LinuxCommandLibrary

rabin2

Analyze binary files, extract information

TLDR

Display general information about a binary (architecture, type, endianness)

$ rabin2 -I [path/to/binary]
copy

Display linked libraries
$ rabin2 -l [path/to/binary]
copy

Display symbols imported from libraries
$ rabin2 -i [path/to/binary]
copy

Display strings contained in the binary
$ rabin2 -z [path/to/binary]
copy

Display the output in JSON
$ rabin2 -j -I [path/to/binary]
copy

SYNOPSIS

rabin2 [-options] [file]

PARAMETERS

-A
    Show all info (same as -BceghijlmsSz).

-B
    Show basic binary information.

-c
    List code metadata (code analysis must be performed first, 'aa').

-C
    List classes (java).

-d
    Show directory of classes.

-D
    Display information about shared object dependencies.

-e
    Show entrypoint(s) address.

-E
    Show address of ELF entrypoint (if any).

-f
    Show file format information.

-F [string]
    Find matching strings in the binary (like iS).

-g
    Show information about global offset table (GOT).

-G
    Display the file hash. Default algorithm is sha256.

-h
    Show header fields.

-H
    Display hash value of the header.

-i
    Show imports (dynamic symbols).

-I
    Show binary info (same as iEshSm).

-j
    Output in JSON format.

-k
    Show file version info keys.

-K [key]
    Show value of file version info key.

-l
    List library dependencies.

-L
    List loaded libraries in the current process.

-m
    Show main address.

-M
    Show address of main (if any).

-n
    Show names of symbols only.

-N
    Do not demangle symbol names (C++).

-o [offset]
    Show offset of file (same as -s).

-O [file]
    Load offsets from file.

-p
    Show program headers.

-P
    Show package information from rpm or dpkg.

-q
    Quiet mode (hide error messages).

-Q
    List load address offsets

-r
    Show relocations.

-R [addr]
    Show relocations at address.

-s
    Show sections.

-S
    Show symbols.

-t
    Show file type.

-T
    List constructors/destructors.

-u
    Show uninitialized data section.

-U
    List methods of classes (java).

-v
    Show version information.

-V
    Show radare2 version and quit.

-w
    Show writeable sections.

-x
    Extract binary code from file.

-X
    Extract text from file.

-z
    Show strings.

-Z
    Show strings from data section.

DESCRIPTION

rabin2 is a powerful command-line tool that is part of the radare2 reverse engineering framework.
It's designed to extract and analyze metadata from binary files, providing information about symbols, sections, entry points, imports, exports, relocations, and more. rabin2 supports a wide range of binary formats, including ELF, PE, Mach-O, and others. It is commonly used by security researchers, reverse engineers, and software developers to understand the structure and functionality of executable files and libraries. Using rabin2 can help to find vulnerabilities, understand code relationships, and perform code analysis without having to fully disassemble the binary. rabin2 can operate in a non-interactive mode, making it easy to automate its usage. Its output can be customized for various purposes, including scripting and integration with other tools.

USAGE EXAMPLES

rabin2 -i /bin/ls: Shows imported symbols for the /bin/ls executable.
rabin2 -s /bin/ls: Shows sections present in /bin/ls.
rabin2 -j -i /bin/ls: Shows the imports in JSON format.

INTEGRATION WITH RADARE2

rabin2 is designed to work seamlessly with radare2. You can use the information extracted by rabin2 to guide your reverse engineering efforts within the radare2 environment.
For example, you can use the output of rabin2 -e to set breakpoints in radare2.

SEE ALSO

radare2(1), r2(1)

Copied to clipboard