Radare
Binary Analysis and Reverse Engineering Toolkit
Introduction
Radare2 (r2) is an open-source framework for analyzing, debugging, disassembling, and manipulating binaries. It is widely used in reverse engineering, malware analysis, and cybersecurity research.
Features
- Full binary analysis (disassembly, decompilation, and debugging).
- Cross-platform support (Linux, macOS, Windows, etc.).
- Scriptable command-line interface with automation capabilities.
- Built-in hexadecimal editor and binary patching tools.
- Integration with Ghidra, IDA Pro, and other reverse engineering tools.
Installation
- Open a terminal.
- Install Radare2 using:
sudo pacman -S radare2
Install Verification
Check the version to confirm installation:
r2 -v
Uninstall
sudo pacman -R radare2
Usage
Analyze a Binary
r2 /bin/ls
Key Commands (Inside Radare2 CLI)
| Command | Description |
|—————|———————————————-|
| ? | Show help |
| aaa | Perform full binary analysis |
| afl | List identified functions |
| pdf @ main | Display disassembly/pseudocode of main |
| s main | Seek to the main function |
| i | Show binary metadata (architecture, format) |
Example Workflows
Disassemble the main Function
r2 -A /bin/ls # Auto-analyze the binary
pdf @ main # View disassembly of main
Search for Strings in a Binary
izz # List all strings in the binary
Debug an Executable
r2 -d /bin/ls # Start debugging
Common Debugging Commands:
db main # Set breakpoint at main
dc # Continue execution to breakpoint
dr # Show register values
px 32 @ esp # Dump 32 bytes from stack pointer
Official Documentation & More Info
Contributing
Contributions are welcome via GitHub pull requests. See the contributing guidelines.
Support
- Ask questions on the Radare2 Discord.
- Report issues on GitHub.
License
Radare2 is released under the LGPLv3 License.