RADARE2

Radare 2 Full Tutorial | Reverse Engineering

Introduction

radare2: In this post, let’s learn what is Radare 2 and how it works, and It’s going to be a comprehensive guide.

So, Sit back and learn ❤️

What is Radare2

Radare2 is a reverse-engineering tool. Reverse engineering is nothing more than what it sounds like, it is disassembling a source code.

Though it’s not sounding very interesting, it opens the window to lots of very interesting opportunities which include understanding how a program works, patching up programs, finding exploits in them, and many more.

I hope to give the readers a complete guide on radare 2.

Who Developed Radare2

Radare2 was indeed developed primarily by Sergi Alvarez, commonly known as “pancake,” a Spanish security researcher.

Founder of Radare2

Commands

Some of the commands which this blog covers are analyzing the code, navigating through the code, and debugging the code. To fire up radare2, we use the following syntax.

radare2 <binary file>

Basics ?

This is the most important command in radare2 according to me. Why? Coz this helps in showing all the options we have in radare2. Trying to remember all the commands is very hard and hence we can use this command to display the commands.

aaa

When you execute the aaa command, radare2 is showing you what are the steps it takes. Each step has the command responsible for it inside parentheses. It looks for executable sections and looks for calls. when it finds a call, it looks for the destination of the call. Splits up basic blocks, and tries to remove all the false positives.

Basically what you need to know is that this command analyses our binary and allows us to do all the amazing stuff.

afl

When you execute this command radare2 will display all the functions in the code. This is very helpful in getting an overview of the code.

V

By pressing the capital letter V, it will show us all the different types of views we have in the tool. The most used ones are the assembly view and the debugging view. To navigate between the views we press the letter ‘p’. Radare2 has some interesting views, so try to check out all the views and all of them serve an important purpose. We will mostly be spending most of our time using the assembly view and debugging view.

Assembly View
Debugging View

Navigation

Once we are the required view, we use the arrow keys for navigation through the code. If you observe, we don’t start at the main rather we start at an entry_point function. Since we know that we have the main function by using the afl command, we can try to navigate to it by using the arrow keys. When we move through the code, we move the ‘seek’ through the code. Seek is the address visible in brackets in the first line at the top of the screen.

seek

This command allows us to go check different parts of the program. Since moving by using the arrow keys is pretty tedious. We specify the address of the instruction we want to move to. We can even use the function names. Note that this doesn’t mean the control goes to the particular instruction.

Function calls

Once we are in the main function, we can see that the main function calls other functions. To see the function code, all we have to do is take our seek to the function call instruction and press enter. This will take the seek to the function definition instruction. To come back to the function call instruction, we have to press the letter ‘u’.

Debugging

Debugging is an integral part of reverse engineering any program. To debug the program, we have to use the -d flag when starting radare2.

radare2 -d <binary file>

Navigation

The F7 key is the ‘step’ command. It can be used to step through each instruction of the program.

db

db is the command to set a breakpoint. All the debugging commands start with the letter d.To run these commands, press the ‘:’ key. We have to specify the address or the function name to set the breakpoint.

dc

dc is ‘continue’ in radare2. The control tries to execute the program till it finds a breakpoint.

dsf

dsf is the command used to step out of the function.

drr

drr is used to display the contents of the registers and their references.

do

This command is to be used to kill the current debugging process and restart the debugging process.

Patching

Patching programs is very easy in radare2. To patch the program we have to use the -w flag when starting radare2.

radare2 -w <binary file>

All you have to do to patch the program is to take the seek to the instruction which you want to edit. And then press the capital letter ‘A’. This would allow you to edit the instruction, after changing the line of code, just press enter. Radare2 will ask for confirmation, press y.

Conclusion

This blog outlines the fundamental commands essential to initiate your journey with Radare2. The tool harbors a wealth of potent functionalities beyond these basics. I encourage you to delve deeper into its diverse range of capabilities.✌


Also Read: Reverse Shell Cheat Sheet

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site

 

Scroll to Top