Radare2 is an open-source reverse engineering toolkit, consisting of a disassembler, debugger and hex editor. In this article I will show you the basics by reversing some shellcode I found on Project Shellcode.
To put this into context let's briefly discuss what we mean by the term "shellcode", not to be confused with "shellscript", which is something else entirely. "Shellcode" is a term colloquially used to refer to the payload of an exploit. Typically this would be code injected to start a shell.
In this new article I will explain some of the r_anal features through the
creation of a small tool that we will call "itrace", which is mainly
focused on tracing/hooking of imports execution based on LD_PRELOAD + global
hooking. I presented this method and POC on rooted'10, so you can give a
look to the slides  if you want a quick summary and source  for testing
Imagine the following scenario, we have a binary and we want to trigger an event
each time that an import is called. Obviously, we could hook all the imports and
exec whatever we want preloading a library coded by us with LD_PRELOAD, but this
aproximation has a very big problem: the imports used by each target binary will
change, so we would need to code a library adapted to each binary every time.
One of the key features behind r2 is how easily it can be extended with new
libraries or plugins. In this paper, we will see the steps needed for adding
a new plugin in radare.
Let's say we want to add a new plugin for r_asm because we are working with
binaries of an architecture not supported by r2. Of course, adding a new plugin
for another lib would be mostly the same.
Many times you fall in the situation that you need a simple calculator and conversor tool to convert numbers from different bases, change the endianness, etc..
The 'rax' utility comes with the radare framework and aims to be a minimalistic expression evaluator for the shell useful for making base conversions easily between floating point values, hexadecimal representations, hexpair strings to ascii, octal to integer.
It supports endianness and can be used as a shell if no arguments given.
In short you have: