rabin2
Analyze binary files, extract information
TLDR
Display general information about a binary (architecture, type, endianness)
Display linked libraries
Display symbols imported from libraries
Display strings contained in the binary
Display the output in JSON
SYNOPSIS
rabin2 [-options] [file]
PARAMETERS
-A
Show all info (same as -BceghijlmsSz).
-B
Show basic binary information.
-c
List code metadata (code analysis must be performed first, 'aa').
-C
List classes (java).
-d
Show directory of classes.
-D
Display information about shared object dependencies.
-e
Show entrypoint(s) address.
-E
Show address of ELF entrypoint (if any).
-f
Show file format information.
-F [string]
Find matching strings in the binary (like iS).
-g
Show information about global offset table (GOT).
-G
Display the file hash. Default algorithm is sha256.
-h
Show header fields.
-H
Display hash value of the header.
-i
Show imports (dynamic symbols).
-I
Show binary info (same as iEshSm).
-j
Output in JSON format.
-k
Show file version info keys.
-K [key]
Show value of file version info key.
-l
List library dependencies.
-L
List loaded libraries in the current process.
-m
Show main address.
-M
Show address of main (if any).
-n
Show names of symbols only.
-N
Do not demangle symbol names (C++).
-o [offset]
Show offset of file (same as -s).
-O [file]
Load offsets from file.
-p
Show program headers.
-P
Show package information from rpm or dpkg.
-q
Quiet mode (hide error messages).
-Q
List load address offsets
-r
Show relocations.
-R [addr]
Show relocations at address.
-s
Show sections.
-S
Show symbols.
-t
Show file type.
-T
List constructors/destructors.
-u
Show uninitialized data section.
-U
List methods of classes (java).
-v
Show version information.
-V
Show radare2 version and quit.
-w
Show writeable sections.
-x
Extract binary code from file.
-X
Extract text from file.
-z
Show strings.
-Z
Show strings from data section.
DESCRIPTION
rabin2 is a powerful command-line tool that is part of the radare2 reverse engineering framework.
It's designed to extract and analyze metadata from binary files, providing information about symbols, sections, entry points, imports, exports, relocations, and more. rabin2 supports a wide range of binary formats, including ELF, PE, Mach-O, and others. It is commonly used by security researchers, reverse engineers, and software developers to understand the structure and functionality of executable files and libraries. Using rabin2 can help to find vulnerabilities, understand code relationships, and perform code analysis without having to fully disassemble the binary. rabin2 can operate in a non-interactive mode, making it easy to automate its usage. Its output can be customized for various purposes, including scripting and integration with other tools.
USAGE EXAMPLES
rabin2 -i /bin/ls: Shows imported symbols for the /bin/ls executable.
rabin2 -s /bin/ls: Shows sections present in /bin/ls.
rabin2 -j -i /bin/ls: Shows the imports in JSON format.
INTEGRATION WITH RADARE2
rabin2 is designed to work seamlessly with radare2. You can use the information extracted by rabin2 to guide your reverse engineering efforts within the radare2 environment.
For example, you can use the output of rabin2 -e to set breakpoints in radare2.