How to use the command 'radare2' (with examples)

How to use the command 'radare2' (with examples)

Radare2 is a set of reverse engineering tools that can be used to analyze binary files. It provides various features and capabilities for reverse engineers, such as disassembling, debugging, and analyzing executable binaries.

Use case 1: Open a file in write mode without parsing the file format headers

Code:

radare2 -nw path/to/binary

Motivation: Opening a file in write mode without parsing the file format headers can be useful when you want to quickly analyze a binary without spending time on parsing and understanding the file format headers. This allows you to directly jump into the analysis and start exploring the binary.

Explanation:

  • radare2: The command to start the radare2 reverse engineering tools.
  • -nw: Opens the binary in write mode without parsing the file format headers.
  • path/to/binary: The path to the binary file that you want to analyze.

Example output:

[0x00400400]> 

Use case 2: Debug a program

Code:

radare2 -d path/to/binary

Motivation: Debugging a program is an essential part of reverse engineering. It allows you to step through the program’s execution, inspect and modify memory, and understand how the program works. Radare2 provides a debugging mode that helps in analyzing the execution flow and identifying vulnerabilities or bugs in a program.

Explanation:

  • radare2: The command to start the radare2 reverse engineering tools.
  • -d: Enters the debugging mode.
  • path/to/binary: The path to the binary file that you want to debug.

Example output:

Process with PID 1234 started...
= attach 1234 1234

Use case 3: Run a script before entering the interactive CLI

Code:

radare2 -i path/to/script.r2 path/to/binary

Motivation: Running a script before entering the interactive CLI can be useful when you have a set of predefined commands or configurations that you want to apply to the binary before analyzing it. This saves time and allows for automation of tasks.

Explanation:

  • radare2: The command to start the radare2 reverse engineering tools.
  • -i: Runs a script before entering the interactive CLI.
  • path/to/script.r2: The path to the script file that you want to run.
  • path/to/binary: The path to the binary file that you want to analyze.

Example output:

Script at 'path/to/script.r2' executed successfully.
[0x00400400]> 

Use case 4: Show help text for any command in the interactive CLI

Code:

> radare2_command?

Motivation: In the interactive CLI, it is common to come across commands that you might not be familiar with. You can use the ? symbol to show the help text for any command, which provides a quick overview of its usage and arguments.

Explanation:

  • >: Indicates the interactive CLI prompt.
  • radare2_command?: Replace radare2_command with the actual command for which you want to see the help text.

Example output:

Unknown command 'radare2_command'
?            Show this help
oo           Open a file in read-mode, analyzing its format.
...

Use case 5: Run a shell command from the interactive CLI

Code:

> !shell_command

Motivation: Sometimes, you might need to execute a shell command while working in the interactive CLI. Radare2 allows you to do this by prefixing the command with !. This can be useful when you want to perform certain tasks or operations that are not directly supported by radare2.

Explanation:

  • >: Indicates the interactive CLI prompt.
  • !shell_command: Replace shell_command with the actual shell command that you want to execute.

Example output:

Executing shell command: shell_command

Output of the shell command.

Use case 6: Dump raw bytes of current block to a file

Code:

> pr > path/to/file.bin

Motivation: Dumping raw bytes of the current block to a file can be useful when you want to extract a specific section or portion of the binary for further analysis or investigation. This allows you to save the raw data to a file and process it using other tools or techniques.

Explanation:

  • >: Indicates the interactive CLI prompt.
  • pr: Performs the dump operation.
  • path/to/file.bin: The path to the file where you want to save the dumped raw bytes.

Example output:

Dumped raw bytes of the current block to 'path/to/file.bin'.

Conclusion:

The radare2 command provides a powerful set of reverse engineering tools for analyzing binary files. With its various features and capabilities, it enables reverse engineers to disassemble, debug, and analyze executables. The different use cases illustrated in this article demonstrate the versatility and functionality of using the radare2 command. Whether you need to quickly analyze a binary, debug a program, or perform more advanced analysis tasks, radare2 can be a valuable tool in your reverse engineering workflow.

Related Posts

How to use the command 'nx' (with examples)

How to use the command 'nx' (with examples)

The nx command is used to manage nx workspaces. It provides various functions to build, test, and execute targets on projects within the workspace.

Read More
How to use the command pnmtosir (with examples)

How to use the command pnmtosir (with examples)

The pnmtosir command is used to convert a PNM (Portable aNy Map) file to a Solitaire Image Recorder (SIR) file.

Read More
How to use the command 'xml transform' (with examples)

How to use the command 'xml transform' (with examples)

The ‘xml transform’ command is used to transform XML documents using XSLT (Extensible Stylesheet Language Transformations).

Read More