Radare2
{{Short description|Free framework for reverse-engineering software}}
{{Infobox software
| name = Radare2
| logo = File:Radare2.svg
| screenshot = File:CutterUiScreenshot2.png
| caption = Shown is Iaito, the graphical user interface of Radare2
| collapsible =
| author = Sergi Alvarez (pancake)
| developer = pancake and the community
| released =
| latest release version = {{wikidata|property|preferred|references|edit|Q18155039|P348}}
| latest release date = {{wikidata|qualifier|preferred|single|Q18155039|P348|P577}}
| latest preview version =
| latest preview date =
| programming language = C{{Cite web|url=https://github.com/radareorg/radare2|title=radareorg/radare2|date=January 18, 2024|via=GitHub}}
| operating system = Linux, BSD, macOS, Microsoft Windows, Haiku, Android, iOS, Solaris
| platform =
| size =
| language = English
| genre = Disassembler
| license = LGPL
}}
Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.
History
Radare2 was created in February 2006,{{Cite web|url=https://media.ccc.de/v/33c3-8095-radare_demystified|title=Radare demystified|last=|first=|date=2016-12-29|website=Chaos Computer Club media site|publisher=CCC|access-date=2016-12-29}} aiming to provide a free and simple command-line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks, for forensic purposes. Since then, the project has grown with the aim changed to provide a complete framework for analyzing binaries while adhering to several principles of the Unix philosophy.{{Cite web|url=http://www.cigtr.info/2015/07/i-have-written-more-than-300000-code.html|title=I have written more than 300.000 code lines for Radare|website=www.cigtr.info|archive-url=https://web.archive.org/web/20181103021531/http://www.cigtr.info/2015/07/i-have-written-more-than-300000-code.html|access-date=2017-01-21|archive-date=2018-11-03}}
In 2009, the decision was made to completely rewrite it, to get around limitations in the initial design. Since then, the project continued to grow,{{Citation|last=CCC|title=radare demystified|date=29 December 2016 |url=https://media.ccc.de/v/33c3-8095-radare_demystified|language=en|access-date=2017-01-21}} and attracted several resident developers.
In 2016, the first r2con took place in Barcelona,{{Cite web|url=https://www.nccgroup.trust/uk/about-us/newsroom-and-events/events/2016/september/r2con-2016/|title=r2con 2016|website=NCC Group|access-date=2017-01-21}}{{Cite news|url=https://www.nowsecure.com/blog/2016/08/09/hacker-behind-open-source-reverse-engineering-tool-radare-previews-inaugural-r2con/|title=The hacker behind open-source, reverse-engineering tool Radare...|last=Bakken|first=Sam|date=2016-08-09|newspaper=NowSecure|language=en-US|access-date=2017-01-21}} gathering more than 100 participants, featuring various talks about various features and improvements of the framework.
Radare2 has been the focus of multiple presentations at several high-profile security conferences, like the [http://recon.cx recon],{{Cite web|url=https://recon.cx/2015/schedule/events/49.html|title=Recon 2015 Schedule|website=recon.cx|access-date=2017-01-21}} hack.lu,{{Cite news|url=http://2015.hack.lu/talks/|title=Talks at Hack.lu 2015|newspaper=Hack.lu 2015|language=en-US|access-date=2017-01-21}} 33c3.
Features and usage
Radare2 has a steep learning curve since its main executable binaries are operated by command line and does not have a GUI by itself. Originally built around a hexadecimal editor, it has now a multitude of tools and features, and also bindings for several languages.{{Cite web|url=https://github.com/radareorg/radare2-bindings|title=radareorg/radare2-bindings|date=December 12, 2023|via=GitHub}} Meanwhile it has a WebUI{{Cite web|url=http://radare.today/posts/the-new-web-interface/|title=The new web interface|website=radare.today|archive-url=https://web.archive.org/web/20160729185304/http://radare.today/posts/the-new-web-interface/ |archive-date=2016-07-29 }} and the official graphical user interface project for Radare2 is called Iaito.{{cite web |title=iaito |url=https://rada.re/n/iaito.html |website=rada.re |access-date=14 August 2021}}
= Static analysis =
Radare2 is able to assemble and disassemble a lot of software programs, mainly executables, but it can also perform binary diffing with graphs,{{Cite web|url=https://chatsubo-labs.blogspot.com/2013/10/binary-diffing-visual-en-linux-con.html|title="Binary Diffing" visual en Linux con Radare2}} extract information like relocations symbols, and various other types of data. Internally, it uses a NoSQL database named [https://medium.com/@trufae/everything-is-a-string-9d626c98e59f sdb] to keep track of analysis information that can be inferred by Radare2 or manually added by the user. Since it is able to deal with malformed binaries, it has also been used by software security researchers for analysis purposes.{{Cite web|url=https://cybersecurity.att.com/blogs/labs-research/osx-leveragea-analysis|title=OSX/Leverage.a Analysis|first=Eduardo De la|last=Arada|website=cybersecurity.att.com|date=18 May 2024 }}{{Cite web|url=http://www.devttys0.com/wp-content/uploads/2014/04/FindingAndReversingBackdoors.pdf|title=None}}PHDays IV, May 21, 2014, 'Anton Kochkov', Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis
= Dynamic analysis =
Radare2 has a built-in debugger that is lower-level than GDB.{{Citation needed|date=November 2016}} It can also interface with GDB and WineDBG{{Cite web|url=http://comments.gmane.org/gmane.comp.tools.radare/1013 |title=Gmane archive about WinDBG support in radare2}} to debug Windows binaries on other systems. In addition, it can also be used as a kernel debugger with VMWare.
= Software exploitation =
Since it features a disassembler and a low-level debugger, Radare2 can be useful to developers of exploits. The software has features which assist in exploit development, such as a ROP gadget search engine and mitigation detection. Because of the software's flexibility and support for many file formats, it is often used by capture the flag teams{{Cite web|url=https://blog.dragonsector.pl/2014/04/plaid-ctf-2014-tiffany-writeup.html|title=Plaid CTF 2014 - Tiffany writeup|work=Dragon Sector}}{{Cite web|url=http://blog.lse.epita.fr//2012/06/04/defcon2k12-prequals-pwn300-writeup.html|title=DEFCON2K12 Prequals: pwn300 writeup|date=June 4, 2012|website=LSE Blog}} and other security-oriented personnel.{{Cite web|url=http://phrack.org/issues/66/14.html|title=manual binary mangling with radare|website=.:: Phrack Magazine ::.}}
Radare2 can also assist in creating shellcodes with its 'ragg2' tool, similar to metasploit.
= Graphical user interface (GUI) =
Project [//github.com/radareorg/iaito Iaito] has been developed as the first dedicated graphical user interface (GUI) for Radare2; it's been forked by [//github.com/rizinorg/cutter Cutter] as secondly developed graphical user interface (GUI) for Radare2. When the Cutter project was separated from Radare2 project at the end of 2020,{{cite web |title=Announcing Rizin |url=https://rizin.re/posts/announcing-rizin/ |website=rizin.re |date=8 December 2020 |access-date=8 December 2020}} [https://github.com/radareorg/iaito Iaito] was re-developed to be the current official Radare2 graphical user interface (GUI) maintained by Radare2 project members.
Supported architectures/formats
- Recognized file formats
- COFF and derivatives, including Win32/64/generic PE
- ELF and derivatives
- Mach-O (Mach) and derivatives
- Game Boy and Game Boy Advance cartridges
- MZ (MS-DOS)
- Java class
- Lua 5.1 and Python bytecode
- dyld cache dump{{Cite web|url=https://iphonedev.wiki/Dyld_shared_cache|title=dyld_shared_cache - iPhone Development Wiki|website=iphonedev.wiki}}
- Dex (Dalvik EXecutable)
- Xbox xbe format{{Cite web|url=https://www.caustik.com/cxbx/download/xbe.htm|title=.XBE File Format|website=www.caustik.com}}
- Plan9 binaries
- WinRAR virtual machine{{Cite web|url=https://blog.cmpxchg8b.com/2012/09/fun-with-constrained-programming.html|title=Fun with Constrained Programming}}
- File system like the ext family, ReiserFS, HFS+, NTFS, FAT, ...
- DWARF and PDB file formats for storing additional debug information
- Amiga Hunk
- Raw binary
- Instruction sets
- Intel x86 family
- ARM architecture
- Atmel AVR series
- Brainfuck
- Motorola 68k and H8
- Ricoh 5A22
- MOS 6502
- Smartcard PSOS Virtual Machine
- Java virtual machine
- MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l
- PowerPC
- SPARC Family
- TMS320Cxxx series
- Argonaut RISC Core
- Intel 51 series: 8051/80251b/80251s/80930b/80930s
- Zilog Z80
- CR16
- Cambridge Silicon Radio (CSR)
- AndroidVM Dalvik
- DCPU-16
- EFI bytecode
- Game Boy (z80-like)
- Java Bytecode
- Malbolge
- MSIL/CIL
- Nios II
- SuperH
- Spc700
- Systemz
- TMS320
- V850
- Whitespace
- XCore
References
{{Reflist}}
Further reading
- {{cite book |author= maijin |title= The radare2 book |url=https://www.gitbook.com/book/radare/radare2book/details|year=2016|access-date=20 March 2016}}
- {{cite book |author= monosource |title= Radare2 Explorations |url=https://www.gitbook.com/book/monosource/radare2-explorations/details|year=2016|access-date=19 January 2017}}
- {{cite book |author= pancake |title= The original radare book |url=https://book.rada.re|pages=152 |year=2008}}
External links
- {{official website}}
- [https://github.com/radare/radare2 Radare2 Git repository]
- [https://github.com/radareorg/iaito Iaito Git repository]
Category:Cross-platform free software
Category:Free software programmed in C
Category:Software using the GNU Lesser General Public License