Radare2

From ICO wiki
Revision as of 00:23, 25 August 2016 by Itaal (talk | contribs)
Jump to navigationJump to search 
Radare [1] is an open source and multi-platform framework for Reverse Engineering activities which supports assembly and disassembly many architectures and binary formats [2]. As any other reversing framework, Radare framework aims to recognize high level features on machine code, such as: data structures, functions and execution flows. Radare has buildings for the most populars Operating Systems, such as: Microsoft Windows, Mac OS X, Linux, BSD, iPhone OS, Solaris and MeeGo. Figure 01 presents the main command line interface for Radare.

=

Radare offers few options of interactive graphical interfaces, such as: Web, GTK (Python) and ASCII-Art graph. Another very useful characteristic due to its designing is the capacity to easily implement new architectures, binary formats and analyses [3][4]. Radare provides an open API and with many bindings for many programming languages, such as: Python, Java, Ruby, Go and Perl. Radare is also integrated with the most popular debuggers supporting local and remote debugging [5], such as: gdb, rap, webui, r2pipe, winedbg and windbg.

This post aims to presenting a comparison between reverse engineering features from IDA pro [6] and Radare 2. We are going to discourse in which situation it is more appropriate to use each tool. This article can be used as a condensed user guide for Radare (a complete guide is available online [7]). This post can be used also as a reference guide once the above mentioned official guide is outdated and most examples do not work with the most recent version of Radare any longer. In this small tutorial we show the main functionalities of Radare in practice by solving a small "crack me" challenge.


The first comparison point is in case the analyst is more comfortable with command line interfaces and quick scripting features. Radare is very customizable and allow scripting characteristics and "piping" outputs to default Unix executables, such as: "wc", "more", "less" etc. This feature will be discoursed in more details in future.

The framework is essentially composed by 7 executables: 

   rax - responsible for converting numbers (e.g. string to hexadecimal, decimal to hexadecimal etc);
   rahash - block based hashing utility; 
   rabin - responsible for extracting information about binaries;
   rasm - assembly and disassembly from the shell;
   rafind - binary file search and edit tool;
   radiff - responsible for differential analysis. Very useful for analyzing patches;
   radare2 - main executable which combines all above mentioned binaries.
Retrieved from "https://wiki.itcollege.ee/index.php?title=Radare2&oldid=105041"