Jump to content

Radare2: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Updated wording to be more specific/professional.
Cutter: As Cutter is now under Rizin, changes were onto the paragraph regarding it. Some sentences were changed to past tense. Finally, the link to the current GUI of radare, Iaito was added.
Line 51: Line 51:


=== Cutter ===
=== Cutter ===
[//github.com/radareorg/cutter Cutter] is the first official [[Graphical user interface| graphical user interface (GUI)]] for radare2. It is still a young project that is mostly aimed "on those who[se] are not yet radare2 users because of the learning curve, because they don't like CLI applications or because of the difficulty/instability of radare2". It's the successor of the formerly known project [//github.com/hteso/iaito Iaito] that suffered from too little maintenance after it became open source on [[GitHub]]. Later on Iaito was forked and heavily rewritten, again with [[C++]] and [[Qt (software)|Qt]] as its base. These design choices enable it to be a [[Cross-platform|cross platform]] application targeting Linux, [[MacOS]] as well as [[Microsoft Windows|Windows]]. At the same time it was renamed to Cutter. Cutter's goal is to export the extensive functionality of radare2 to a modern user friendly GUI that can compete with other major static and dynamic analysis frameworks like Hex-Rays [[Interactive Disassembler]], or [[Binary Ninja]].
[//github.com/radareorg/cutter Cutter] was the first official [[Graphical user interface| graphical user interface (GUI)]] for radare2. It is mostly aimed "on those who[se] are not yet radare2 users because of the learning curve, because they don't like CLI applications or because of the difficulty/instability of radare2". It was the successor of the formerly known project [//github.com/hteso/iaito Iaito] that suffered from too little maintenance after it became open source on [[GitHub]]. Later on Iaito was forked and heavily rewritten, again with [[C++]] and [[Qt (software)|Qt]] as its base. These design choices enable it to be a [[Cross-platform|cross platform]] application targeting Linux, [[MacOS]] as well as [[Microsoft Windows|Windows]]. At the same time, it was renamed to Cutter. Cutter's goal is to export the extensive functionality of radare2 to a modern user friendly GUI that can compete with other major static and dynamic analysis frameworks like Hex-Rays [[Interactive Disassembler]], or [[Binary Ninja]].

In 2020, the core team of Cutter, who was also a part of radare2's core team, left radare2 and co-founded Rizin. Following this, Cutter switched from radare2 to Rizin as its backend<ref>{{Cite web|last=Rizin|date=2020-12-05|title=Frequently Asked Questions|url=https://rizin.re/posts/faq/|access-date=2021-04-26|website=Rizin|language=en}}</ref>. Currently, [https://github.com/radareorg/iaito Iaito] is a fork of Cutter with the last working commit with radare2.


== Supported architectures/formats ==
== Supported architectures/formats ==

Revision as of 07:19, 26 April 2021

Radare2
Original author(s)Sergi Alvarez (pancake)
Developer(s)pancake and the core-contributors
Stable release
5.2.0[1] / April 11, 2021; 3 years ago (2021-04-11)
Repository
Written inC[2]
Operating systemLinux, BSD, macOS, Microsoft Windows, Haiku, Android, iOS, Solaris
Available inEnglish
TypeDisassembler
LicenseLGPL
Websitewww.radare.org/n/ Edit this on Wikidata

Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.

History

Radare2 was created in February 2006,[3] aiming to provide a free and simple command-line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks, for forensic purposes. Since then, the project has grown with the aim changed to provide a complete framework for analyzing binaries while adhering to several principles of the Unix philosophy.[4]

In 2009, the decision was made to completely rewrite it, to get around limitations in the initial design. Since then, the project continued to grow,[5] and attracted several resident developers.

In 2016, the first r2con took place in Barcelona,[6][7] gathering more than 100 participants, featuring various talks about various features and improvements of the framework.

Radare2 has been the focus of multiple presentations at several high-profile security conferences, like the recon,[8] hack.lu,[9] 33c3.[3]

Radare2 was forked in December 2020 as Rizin by some members of the radare2 and Cutter core development teams who seek to "focus on usability, stability, and working features, which strives to provide a welcoming environment for developers and users alike."[10]

Features and usage

Radare2 has a steep learning curve since it does not have a GUI by itself. Originally built around a hexadecimal editor, it has now a multitude of tools and features, and also bindings for several languages.[11] Meanwhile it has a WebUI[12] and there is an external Qt GUI called Cutter (formerly named Iaito).[13]

Static analysis

Radare2 is able to assemble and disassemble a lot of software programs, mainly executables, but it can also perform binary diffing with graphs,[14] extract information like relocations symbols, and various other types of data. Internally, it uses a NoSQL database named sdb to keep track of analysis information that can be inferred by radare2 or manually added by the user. Since it is able to deal with malformed binaries, it has also been used by software security researchers for analysis purposes.[15][16][17]

Dynamic analysis

Radare2 has a built-in debugger that is lower-level than GDB. It can also interface with GDB and WineDBG[18] to debug Windows binaries on other systems. In addition, it can also be used as a kernel debugger with VMWare.

Software exploitation

Since it features a disassembler and a low-level debugger, radare2 can be useful to developers of exploits. The software has features which assist in exploit development, such as a ROP gadget search engine and mitigation detection. Because of the software's flexibility and support for many file formats, it is often used by capture the flag teams[19][20] and other security-oriented personnel.[21] Radare2 can also assist in creating shellcodes with its 'ragg2' tool, similar to metasploit.

Cutter

Cutter was the first official graphical user interface (GUI) for radare2. It is mostly aimed "on those who[se] are not yet radare2 users because of the learning curve, because they don't like CLI applications or because of the difficulty/instability of radare2". It was the successor of the formerly known project Iaito that suffered from too little maintenance after it became open source on GitHub. Later on Iaito was forked and heavily rewritten, again with C++ and Qt as its base. These design choices enable it to be a cross platform application targeting Linux, MacOS as well as Windows. At the same time, it was renamed to Cutter. Cutter's goal is to export the extensive functionality of radare2 to a modern user friendly GUI that can compete with other major static and dynamic analysis frameworks like Hex-Rays Interactive Disassembler, or Binary Ninja.

In 2020, the core team of Cutter, who was also a part of radare2's core team, left radare2 and co-founded Rizin. Following this, Cutter switched from radare2 to Rizin as its backend[22]. Currently, Iaito is a fork of Cutter with the last working commit with radare2.

Supported architectures/formats

References

  1. ^ "Releases - radare/radare2". Retrieved 11 April 2021 – via GitHub.
  2. ^ Git repository
  3. ^ a b "Radare demystified". Chaos Computer Club media site. CCC. 2016-12-29. Retrieved 2016-12-29.
  4. ^ "I have written more than 300.000 code lines for Radare". www.cigtr.info. Archived from the original on 2018-11-03. Retrieved 2017-01-21.
  5. ^ CCC, radare demystified, retrieved 2017-01-21
  6. ^ "r2con 2016". NCC Group. Retrieved 2017-01-21.
  7. ^ Bakken, Sam (2016-08-09). "The hacker behind open-source, reverse-engineering tool Radare..." NowSecure. Retrieved 2017-01-21.
  8. ^ "Recon 2015 Schedule". recon.cx. Retrieved 2017-01-21.
  9. ^ "Talks at Hack.lu 2015". Hack.lu 2015. Retrieved 2017-01-21.
  10. ^ Announcing Rizin!
  11. ^ Git repository for radare2's bindings
  12. ^ The new web interface
  13. ^ Cutter
  14. ^ "Binary Diffing" visual en Linux con Radare2
  15. ^ AlienVault - OSX/Leverage.a Analysis
  16. ^ Craig Heffner - Finding and Reversing Backdoors in Consumer Firmware
  17. ^ PHDays IV, May 21, 2014, 'Anton Kochkov', Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis
  18. ^ Gmane archive about WinDBG support in radare2
  19. ^ Dragon Sector
  20. ^ LSE
  21. ^ Phrack - manual binary mangling with radare
  22. ^ Rizin (2020-12-05). "Frequently Asked Questions". Rizin. Retrieved 2021-04-26.
  23. ^ Dydl cache - iphonedevwiki.net
  24. ^ .XBE File Format 1.1
  25. ^ Tavis Ormandy - Fun with Constrained Programming

Further reading

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Radare2&oldid=1019935406"