Radare2

From ICO wiki
Revision as of 23:29, 24 August 2016 by Itaal (talk | contribs)
Jump to navigationJump to search

Radare [1] is an open source and multi-platform framework for Reverse Engineering activities which supports assembly and disassembly many architectures and binary formats [2]. As any other reversing framework, Radare framework aims to recognize high level features on machine code, such as: data structures, functions and execution flows. Radare has buildings for the most populars Operating Systems, such as: Microsoft Windows, Mac OS X, Linux, BSD, iPhone OS, Solaris and MeeGo.

Radare offers few options of interactive graphical interfaces, such as: Web, GTK (Python) and ASCII-Art graph. Another very useful characteristic due to its designing is the capacity to easily implement new architectures, binary formats and analyses [3][4]. Radare provides an open API and with many bindings for many programming languages, such as: Python, Java, Ruby, Go and Perl. Radare is also integrated with the most popular debuggers supporting local and remote debugging [5], such as: gdb, rap, webui, r2pipe, winedbg and windbg.

The framework is essentially composed by 7 executables:

   rax - responsible for converting numbers (e.g. string to hexadecimal, decimal to hexadecimal etc);
   rahash - block based hashing utility; 
   rabin - responsible for extracting information about binaries;
   rasm - assembly and disassembly from the shell;
   rafind - binary file search and edit tool;
   radiff - responsible for differential analysis. Very useful for analyzing patches;
   radare2 - main executable which combines all above mentioned binaries.

References

[1] http://radare.org/ [2] https://en.wikipedia.org/wiki/Radare2#Supported_architectures.2Fformats [3] https://github.com/radare/radare2/wiki/Implementing-a-new-architecture [4] https://github.com/radare/radare2/wiki/Implementing-a-new-analysis-plugin [5] http://solidsec.blogspot.de/2015/09/reversing-elf-binaries-remote-debugging.html