Radare2

Commands

Details

-L

List of supported IO plugins

-q

Exit after processing commands

-w

Write mode enabled

-i [file]

Interprets an r2 script

-A

Analyze executable at load time

-n

Bare load, do not load executable info as the entrypoint

-c 'cmds'

Run r2 and execute commands

-p [prj]

Creates a project for the file being analyzed

-

Opens r2 with the malloc plugin that provides a 512-byte memory area

Commands

Details

e

Returns configuration properties

e <property>

Check specific property

e <property>=<value>

Change property value

e?

Help about a configuration property

Commands

Details

Command chaining

x 3;s+3;pi 3;s+3;pxo 4;

Pipe with shell commands

pd | less

Run shell commands

!cat /etc/passwd

Escape to shell

!!command and pass output to Radare buffer

Commands

Details

s address

Move cursor to address or symbol

s-5

Move 5 bytes backward

s-

Undo seek

s+

Redo seek

Commands

Details

b size

Change block size

Commands

Details

j

Most commands accept j to print their output in JSON format

Commands

Details

aa

Analyze all functions and basic blocks

af

Analyze functions

afl

List all functions

afi

Info on current function

afr

Rename function

Commands

Details

iI

File info

iz

Strings in data section

iS

Sections

is

Symbols

il

Linked libraries

ii

Imports

ie

Entrypoint

Commands

Details

wx

Write hex values at the current offset

wa

Write assembly

wc

Write cache commit

wv

Write value with endian conversion and padding

Commands

Details

f

List flags

f label @ offset

Define a flag at an offset

fr

Rename flag

fd

Return position from nearest flag

Commands

Details

y n

Copy n bytes from current position

yp

Print yank buffer

yy offset

Paste contents of yank buffer at an offset

Commands

Details

V

Enter visual mode

q

Exit visual mode

hjkl

Move around while in visual mode

o

Go to offset

Commands

Details

/R opcodes

Search for opcodes

/a

Search for assembly

pda

Returns a library of gadgets

Commands

Details

/ bytes

Search for bytes

/m [magicfile]

Search magic number headers

Commands

Details

Cd [size]

Define as data

C- [size]

Define as code

CC

Add a new comment in console mode

Commands

Details

pm

Print Magic files analysis

/m [magicfile]

Search magic number headers

Commands

Details

:yara scan

Scan with Yara for detecting signatures

Commands

Details

zg <language> <output file>

Generate zignatures

z

Show loaded zignatures

Commands

Details

r2 -m 0xf0000 /etc/fstab

Open source file

cc offset

Diff by columns between two offsets

Commands

Details

ag $$ > a.dot

Dump basic block graph to a file named a.dot

agc $$ > b.dot

Dump call graph to a file named b.dot

Commands

Details

r2 -d [pid|cmd|ptrace]

Start r2 in debugger mode (if the comamnd contains spaces use quotes)

dp

Show processes and threads

dc

Continue execution

db address

Set a breakpoint

Commands

Details

=h

Start the server

=H

Start server and browser

Commands

Details

rax2 -e

Base conversion and endian change

rahash2 -a entropy

Show entropy per block

radiff2 -C

Code diffing

rasm2 -d

Disassemble data

Commands

Details

ragg2 -a x86 -b 32 -i exec

Generate 32-bit x86 shellcode

Commands

Details

rabin2 -I

Executable info

rabin2 -s

Symbols

Commands

Details

r2 -b 32 -d rarun2 program=exp1 arg1=$(ragg2 -P 200 -r)

Launch a program with args inside r2's debugger

r2 -d rarun2 program=/bin/cat stdin=$(python e.py)

runs /bin/cat with the output of exploit.py directed to stdin