radare2

Reverse engineering and binary analysis framework

TLDR

Open binary for analysis

$ r2 [binary]

Open in write mode

$ r2 -w [binary]

Open at specific address

$ r2 -s [0x1000] [binary]

Debug binary

$ r2 -d [binary]

Analyze on open

$ r2 -A [binary]

Open without any analysis

$ r2 -n [binary]

Attach to running process

$ r2 -d [pid]

Run command and quit

$ r2 -qc "[pdf]" [binary]

SYNOPSIS

r2 [-Adnw] [-s addr] [-c cmd] [options] file

radare2 (r2) is an open-source reverse engineering framework for binary analysis, debugging, and exploitation. It disassembles, analyzes, and patches binaries across many architectures and formats.
The tool operates through a command-line interface with hundreds of commands. Commands are typically short mnemonics: 'p' for print, 'a' for analyze, 's' for seek. Help is available by appending '?' to any command prefix.
Analysis identifies functions, strings, cross-references, and control flow. The 'aaa' command performs comprehensive analysis. Results populate databases queryable through commands.
Visual modes provide cursor-based navigation and graph views. Function graphs show control flow with block connections. Hex editing mode enables direct binary modification.
Debugging integrates natively, attaching to processes or launching programs. Breakpoints, stepping, register manipulation, and memory inspection work across supported platforms.
Scripting uses r2pipe for external automation (Python, JavaScript, etc.) or internal radare2 scripts. Extensive plugin API enables custom analysis.

PARAMETERS

-A

Analyze all referenced code.

-a ARCH

Set architecture.

-b BITS

Set bit size (16, 32, 64).

-c CMD

Execute command.

-d

Debug mode.

-n

No analysis on load.

-w

Open in write mode.

-s ADDR

Seek to address.

-q

Quiet mode, exit after -c commands.

-i FILE

Run script file.

-p PROJECT

Use project file.

-e KEY=VALUE

Set configuration option.

CONFIGURATION

~/.radare2rc

Startup configuration file executed on launch, containing default settings and commands to run automatically.

-e key=value

Runtime configuration variables controlling analysis depth, display format, and tool behavior. Use `e??` inside r2 to list all options.

~/.local/share/radare2/projects/

Project files saving analysis state including function names, comments, and flags for resuming work on a binary.

COMMANDS

pdf

Disassemble function.

afl

List functions.

aaa

Analyze all.

s addr

Seek to address.

Enter visual mode.

Enter graph mode.

px N

Print N bytes as hex.

db addr

Set breakpoint.

Continue execution.

Show registers.

Show help.

Quit.

CAVEATS

Steep learning curve - command syntax takes time to master. Documentation can be sparse. Analysis may miss obfuscated code. Some features platform-specific. Memory usage grows with analysis depth. Competing with Ghidra/IDA on features.

HISTORY

radare2 was created by pancake (Sergi Alvarez) around 2006, evolving from the original radare. It grew from a hex editor to a full reverse engineering platform. The project emphasizes freedom, portability, and Unix philosophy. Despite its complexity, it has a dedicated community and is used in CTF competitions and security research.