Radare2 - An Introduction by Anto Joseph
1 like1,462 views
The document provides an overview of radare2, a reverse engineering framework useful for analyzing binaries, debugging, and performing forensics. It outlines the tool's use cases, supported architectures and file formats, as well as its scripting and collaborative capabilities. Basic usage instructions and example commands are also provided for users to get started with the tool.
![Support
Ê radare2
supports:
Ê Architectures
6502,
8051,
arm,
arc,
avr,
bf,
tms320
(c54x,
c55x,
c55+),
gameboy
csr,
dcpu16,
dalvik,
i8080,
mips,
m68k,
mips,
msil,
snes,
nios
II,
sh,
sparc,
rar,
powerpc,
i386,
x86-‐64,
H8/300,
malbolge,
T8200,
LH5801
Ê File
formats
bios,
dex,
elf,
elf64,
filesystem,
java,
fatmach0,
mach0,
mach0-‐64,
MZ,
PE,
PE+,
TE,
COFF,
plan9,
bios,
dyldcache,
Gameboy
and
Nintendo
DS
ROMs
Ê Operating
systems
Android,
GNU/Linux,
[Net|Free|Open]BSD,
iOS,
OSX,
QNX,
w32,
w64,
Solaris,
Haiku,
FirefoxOS
Ê Bindings
Vala/Genie,
Python
(2,
3),
NodeJS,
LUA,
Go,
Perl,
Guile,
php5,
newlisp,
Ruby,
Java,
OCAML
and
more](https://image.slidesharecdn.com/radare2-151214100152/85/Radare2-An-Introduction-by-Anto-Joseph-6-320.jpg)
Radare2 - An Introduction by Anto Joseph
- 2. @whoami Ê Anto Joseph C J Ê Security Engineer @ Citrix Ê Speaker / Trainer @ NullCon , GroundZero,C0C0n , X0rConf… Ê Primary Interests in Android / IOS , IOT and a little bit of everything Ê Twitter : @antojosep007
- 4. Ê radare is a reverse engineering framework Ê Lots of cli tools to work with binary files and understand the way they work. Ê supports analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers and so on. source (http://radare.org/r/) radare2
- 5. Use Cases Ê Disassemble (and assemble for) many different architectures Ê Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) Ê Perform forensics on file systems and data carving Ê Be scripted in Python, Javascript, Go and more Ê Support collaborative analysis using the embedded webserver Ê Visualize data structures of several file types Ê Patch programs to uncover new features or fix vulnerabilities Ê Use powerful analysis capabilities to speed up reversing Ê Aid in software exploitation ( source : http://radare.org/r/ )
- 6. Support Ê radare2 supports: Ê Architectures 6502, 8051, arm, arc, avr, bf, tms320 (c54x, c55x, c55+), gameboy csr, dcpu16, dalvik, i8080, mips, m68k, mips, msil, snes, nios II, sh, sparc, rar, powerpc, i386, x86-‐64, H8/300, malbolge, T8200, LH5801 Ê File formats bios, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-‐64, MZ, PE, PE+, TE, COFF, plan9, bios, dyldcache, Gameboy and Nintendo DS ROMs Ê Operating systems Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS Ê Bindings Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAML and more
- 7. Installation Ê $ git clone https://github.com/radare/radare2.git Ê $ cd radare2 Ê $ sudo sys/install.sh
- 8. Basic Usage : rabin2 – I ELF_NAME
- 9. SECTIONS : Rabin2 –S ELF_NAME
- 10. Basic Analysis Ê “? “ is your friend , useful for understanding commands Ê Radare2 ELF_NAME Ê AAA : Full Analysis Ê V : Enter Graphical Mode Ê n : Seek b/w Sections Ê Get to Main and Use V again to see the data flow
- 11. Basic Commands Ê pdf @ main : prints the dis-‐assembled function, which is the main function in this case Ê x 10 : prints the first 10 bytes of memory from the current offset Ê s ( 0x0ffset) : seeks to the specified offset Ê ? 0x34 ^ 0x34 : does xor within radare2 and prints output in different formats Ê 117 ^ 0x34 : does base conversion and then does xor
- 12. Demo Time : 3 little crackme Ê First 2 crackme’s from ripsec ( http://security.cs.rpi.edu/courses/binexp-‐spring2015/ ) Ê 3rd challenge : EasyELF from ( http://reversing.kr/download.php?n=11) Ê Start from strings or Main Function Ê Analyze where the input goes to Ê Locate the FLAG in memory Ê Identify the Logic Ê Enter your FLAG J
- 13. DEMO TIME
- 14. Thanks ! Ê References : Ê Radare2 Book Ê Radare2 Website has some documentation and Videos linked