radare2 | like reverse engineering framework and command-line toolset | Reverse Engineering library

 by   radareorg C Version: 5.8.8 License: LGPL-3.0

kandi X-RAY | radare2 Summary

kandi X-RAY | radare2 Summary

radare2 is a C library typically used in Utilities, Reverse Engineering applications. radare2 has no bugs, it has no vulnerabilities, it has a Weak Copyleft License and it has medium support. You can download it from GitHub.

See the Releases page for binary downloads. The current git master branch is 5.6.5, and the next release will be 5.6.6. r2 is a complete rewrite of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks. The radare project started as a simple command-line hexadecimal editor focused on forensics. Today, r2 is a featureful low-level command-line tool with support for scripting. r2 can edit files on local hard drives, view kernel memory, and debug programs locally or via a remote gdb server. r2's wide architecture support allows you to analyze, emulate, debug, modify, and disassemble any binary.

            kandi-support Support

              radare2 has a medium active ecosystem.
              It has 18192 star(s) with 2880 fork(s). There are 483 watchers for this library.
              There were 5 major release(s) in the last 12 months.
              There are 807 open issues and 7445 have been closed. On average issues are closed in 597 days. There are 23 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of radare2 is 5.8.8

            kandi-Quality Quality

              radare2 has 0 bugs and 0 code smells.

            kandi-Security Security

              radare2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              radare2 code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              radare2 is licensed under the LGPL-3.0 License. This license is Weak Copyleft.
              Weak Copyleft licenses have some restrictions, but you can use them in commercial projects.

            kandi-Reuse Reuse

              radare2 releases are available to install and integrate.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of radare2
            Get all kandi verified functions for this library.

            radare2 Key Features

            No Key Features are available at this moment for radare2.

            radare2 Examples and Code Snippets

            No Code Snippets are available at this moment for radare2.

            Community Discussions


            How to find which shared library exported which imported symbol in my binary?
            Asked 2021-Dec-26 at 23:46

            I am trying to find the shared library which imported an external symbol. Currently I can get all imported symbols by using nm or many alternatives such as using radare2. I can also get the libraries which the binary is dependent on by using ldd. However, I got stuck at this point since I cannot find an efficient way to get which external symbol in my binary is dependent on which shared library. So, for example how can I find the shared library which exports the function named foo or printf or anything in an efficient way? I provide an example:



            Answered 2021-Dec-26 at 23:46

            So, for example how can I find the shared library which exports the function named foo or printf or anything in an efficient way?

            You can run your program with env LD_DEBUG=bindings ./a.out. This will produce a lot of output, which you can grep for foo and printf.

            Note that the answer to "which external symbol in my binary is dependent on which shared library" is "whichever library defines this symbol first".

            So if today your binary depends on lifoo.so for foo and on libc.so.6 for printf, nothing stops you from running with a different libfoo.so tomorrow, and that different version of libfoo.so may define different symbols. If the new version of libfoo.so defines printf, that would cause the answer to your question for symbol printf to change from libc.so.6 to libfoo.so.

            Source https://stackoverflow.com/questions/70488756


            How to reverse strings that have been obfuscated using floats and double?
            Asked 2021-Dec-24 at 01:09

            I'm working on a crackme , and having a bit of trouble making sense of the flag I'm supposed to retrieve. I have disassembled the binary using radare2 and ghidra , ghidra gives me back the following pseudo-code:



            Answered 2021-Dec-24 at 01:09

            You can tweak the Ghidra reverse result by edit variable type. Based on scanf const string %32s your local_38 should be char [32].

            Before the first if, there are some char swap.

            And the first if statment give you a long constrain of flag

            At this point, you can confirm part of flag is FARADAY{d0ubl3_@nd_f1o@t, then is ther main part of this challenge.

            It print x, y, z based on the flag, but you'll quickly find x and y is constrain by the if, so you only need to solve z to get the flag, so you think you need to bruteforce all double value limit by printable ascii.

            But there are a limitaion in if statment says byte0 of this double must be _ and a math constrain there, simple math tell dVar2 - 4088116.817143337 <= 1.192092895507813e-07 and it comes dVar2 is very close 4088116.817143337 And byte 3 and byte 7 in this double will swap

            By reverse result: dVar2 = y*y*x*x/z, solve this equation you can say z must near 407.2786840401004 and packed to little endian is `be}uty@. Based on double internal structure format, MSB will affect exponent, so you can make sure last byte is @ and it shows byte0 and byte3 is fixed now by constrain and flag common format with {} pair.

            So finally, you only need to bureforce 5 bytes of printable ascii to resolve this challenge.

            Source https://stackoverflow.com/questions/70402074


            shellcode is executed in two loops instead of one
            Asked 2021-May-05 at 20:33

            i am succesfully build up my shellcode.



            Answered 2021-May-05 at 20:33

            Well, the argv array is malformed. You set that parameter to an address on the stack but you didn't put a null pointer to terminate it.

            This is the (lower portion of) stack when the first instruction of _start is executed:

            Source https://stackoverflow.com/questions/67407239


            Dump function bytes from a native .DLL on command line
            Asked 2021-Mar-18 at 00:43

            I would like to list all exported functions in a DLL and dump their bytes. It's pretty trivial to list all the exports using either dumpbin or rabin2 from the radare2 package. I also found a way to disassemble the whole DLL using dumpbin but there's no way to see function boundaries in the dump.

            I'm looking for a way to disassemble (with bytes) or ideally just dump the bytes for for a specific or all functions inside a DLL. I don't mind parsing the output if it's got some other information in it. I've tried all kids of tools and so far I was not able to achieve what I need.

            One of the possible directions would be to script radare2 to do that.



            Answered 2021-Mar-18 at 00:43

            In order to dump a function's bytes, you will have to know where that function ends.
            You could do some static analysis which might work or you could do one of the following:

            For 64-bit executables, you can parse the .pdata section which contains a list of RUNTIME_FUNCTIONs. DUMPBIN can do that using either the /unwindinfo or /pdata option.
            Note that this may not include every exported function, see reference.

            The second option, which works for both 32 and 64-bit executables, is to make use of the DIA SDK
            (see IDiaSymbol::get_length). This should cover all exported and non-exported functions but requires you to have access to the executable's .pdb file.

            Source https://stackoverflow.com/questions/66682646


            ASM pattern search in radare2
            Asked 2020-Dec-25 at 19:59

            I want to perform a search in radare2 for an ASM pattern of the type

            pop, mov, mov

            that is three consecutive instructions: the first beginning with pop, the second beginning with mov and the third also.

            There is a related issue of Radare2 (https://github.com/radareorg/radare2/issues/13322) and says "itss alrady implemented in /c" but /c is now needed for Search for crypto materials.

            I'm using radare2 4.5.0 on Linux.



            Answered 2020-Dec-25 at 16:54

            This can be achieved with /ad (tested with version 4.5.0 and 5.0.1):

            Source https://stackoverflow.com/questions/63738918


            ret2libc attack doesn't spawn shell
            Asked 2020-Jul-10 at 14:38

            I performed ret2libc.Everything worked fine but the shell is not spawned.The source code is



            Answered 2020-Jul-10 at 14:38

            Your program does spawn a shell. This is easy to see, because when you change it to spawn ls, it spawns ls.

            Your program's standard input comes from a Python script. Your program reads all the output from the script, then starts a shell. The shell uses the same standard input as your program. The shell tries to read a command, but there is no more input, so it just exits.

            Source https://stackoverflow.com/questions/62832096


            ret2libc segfault at address 0x0000000000000000
            Asked 2020-Jul-06 at 17:44

            I performed ret2libc but ended in segfault in 0x0000000000000000. The vulnerable proagram is



            Answered 2020-Jul-06 at 17:44


            BLRAAZ hexadecimal value
            Asked 2020-Jul-05 at 21:10

            As said in the title, does anyone know the hexadecimal of the BLRAAZ instruction (like blraaz x19) ?

            It seems to be not implemented yet in radare2 and I can't find any values on internet.



            Answered 2020-Jul-05 at 15:02

            Acording to the ARM a64 instruction set architecture (page 98), the instruction BLRAAZ is

            Source https://stackoverflow.com/questions/62742290


            Radare2 "pd" command
            Asked 2020-Jun-11 at 16:24

            I am currently using Radare2 to extract opcodes from PE files. Currently, I am attempting to use the "pd" command which from the API: "pd n @ offset: Print n opcodes disassembled". I am wondering if there is a way to calculate/find out exactly what "n" is for each file I process. Thanks



            Answered 2020-Jun-11 at 16:24


            • radare2: radare2 4.2.0-git 23519 @ linux-x86-64 git.4.1.1-84-g0c46c3e1e commit: 0c46c3e1e30bb272a5a05fc367d874af32b41fe4 build: 2020-01-08__09:49:0
            • system: Ubuntu 18.04.3 LTS


            This example shows 4 different options to view / print disassembly or opcodes.

            1. View disassembly in radare2 via visual mode:

              • Command one: aaaa # Analyze the file
              • Command two: Vp # Open disassembly in visual mode
            2. Print disassembly of all functions in r2 or r2pipe:

              • Command one: aaaa # Analyze the file
              • Command two: pdf @@f > out
                • pdf # Print disassembly of a function
                • @@f # Repeat the command for every function
                • > out # Redirect the output to the file named out
            3. Print only the instruction in r2 or r2pipe:

              • Command one: aaaa # Analyze the file
              • Command two: pif @@f ~[0] > out
                • pif # Print instructions of a function
                • @@f # Repeat the command for every function
                • ~[0] # Only print the first column (The instruction)
                • > out # Redirect the output to the file named out
            4. Obtained detailed information for each opcode using r2 or r2pipe:

              • Command one: aaaa # Analyzey the file
              • Command two: aoj @@=`pid @@f ~[0]` > out
                • aoj # Display opcode analysis information in JSON
                • @@= # Repeat the command for every offset return by sub-query
                • pid @@f ~[0] # The sub-query
                  1. pid # Print disassembly with offset and bytes
                  2. @@f # Repeat the command for every function
                  3. ~[0] # Only print the first column (The offset)
                • > out # Redirect the output to the file named out


            Replace the commands here with any option from above.

            Example using radare2 shell

            Source https://stackoverflow.com/questions/62319299


            How to modify machine code in radare2 under the cursor by incrementing and decrementing single bytes?
            Asked 2020-May-26 at 18:32

            In Radare2, it should be possible, in visual mode, with the cursor active (press c), to increment and decrement a single byte of raw machine code. While doing this, it should update in real time the new assembled machine code, e.g. incrementing 0x50 to 0x51, 0x52, etc. should result in various PUSH opcodes.

            I thought this was done by pushing + and - to increment and decrement, respectively, but I find that it doesn't work. I also find it hard to find this particular information in the manual.

            Am I remembering it wrong, from previous versions, or has it changed since then?

            Note, I'm not asking about how to do to this using "wa" or similar commands to assemble new assembly statements, I just want to increment and decrement single bytes as a convenient way to instantly change the machine code on the fly.



            Answered 2020-May-26 at 18:32


            • Radare2: 4.5.0-git 24843 @ darwin-x86-64 git.4.4.0-125-g561989265 commit: 5619892652d7dce87458d77962777331c28275a6 build: 2020-05-04__09:53:49
            • System: macOS Catalina Version 10.15.4


            • Start radare2 with the "-w" flag which "open(s) file in write mode"

            Source https://stackoverflow.com/questions/62014729

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            No vulnerabilities reported

            Install radare2

            r2 can be installed via git or pip.


            There are many ways to contribute to the project. Contact the community, check out the github issues, or grep for TODO/FIXME/XXX comments in the source. To contribute code, push your changes to a branch on your fork of the repository. Please ensure that you follow the coding and style guidelines and that your changes pass the testing suite, which you can run with the r2r tool. If you are adding significant code, it may be necessary to modify or add additional tests in the test/ directory. For more details, see CONTRIBUTING.md and DEVELOPERS.md.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
          • HTTPS


          • CLI

            gh repo clone radareorg/radare2

          • sshUrl


          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Reverse Engineering Libraries


            by NationalSecurityAgency


            by radareorg


            by icsharpcode


            by Konloch


            by WerWolv

            Try Top Libraries by radareorg


            by radareorgC


            by radareorgC++


            by radareorgC


            by radareorgRust


            by radareorgC