radare2

Open a file in write mode without parsing the file format headers

$ radare2 -nw [path/to/binary]

$ radare2 -d [path/to/binary]

$ radare2 -i [path/to/script.r2] [path/to/binary]

$ [radare2_command]?

$ ![shell_command]

$ > pr > [path/to/file.bin]

r2 [OPTIONS] [FILE]
r2 [OPTIONS] -- [ARGS]

-a
    Specify architecture (e.g., x86, arm, mips). Use 'r2 -a ?' for a list of supported architectures.

-b
    Specify register size / bitness (e.g., 16, 32, 64). Overrides auto-detection.

-D
    Use the given debugger profile (e.g., 'rap' for r_a_p, 'gdb' for gdbserver). Use 'r2 -D ?' for a list of supported debuggers.

-d
    Open in debug mode. If a file is specified, it opens for debugging; otherwise, it attaches to a process ID (PID).

-e
    Set an r2 configuration variable (e.g., 'scr.color=true', 'asm.bits=32').

-i
    Execute commands from a script file before the r2 prompt is shown. Can be specified multiple times.

-q
    Quiet mode: suppress radare2 startup messages and only show the prompt.

-p
    Load or create a project file. Projects save analysis information, flags, comments, and other metadata.

-c ''
    Execute a single radare2 command before the r2 prompt. Can be specified multiple times.

-s
    Seek to a specified address or offset in the binary upon loading. Accepts numeric addresses or flag names.

-w
    Open the file in write mode, allowing modifications to the binary.

-A
    Perform automatic analysis passes when the file is loaded. This can take time for large binaries.

-R
    Open the file in read-only mode, preventing accidental modifications.

-N
    Do not load any r2plugins, useful for debugging or specific scenarios.

-V
    Display the radare2 version information and exit.

-h
    Display a brief help message and exit.

radare2 (r2) is an open-source, cross-platform command-line framework for reverse engineering, binary analysis, and debugging. It provides a comprehensive suite of tools for disassembling, analyzing, patching, and debugging binary executables, malware, and firmware.

It supports a wide range of architectures (x86, ARM, MIPS, PowerPC, etc.) and file formats (ELF, PE, Mach-O, Java, WebAssembly, etc.). r2 is known for its powerful, scriptable command-line interface, which allows for deep programmatic interaction with binary data. It can be used for tasks ranging from simple file viewing and hex editing to complex malware analysis, vulnerability research, and exploit development.

While it has a steep learning curve due to its extensive feature set and unique command syntax, its modular design and extensibility via plugins make it an invaluable tool for security researchers, malware analysts, and developers working with low-level code.

radare2 has a notoriously steep learning curve due to its extensive command-line interface and highly modular structure. Users often need to be familiar with assembly language, binary formats, and reverse engineering concepts. While powerful, its text-based UI can be less intuitive than graphical tools like IDA Pro or Ghidra, especially for beginners. The project is under active development, so commands and features might evolve, and documentation can sometimes lag behind the latest changes. Performance can also be an issue with very large or complex binaries, especially during initial analysis passes.

radare2 operates primarily through its command-line interface. Users interact with the binary by typing commands, which are often mnemonic (e.g., 's' for seek, 'pd' for print disassembly, 'px' for print hexdump). It supports various 'modes' like visual mode ('V') for interactive analysis and graphical representations, and debug mode ('d') for live debugging. The framework's power comes from chaining these commands and leveraging its deep understanding of binary structures.

One of radare2's key strengths is its extensibility. It features a rich plugin architecture allowing users to add support for new architectures, file formats, analysis algorithms, and visualization tools. Furthermore, nearly all of its functionality can be accessed and automated via scripting through its powerful JSON output and bindings for various programming languages, including Python, Go, Rust, and JavaScript, making it highly adaptable for custom analysis workflows.

radare2 was initially conceived by Sergi Álvarez (pancake) in 2006 as a simple command-line hexadecimal editor. Over time, it grew organically into a full-fledged reverse engineering framework, incorporating features for disassembly, analysis, debugging, and exploitation. Its development has been driven by a strong open-source community, making it a powerful and free alternative to commercial reverse engineering solutions like IDA Pro. Its modular architecture and extensive API have fostered a vibrant ecosystem of plugins and integrations, cementing its role as a leading tool in the security research and malware analysis domains.

objdump(1), readelf(1), gdb(1), binwalk(1), strings(1), hexdump(1)