Skip to content

Latest commit

 

History

History
384 lines (308 loc) · 5.14 KB

radare2.md

File metadata and controls

384 lines (308 loc) · 5.14 KB
Raw

Radare2 Comprehensive Cheatsheet

Installation Instructions

Windows

# Using Git
git clone https://github.com/radareorg/radare2
cd radare2
sys/install.sh

# Using Binary
Download Windows installer from rada.re/r

Linux (Ubuntu/Debian)

# Using apt
sudo apt-get install radare2

# Building from source
git clone https://github.com/radareorg/radare2
cd radare2
sys/install.sh

macOS

# Using Homebrew
brew install radare2

# Using source
git clone https://github.com/radareorg/radare2
sys/install.sh

Basic Commands

Starting Radare2

  1. Open Binary
r2 binary
  1. Open Binary in Debug Mode
r2 -d binary
  1. Open Binary in Write Mode
r2 -w binary

Analysis Commands

  1. Analyze All
aa
  1. Analyze More
aaa
  1. Analyze Even More
aaaa
  1. List Functions
afl

Navigation

  1. Seek to Address
s address
s main
  1. Print Disassembly
pd
pdf        # Print disassembly of function
pdf @main  # Print main function
  1. Visual Mode
V      # Enter visual mode
VV     # Enter visual graph mode
v      # Enter visual panels mode

Memory Operations

  1. Write String
w string
  1. Write Hex
wx 90909090
  1. Read Memory
x        # Read hexdump
px      # Print hexdump
ps      # Print string

Debug Commands

  1. Set Breakpoint
db address
  1. Remove Breakpoint
db -address
  1. List Breakpoints
db
  1. Continue Execution
dc
  1. Step Into
ds
  1. Step Over
dso

Information Commands

  1. File Information
i      # Info
iz     # Strings in data sections
ii     # Imports
ie     # Entries (entrypoints)
  1. Headers
ih     # Headers
iH     # Verbose Headers

Search Commands

  1. Search String
/ string
/x pattern    # Search hex
/w string     # Search wide string
  1. References
axt address  # Find references to address
axf address  # Find references from address

Visual Mode Commands

  1. Graph Commands
VV            # Enter graph mode
p             # Cycle through different views
.             # Seek to program counter
:             # Enter command mode
  1. Visual Panels
v             # Enter visual panels mode
!             # Run shell command
+             # Add new panel
-             # Remove current panel

Analysis Features

  1. Function Analysis
af            # Analyze function
afr           # Analyze references
afl           # List functions
afi           # Function information
  1. Type Analysis
ta            # Type analysis
te            # List enums
tc            # List types

Scripting

  1. Run Script
. script.r2
  1. Write Script
#!pipe python
import r2pipe
r2 = r2pipe.open()
print(r2.cmd("pi 5"))

Project Management

  1. Save Project
Ps name       # Save project
Po name       # Open project

Advanced Features

  1. Binary Patching
w             # Write bytes
wa            # Write assembly
wc            # Write cache
  1. Binary Diffing
radiff2 file1 file2
  1. Debugging with ESIL
aei           # Initialize ESIL
aeim          # Initialize ESIL memory
aeip          # Initialize ESIL program counter

Configuration

  1. Set Configuration
e key=value
e asm.syntax=intel
e asm.bytes=false
  1. Graph Settings
e graph.depth=4
e graph.font=Helvetica

Advanced Usage Examples

Automated Analysis

# Full analysis script
aa
pdf @main
afl
s sym.main
VV

Binary Patching

# Replace instruction with NOP
s address
wa nop

Function Analysis

# Analyze function and generate graph
af @main
agf

Useful Tips

Visual Mode Navigation

  • hjkl: Move around
  • p: Rotate through modes
  • x: References
  • v: Variable analysis
  • g: Goto command

Debug Mode Tips

  • F7: Step into
  • F8: Step over
  • F9: Continue
  • F2: Toggle breakpoint

Analysis Tips

  • Start with 'aa' analysis
  • Use 'aaa' for deeper analysis
  • Check strings with 'iz'
  • Use 'axt' to find xrefs

Common Scripts

Function Analysis

#!/usr/bin/env rarun2
program=./binary
arg1=argument

# Analysis commands
e asm.syntax=intel
aa
s main
pdf

Memory Analysis

# Search for pattern
/x 90909090
# Follow memory references
axf

Best Practices

Performance

  • Use minimal analysis when possible
  • Cache analysis results
  • Use projects for large binaries

Organization

  • Use projects for complex analysis
  • Document findings inline
  • Use meaningful flags and comments

Automation

  • Use r2pipe for scripting
  • Create custom r2 scripts
  • Use radare2 plugins

Common Issues and Solutions

Symbol Resolution

# Load symbols
is
# Analyze symbols
aa

File Format Issues

# Force binary format
r2 -f format binary

Memory Issues

# Set bigger memory map
e dbg.bep=entry
e dbg.maps=true