A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging, ...
It is composed by a bunch of libraries (which are extended with plugins) and programs that can be automated with almost any programming language.
It is recommended to install it from git, alternatively you can pick the last release (every 6 weeks) from Github.
Release builds are available here.
In case of build problems try the following:
- Batch, commandline, visual and panels interactive modes
- Embedded webserver with js scripting and webui
- Assemble and disassemble a large list of CPUs
- Runs on Windows and any other UNIX flavour out there
- Analyze and emulate code with ESIL
- Native debugger and GDB, WINDBG, QNX and FRIDA
- Navigate ascii-art control flow graphs
- Ability to patch binaries, modify code or data
- Search for patterns, magic headers, function signatures
- Easy to extend and modify
- Commandline, C API, script with r2pipe in any language
Radare2 can be used in many ways, from commandline or shellscripts by calling the individual tools:
All the programs are also accessible as commands inside r2:
Those are some common commands you may use in your daily life:
The IO layer selected by the file URI when opening a file in r2 can be anything, from local file, remote r2 shell, a full disk, another process memory, etc.
To simplify things, the -d flag will use the dbg:// uri to spawn or attach to a process to read/write its memory, modify registers and inspect the execution flow. It's a low level debugger, don't worry, we don't try to replace gdb/lldb.
Using the integrated package manager you can easily install external plugins from different sources, most interesting ones are the native ghidra decompiler, the r2dec decompiler and the frida integration. But there are more!
The favourite in-process debugger/tracer for many people is also available within r2 after installing the r2frida plugin you may be able to attach/spawn to a local or remote program via usb or tcp and be able to read/write process memory in live.
- Access remote filesystems
- Modify filedescriptors
- Breakpoints (Like in DWARF)
- Load/Unload agent scripts as plugins
- Sybolicate from local bins, scripts or runtime info
- Supports macOS/iOS/Linux/Android/QNX/Windows
Join the Telegram / IRC channels and feel free to ask anything. In addition you can read The Book but everything in r2 is self-documented (just append the '?' char) or read the manpages/-h:
You can use the HUD mode to interactively browse all the commands inside r2 using this oneliner: