Radare2

Shameless plug
This course is given to you for free by The Perkins Cybersecurity Educational Fund: https://perkinsfund.org/ in collaboration with the Malcore team: https://m4lc.io/courses/register
Please consider donating to The Perkins Cybersecurity Educational Fund and registering for Malcore. You can also join the Malcore Discord server here: https://m4lc.io/courses/discord
Malcore offers free threat intel in our Discord via their custom designed Discord bot. Join the Discord to discuss this course in further detail or to ask questions.
You can also support The Perkins Cybersecurity Educational Fund by buying them a coffee
Index
Command Line Options
Commands
Details
-L
List of supported IO plugins
-q
Exit after processing commands
-w
Write mode enabled
-i [file]
Interprets an r2 script
-A
Analyze executable at load time
-n
Bare load, do not load executable info as the entrypoint
-c 'cmds'
Run r2 and execute commands
-p [prj]
Creates a project for the file being analyzed
-
Opens r2 with the malloc plugin that provides a 512-byte memory area
Configuration Properties
Commands
Details
e
Returns configuration properties
e <property>
Check specific property
e <property>=<value>
Change property value
e?
Help about a configuration property
Basic Commands
Commands
Details
Command chaining
x 3;s+3;pi 3;s+3;pxo 4;
Pipe with shell commands
pd | less
Run shell commands
!cat /etc/passwd
Escape to shell
!!command
and pass output to Radare buffer
Positioning
Commands
Details
s address
Move cursor to address or symbol
s-5
Move 5 bytes backward
s-
Undo seek
s+
Redo seek
Block Size
Commands
Details
b size
Change block size
JSON Output
Commands
Details
j
Most commands accept j
to print their output in JSON format
Analyze
Commands
Details
aa
Analyze all functions and basic blocks
af
Analyze functions
afl
List all functions
afi
Info on current function
afr
Rename function
Information
Commands
Details
iI
File info
iz
Strings in data section
iS
Sections
is
Symbols
il
Linked libraries
ii
Imports
ie
Entrypoint
Write
Commands
Details
wx
Write hex values at the current offset
wa
Write assembly
wc
Write cache commit
wv
Write value with endian conversion and padding
Flags
Commands
Details
f
List flags
f label @ offset
Define a flag at an offset
fr
Rename flag
fd
Return position from nearest flag
Yank and Paste
Commands
Details
y n
Copy n
bytes from current position
yp
Print yank buffer
yy offset
Paste contents of yank buffer at an offset
Visual Mode
Commands
Details
V
Enter visual mode
q
Exit visual mode
hjkl
Move around while in visual mode
o
Go to offset
ROP
Commands
Details
/R opcodes
Search for opcodes
/a
Search for assembly
pda
Returns a library of gadgets
Searching
Commands
Details
/ bytes
Search for bytes
/m [magicfile]
Search magic number headers
Comments and Defines
Commands
Details
Cd [size]
Define as data
C- [size]
Define as code
CC
Add a new comment in console mode
Magic Files
Commands
Details
pm
Print Magic files analysis
/m [magicfile]
Search magic number headers
Yara
Commands
Details
:yara scan
Scan with Yara for detecting signatures
Zignatures
Commands
Details
zg <language> <output file>
Generate zignatures
z
Show loaded zignatures
Compare Files
Commands
Details
r2 -m 0xf0000 /etc/fstab
Open source file
cc offset
Diff by columns between two offsets
Graphs
Commands
Details
ag $$ > a.dot
Dump basic block graph to a file named a.dot
agc $$ > b.dot
Dump call graph to a file named b.dot
Debugger
Commands
Details
r2 -d [pid|cmd|ptrace]
Start r2 in debugger mode (if the comamnd contains spaces use quotes)
dp
Show processes and threads
dc
Continue execution
db address
Set a breakpoint
WebGUI (Enyo)
Commands
Details
=h
Start the server
=H
Start server and browser
Radare2 Suite Commands
Commands
Details
rax2 -e
Base conversion and endian change
rahash2 -a entropy
Show entropy per block
radiff2 -C
Code diffing
rasm2 -d
Disassemble data
Shellcode Generator (ragg2)
Commands
Details
ragg2 -a x86 -b 32 -i exec
Generate 32-bit x86 shellcode
Executable Analysis (rabin2)
Commands
Details
rabin2 -I
Executable info
rabin2 -s
Symbols
Program Launcher (rarun2)
Commands
Details
r2 -b 32 -d rarun2 program=exp1 arg1=$(ragg2 -P 200 -r)
Launch a program with args inside r2's debugger
r2 -d rarun2 program=/bin/cat stdin=$(python e.py)
runs /bin/cat with the output of exploit.py directed to stdin
Last updated