CS4459: Radare2 (r2) a quick HOWTO

# CS4459: Radare2 (r2) a quick HOWTO [Radare2] is a static binary analysis tool. ## How to run ``` $ r2 /bin/ls > aaa # analyze all the things > is # list symbols > afl # list functions found > pdf # disassemble function > s <tab># seek to address > v # enter visual panels mode ``` ## Basic commands * `afl` listing functions from a binary ``` [0x080483e0]> afl 0x080483e0 1 50 entry0 0x08048413 1 4 fcn.08048413 0x08048390 1 6 sym.imp.__libc_start_main 0x08048440 4 50 -> 41 sym.deregister_tm_clones 0x08048480 4 58 -> 54 sym.register_tm_clones 0x080484c0 3 34 -> 31 sym.__do_global_dtors_aux 0x080484f0 1 6 entry.init0 0x08048650 1 2 sym.__libc_csu_fini 0x08048430 1 4 sym.__x86.get_pc_thunk.bx 0x08048654 1 20 sym._fini 0x080485f0 4 93 sym.__libc_csu_init 0x08048420 1 2 sym._dl_relocate_static_pie 0x08048570 4 126 main 0x08048500 1 101 sym.get_a_shell 0x08048370 1 6 sym.imp.printf 0x08048380 1 6 sym.imp.getegid 0x080483b0 1 6 sym.imp.setregid 0x080483a0 1 6 sym.imp.execl 0x08048330 3 35 sym._init 0x080483d0 1 6 sym..plt.got 0x080483c0 1 6 sym.imp.__isoc99_scanf ``` * Example workflow (`level0` binary) * ``` r2 ./level0 > aaaa # run static analysis against `level0` binary > afl # list functions > s main # seek main function. > pdf # output disassemble result ``` * Other useful commands ``` > agfv # control flow graph. ``` * Configuration files ``` [email protected]:/home/kjee/unit1/level01 $ r2 -H R2_VERSION=5.9.5 R2_PREFIX=/usr/local R2_MAGICPATH=/usr/local/share/radare2/5.9.5/magic R2_INCDIR=/usr/local/include/libr R2_BINDIR=/usr/local/bin R2_RCFILE=/home/kjee/.radare2rc R2_LIBDIR=/usr/local/lib R2_LIBEXT=so R2_RDATAHOME=/home/kjee/.local/share/radare2 R2_HISTORY=/home/kjee/.cache/radare2/history R2_CONFIG_HOME=/home/kjee/.config/radare2 R2_CACHE_HOME=/home/kjee/.cache/radare2 R2_LIBR_PLUGINS=/usr/local/lib/radare2/5.9.5 R2_USER_PLUGINS=/home/kjee/.local/share/radare2/plugins R2_ZIGNS_HOME=/home/kjee/.local/share//radare2/zigns ``` ## Resources * [Radare2 Book] * [cheatsheet1] * [cheatsheet2] [Radare2 Book]:https://book.rada.re/ [Radare2]:https://rada.re/n/ [cheatsheet1]:https://github.com/radareorg/radare2/blob/master/doc/intro.md [cheatsheet2]:https://gist.github.com/williballenthin/6857590dab3e2a6559d7 ###### tags: `candl`,`radare2`,`cs6332`,`r2`,`cs4459`