Questions tagged [radare2]
Opensource reverse engineering framework to disassemble, debug, analyze, manipulate binary files and more.
345 questions
0
votes
0
answers
27
views
Annotating I/O address space addresses and bits
I'm trying to reverse engineer an old embedded system that has a NEC v40 on it, which is very similar to an 80186 (more like 80188) I guess. As a member of the x86 family, it has a separate I/O memory ...
- 101
2
votes
1
answer
122
views
radare2 cross reference problem
I am analyzing an Arm64 Android shared library and I am trying to find a pointer to dlopen.
I have successfully manually achieved this in IDA64 and Ghidra, however I want to automate the process with ...
- 151
0
votes
1
answer
443
views
i need software to decode this subtitle xml file, anyone know what it encodes with?
This is a subtitle file encoded by xml, is there any way to decode this xml file to srt?
Subtitle link xml
7
votes
1
answer
3k
views
What are the substantive differences between radare2 and rizin?
Rizin was forked from Radare2 several years ago, mainly due to human factors. At the time, there weren't any important differences in features between the two.
I understand that Rizin has rewritten ...
- 287
2
votes
0
answers
276
views
How to quickly exit radare2 from debug mode?
Normally in CLI apps you can use Ctrl + c / Ctrl + d to terminate/exit, but they don't seem to do anything in r2 - at least not in debugger's v (visual) mode, which is how I use it. To exit, I press q,...
- 121
2
votes
0
answers
97
views
Radare2: How to Create a Custom Scripted Panel?
TLDR: How do I get a panel in radare2 to correctly show the output of a radare2 command piped to an external script?
e.g. afvd | python var_displayer.py
This is my current view. Multiple panels, ...
- 21
4
votes
1
answer
213
views
Mickey Mouse toy bin file analysis
I am trying to reverse engineer a Mickey Mouse toy just for fun but I am stuck.
The toy has several buttons that play various phrases and songs.
My aim was to see if I can read those songs from the ...
3
votes
0
answers
72
views
plugin/script for radare2 similar to mona for immunity debugger
I would like to use radare2 for windows exploit-development, however I could not find a way to emulate the functionality of using Immunity-Debugger + mona.py when checking for badchars. Is there a ...
- 31
1
vote
1
answer
71
views
How to know each register value instruction by instruction in a binary using radare2?
As I am using the radare2 for reverse engineering, I find it very difficult to get all the register values instruction by instruction with the help of the Radare2 tool. Could someone please help me to ...
- 39
1
vote
0
answers
55
views
View v0, d0 registers in Cutter (ARM64)
When reversing an ARM64 binary in Cutter 2.1, I wanted to emulate certain instructions and view the values that were computed. Cutter's emulation showed the x0-x31 registers but how do I view the v0....
- 183
0
votes
2
answers
334
views
Radare2 - changing stdin during binary debugging
I'd like to know how to change stdin multiple times for the given binary for debugging purposes.
I know I can launch the application with
r2 -r profile.r2 -d binary
Where, inside the profile.r2 file ...
- 33
3
votes
1
answer
349
views
Radare2 - Saving information/metadata from a debugging session
I'd like to know how I can save/restore comments or possibly other metadata during a debugging session.
I know how to save this data when running radare without the -d flag but I often need to debug ...
- 33
1
vote
1
answer
934
views
How can I use cutter like ida, trying to search by address
I'm new to reverse engineering and I'm trying to get into using a disassembler - I've been using reclass for a while now. I was looking at IDA Pro and that was 7k euros so that was not an option. I've ...
- 13
1
vote
2
answers
687
views
Changing the jne to je instruction causes program to generate error
I'm trying to change the instruction from jne to je
I've change an instruction
75 0c jne [some_location]
75 0c is a 2 jump instruction.
So, I've a chaged it to from 75 0c to 74 0c which is ...
- 63
2
votes
1
answer
88
views
How to make the default stack width/offset 8 bytes when debgging in radare2
If you start radare2 in debugging mode like:
r2 -d /usr/bin
you'll be prompted with something similar to:
If you press V for the prompt, you get debugging view with panels. Then, if you select the ...
- 63
3
votes
0
answers
87
views
Cutter console does not show printf result
I'm using last version (2.0.5) of Cutter. I am not able to find a way to display std in/out in Cutter Console. In the picture I cleared the console before starting debugging and you can see it after ...
- 31
0
votes
1
answer
51
views
radare2 convenience variables
gdb allows setting arbitrary convenience variables:
set $a = "test"
set $b = 3
p $a # => "test"
p $b # => 3
Is there a way to do something similar in radare2? I'd like to be ...
- 287
1
vote
1
answer
125
views
File not want to patch. Radare2
I am learning by doing some cracking in files that i made in C. One of this files is this:
file.c:
#include <stdio.h>
#include <stdlib.h>
int main() {
char s[15] = "...
- 113
1
vote
0
answers
170
views
Radare2 Load file from stdin fails
Radare2 supports loading a file from stdin via =. However, my attempts to use it don't work:
$ r2 /bin/ls
Warning: run r2 with -e bin.cache=true to fix relocations in disassembly
[0x00006810]> q
$ ...
- 287
1
vote
1
answer
2k
views
How can I use radare2 to list all xrefs to a string?
radare2 can list all strings with iz , and list all functions with afl. How can I use radar2e to list the XREFs for each string? That is, for each string, which funcs reference it?
I'd like to be ...
- 287
2
votes
0
answers
1k
views
Radare2 cannot open bin for writing
Im on Kali and im using Radare2 but it says
r2 -d bin
Killing child process 16151 due to an error
Killing child process 16152 due to an error
[w] Cannot open 'dbg://./bin' for writing.
I tried chmod +...
- 21
1
vote
0
answers
115
views
Function Arguments/Name on Radare and IDA
I am starting with reverse engineering and Radare and I'm facing the following problem, on IDA Free I see the following code:
mov ecx, 11h
lea edi, [esp+1208h+StartupInfo]
rep stosd
lea ...
- 11
2
votes
1
answer
2k
views
How can I find an external function code correctly in Ghidra and Radare2?
This is a code to call an external function(get_random_name) in the main function
push {fp, lr}
add fp, sp, 4
sub sp, sp, 0x1d8
str r0, [fp, -0x1d8]
str r1, [fp, -0x1dc]
sub r3, fp, 0x44
...
- 119
1
vote
0
answers
74
views
Change return value of a boolean function in arm library
I have an android library (arm cpu) that have a function named GetEisLinkWithDfr() that have a single line that returns boolean value of "true", and I want it to return a value of "...
- 11
2
votes
1
answer
210
views
Radare2 does not reload payload correctly
I'm new to Radare2 so i'm trying to learn it by doing some basic buffer overflows. My problem is that, when i try to load some payloads, the stack seems to fake them in some differents ways...
For ...
- 23