radare2: reverse engineering framework

radare is a reverse engineering framework and cmdline tools to work with binary files and understand the way they work. The version 2 of radare is a complete rewrite from the scratch. radare supports analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers and so on.

Use cases

  • Disassemble (and assemble for) many different architectures
  • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
  • Perform forensics on filesystems and data carving
  • Be scripted in Python, Javascript, Go and more
  • Support collaborative analysis using the embedded webserver
  • Visualize data structures of several file types
  • Patch programs to uncover new features or fix vulnerabilities
  • Use powerful analysis capabilities to speed up reversing
  • Aid in software exploitation

radare2 supports:

  • Architectures 6502, 8051, arm, arc, avr, bf, tms320 (c54x, c55x, c55+), gameboy csr, dcpu16, dalvik, i8080, mips, m68k, mips, msil, snes, nios II, sh, sparc, rar, powerpc, i386, x86-64, H8/300, malbolge, T8200, LH5801
  • File formats bios, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-64, MZ, PE, PE+, TE, COFF, plan9, bios, dyldcache, Gameboy and Nintendo DS ROMs
  • Operating systems Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS
  • Bindings Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAML and more

Installation

Though radare can be installed from the default repositories on Ubuntu, it’s advisable to compile the latest radare2 from source. Dependencies are minimal. The GUI uses ncurses and pygtk libraries. Run:

$ git clone https://github.com/radare/radare2.git
$ cd radare2
$ sudo sys/install.sh

Webpage: radare

2 thoughts on “radare2: reverse engineering framework”

Leave a Reply

Your email address will not be published. Required fields are marked *