Radare2
Last updated
Last updated
Shameless plug
This course is given to you for free by The Perkins Cybersecurity Educational Fund: in collaboration with the Malcore team:
Please consider donating to Fund and registering for Malcore. You can also join the Malcore Discord server here:
Malcore offers free threat intel in our Discord via their custom designed Discord bot. Join the Discord to discuss this course in further detail or to ask questions.
You can also support The Perkins Cybersecurity Educational Fund by buying them a coffee
Commands
Details
-L
List of supported IO plugins
-q
Exit after processing commands
-w
Write mode enabled
-i [file]
Interprets an r2 script
-A
Analyze executable at load time
-n
Bare load, do not load executable info as the entrypoint
-c 'cmds'
Run r2 and execute commands
-p [prj]
Creates a project for the file being analyzed
-
Opens r2 with the malloc plugin that provides a 512-byte memory area
Commands
Details
e
Returns configuration properties
e <property>
Check specific property
e <property>=<value>
Change property value
e?
Help about a configuration property
Commands
Details
Command chaining
x 3;s+3;pi 3;s+3;pxo 4;
Pipe with shell commands
pd | less
Run shell commands
!cat /etc/passwd
Escape to shell
!!command and pass output to Radare buffer
Commands
Details
s address
Move cursor to address or symbol
s-5
Move 5 bytes backward
s-
Undo seek
s+
Redo seek
Commands
Details
b size
Change block size
Commands
Details
j
Most commands accept j to print their output in JSON format
Commands
Details
aa
Analyze all functions and basic blocks
af
Analyze functions
afl
List all functions
afi
Info on current function
afr
Rename function
Commands
Details
iI
File info
iz
Strings in data section
iS
Sections
is
Symbols
il
Linked libraries
ii
Imports
ie
Entrypoint
Commands
Details
wx
Write hex values at the current offset
wa
Write assembly
wc
Write cache commit
wv
Write value with endian conversion and padding
Commands
Details
f
List flags
f label @ offset
Define a flag at an offset
fr
Rename flag
fd
Return position from nearest flag
Commands
Details
y n
Copy n bytes from current position
yp
Print yank buffer
yy offset
Paste contents of yank buffer at an offset
Commands
Details
V
Enter visual mode
q
Exit visual mode
hjkl
Move around while in visual mode
o
Go to offset
Commands
Details
/R opcodes
Search for opcodes
/a
Search for assembly
pda
Returns a library of gadgets
Commands
Details
/ bytes
Search for bytes
/m [magicfile]
Search magic number headers
Commands
Details
Cd [size]
Define as data
C- [size]
Define as code
CC
Add a new comment in console mode
Commands
Details
pm
Print Magic files analysis
/m [magicfile]
Search magic number headers
Commands
Details
:yara scan
Scan with Yara for detecting signatures
Commands
Details
zg <language> <output file>
Generate zignatures
z
Show loaded zignatures
Commands
Details
r2 -m 0xf0000 /etc/fstab
Open source file
cc offset
Diff by columns between two offsets
Commands
Details
ag $$ > a.dot
Dump basic block graph to a file named a.dot
agc $$ > b.dot
Dump call graph to a file named b.dot
Commands
Details
r2 -d [pid|cmd|ptrace]
Start r2 in debugger mode (if the comamnd contains spaces use quotes)
dp
Show processes and threads
dc
Continue execution
db address
Set a breakpoint
Commands
Details
=h
Start the server
=H
Start server and browser
Commands
Details
rax2 -e
Base conversion and endian change
rahash2 -a entropy
Show entropy per block
radiff2 -C
Code diffing
rasm2 -d
Disassemble data
Commands
Details
ragg2 -a x86 -b 32 -i exec
Generate 32-bit x86 shellcode
Commands
Details
rabin2 -I
Executable info
rabin2 -s
Symbols
Commands
Details
r2 -b 32 -d rarun2 program=exp1 arg1=$(ragg2 -P 200 -r)
Launch a program with args inside r2's debugger
r2 -d rarun2 program=/bin/cat stdin=$(python e.py)
runs /bin/cat with the output of exploit.py directed to stdin
