Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.

Radare2
Original author(s)Sergi Alvarez (pancake)
Developer(s)pancake and the community
Stable release
5.9.6[1] Edit this on Wikidata / 13 October 2024
Repository
Written inC[2]
Operating systemLinux, BSD, macOS, Microsoft Windows, Haiku, Android, iOS, Solaris
Available inEnglish
TypeDisassembler
LicenseLGPL
Websitewww.radare.org/n/ Edit this on Wikidata

History

edit

Radare2 was created in February 2006,[3] aiming to provide a free and simple command-line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks, for forensic purposes. Since then, the project has grown with the aim changed to provide a complete framework for analyzing binaries while adhering to several principles of the Unix philosophy.[4]

In 2009, the decision was made to completely rewrite it, to get around limitations in the initial design. Since then, the project continued to grow,[5] and attracted several resident developers.

In 2016, the first r2con took place in Barcelona,[6][7] gathering more than 100 participants, featuring various talks about various features and improvements of the framework.

Radare2 has been the focus of multiple presentations at several high-profile security conferences, like the recon,[8] hack.lu,[9] 33c3.[3]

Features and usage

edit

Radare2 has a steep learning curve since its main executable binaries are operated by command line and does not have a GUI by itself. Originally built around a hexadecimal editor, it has now a multitude of tools and features, and also bindings for several languages.[10] Meanwhile it has a WebUI[11] and the official graphical user interface project for Radare2 is called Iaito.[12]

Static analysis

edit

Radare2 is able to assemble and disassemble a lot of software programs, mainly executables, but it can also perform binary diffing with graphs,[13] extract information like relocations symbols, and various other types of data. Internally, it uses a NoSQL database named sdb to keep track of analysis information that can be inferred by Radare2 or manually added by the user. Since it is able to deal with malformed binaries, it has also been used by software security researchers for analysis purposes.[14][15][16]

Dynamic analysis

edit

Radare2 has a built-in debugger that is lower-level than GDB.[citation needed] It can also interface with GDB and WineDBG[17] to debug Windows binaries on other systems. In addition, it can also be used as a kernel debugger with VMWare.

Software exploitation

edit

Since it features a disassembler and a low-level debugger, Radare2 can be useful to developers of exploits. The software has features which assist in exploit development, such as a ROP gadget search engine and mitigation detection. Because of the software's flexibility and support for many file formats, it is often used by capture the flag teams[18][19] and other security-oriented personnel.[20] Radare2 can also assist in creating shellcodes with its 'ragg2' tool, similar to metasploit.

Graphical user interface (GUI)

edit

Project Iaito has been developed as the first dedicated graphical user interface (GUI) for Radare2; it's been forked by Cutter as secondly developed graphical user interface (GUI) for Radare2. When the Cutter project was separated from Radare2 project at the end of 2020,[21] Iaito was re-developed to be the current official Radare2 graphical user interface (GUI) maintained by Radare2 project members.[12]

Supported architectures/formats

edit

References

edit
  1. ^ "Release 5.9.6". 13 October 2024. Retrieved 27 October 2024.
  2. ^ "radareorg/radare2". January 18, 2024 – via GitHub.
  3. ^ a b "Radare demystified". Chaos Computer Club media site. CCC. 2016-12-29. Retrieved 2016-12-29.
  4. ^ "I have written more than 300.000 code lines for Radare". www.cigtr.info. Archived from the original on 2018-11-03. Retrieved 2017-01-21.
  5. ^ CCC (29 December 2016), radare demystified, retrieved 2017-01-21
  6. ^ "r2con 2016". NCC Group. Retrieved 2017-01-21.
  7. ^ Bakken, Sam (2016-08-09). "The hacker behind open-source, reverse-engineering tool Radare..." NowSecure. Retrieved 2017-01-21.
  8. ^ "Recon 2015 Schedule". recon.cx. Retrieved 2017-01-21.
  9. ^ "Talks at Hack.lu 2015". Hack.lu 2015. Retrieved 2017-01-21.
  10. ^ "radareorg/radare2-bindings". December 12, 2023 – via GitHub.
  11. ^ "The new web interface". radare.today. Archived from the original on 2016-07-29.
  12. ^ a b "iaito". rada.re. Retrieved 14 August 2021.
  13. ^ ""Binary Diffing" visual en Linux con Radare2".
  14. ^ Arada, Eduardo De la (18 May 2024). "OSX/Leverage.a Analysis". cybersecurity.att.com.
  15. ^ "None" (PDF).
  16. ^ PHDays IV, May 21, 2014, 'Anton Kochkov', Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis
  17. ^ "Gmane archive about WinDBG support in radare2".
  18. ^ "Plaid CTF 2014 - Tiffany writeup". Dragon Sector.
  19. ^ "DEFCON2K12 Prequals: pwn300 writeup". LSE Blog. June 4, 2012.
  20. ^ "manual binary mangling with radare". .:: Phrack Magazine ::.
  21. ^ "Announcing Rizin". rizin.re. 8 December 2020. Retrieved 8 December 2020.
  22. ^ "dyld_shared_cache - iPhone Development Wiki". iphonedev.wiki.
  23. ^ ".XBE File Format". www.caustik.com.
  24. ^ "Fun with Constrained Programming".

Further reading

edit
edit