may refer to: Common uses *Dwarf (folklore), a being from Germanic mythology and folklore * Dwarf, a person or animal with dwarfism Arts, entertainment, and media Fictional entities * Dwarf (''Dungeons & Dragons''), a humanoid ...
and PDB file formats for storing additional debug information ** Raw binary * Instruction sets **
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
x86 family ** ARM architecture ** Atmel AVR series **
Brainfuck Brainfuck is an esoteric programming language created in 1993 by Urban Müller. Notable for its extreme minimalism, the language consists of only eight simple commands, a data pointer and an instruction pointer. While it is fully Turing com ...
**
Motorola 68k The Motorola 68000 series (also known as 680x0, m68000, m68k, or 68k) is a family of 32-bit complex instruction set computer (CISC) microprocessors. During the 1980s and early 1990s, they were popular in personal computers and workstations and w ...
and H8 **
Ricoh 5A22 The Ricoh 5A22 is an 8/16-bit microprocessor produced by Ricoh for the Super Nintendo Entertainment System (SNES) video game console. It is based on the 8/16-bit Western Design Center, WDC WDC 65816, 65C816, which was developed between 1982 and ...
**
MOS 6502 The MOS Technology 6502 (typically pronounced "sixty-five-oh-two" or "six-five-oh-two") William Mensch and the moderator both pronounce the 6502 microprocessor as ''"sixty-five-oh-two"''. is an 8-bit microprocessor that was designed by a small te ...
** Smartcard PSOS Virtual Machine **
Java virtual machine A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The JVM is detailed by a specification that formally describes ...
** MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l **
PowerPC PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple Inc., App ...
**
SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system developed ...
Family ** TMS320Cxxx series ** Argonaut RISC Core ** Intel 51 series: 8051/80251b/80251s/80930b/80930s **
Zilog Z80 The Z80 is an 8-bit microprocessor introduced by Zilog as the startup company's first product. The Z80 was conceived by Federico Faggin in late 1974 and developed by him and his 11 employees starting in early 1975. The first working samples wer ...
**
CR16 CompactRISC is a family of instruction set architectures from National Semiconductor. The architectures are designed according to reduced instruction set computing principles, and are mainly used in microcontrollers. The subarchitectures of this fam ...
** Cambridge Silicon Radio (CSR) ** AndroidVM Dalvik ** DCPU-16 ** EFI bytecode ** Game Boy (z80-like) ** Java Bytecode **
Malbolge Malbolge () is a public domain esoteric programming language invented by Ben Olmstead in 1998, named after the eighth circle of hell in Dante's ''Inferno'', the Malebolge. It was specifically designed to be almost impossible to use, via a counte ...
** MSIL/CIL **
Nios II Nios II is a 32-bit embedded processor architecture designed specifically for the Altera family of field-programmable gate array (FPGA) integrated circuits. Nios II incorporates many enhancements over the original Nios architecture, making it mo ...
**
SuperH SuperH (or SH) is a 32-bit reduced instruction set computing (RISC) instruction set architecture (ISA) developed by Hitachi and currently produced by Renesas. It is implemented by microcontrollers and microprocessors for embedded systems. At t ...
**
Spc700 The Super Nintendo Entertainment System (SNES), commonly shortened to Super NES or Super Nintendo, is a 16-bit home video game console developed by Nintendo that was released in 1990 in Japan and South Korea, 1991 in North America, 1992 in E ...
** Systemz **
TMS320 Texas Instruments TMS320 is a blanket name for a series of digital signal processors (DSPs) from Texas Instruments. It was introduced on April 8, 1983 through the TMS32010 processor, which was then the fastest DSP on the market. The processor is ...
**
V850 V850 is a 32-bit RISC CPU architecture produced by Renesas Electronics for embedded microcontrollers. It was designed by NEC as a replacement for their earlier NEC V60 family, and was introduced shortly before NEC sold their designs to Renesas ...
** Whitespace **
XCore XMOS is a fabless semiconductor company that develops audio products and multicore microcontrollers. Company history XMOS was founded in July 2005 by Ali Dixon, James Foster, Noel Hurley, David May, and Hitesh Mehta. It received seed funding ...


References


Further reading

* * *


External links

* {{official website
Radare2's blog

radare2 Git repository

Iaito Git repository
Disassemblers Cross-platform free software Debuggers Free software programmed in C Software using the LGPL license