radare2
Reverse engineer and analyze binaries
TLDR
Open a file in write mode without parsing the file format headers
Debug a program
Run a script before entering the interactive CLI
Display help text for any command in the interactive CLI
Run a shell command from the interactive CLI
Dump raw bytes of current block to a file
SYNOPSIS
r2 [options] [file]
PARAMETERS
-2
Close stderr (useful when piping to r2).
-a
Set architecture (x86, arm, mips, ...).
-A
Run 'aaa' to perform basic analysis.
-b
Set architecture bits (16, 32, 64).
-B
Set base address for file loading.
-c
Execute command after loading file (r2 -c 's main; pdf').
-C
Disable colors.
-d
Debug the executable (implies -n).
-D
Select debugger engine (gdb, native, windbg, ...).
-e
Set environment variable (e key=value).
-E
Display available environment variables.
-f
Force open even if file is not a regular file.
-h
Show help message.
-i
Run r2 script file.
-l
Load r2 plugin library.
-L
List supported file formats.
-m[num]
Enable or disable memory map dialog.
-n
Do not load executable memory map (useful for debugging).
-N
Do not load RBin info (useful to speedup loading).
-o
Open file at given offset.
-O
Pass given options to r_io.
-p[num]
Use project name (or create if it doesnt exists).
-P
List available projects.
-q
Quiet mode (disable welcome message and prompt).
-r
Read file and execute r2 commands.
-R
Same as -r but load r2rc.
-s
Set command prompt string.
-S
Enable sandbox mode (disable write).
-t
Open in thread mode.
-T
Typecheck in r2 scripts.
-u
Undocumented feature.
-v
Show version information.
-V
Show verbose version information.
-w
Enable write mode.
-x
Open file at given hex offset.
-X
Close file descriptor after loading it.
-z
Do not demangle symbol names.
-z
Do not load strings.
-zz
Load strings even in code section.
[file]
File to be analyzed.
DESCRIPTION
radare2 (r2) is a comprehensive, open-source reverse engineering framework and set of command-line tools. It's designed for analyzing, debugging, and manipulating binary files.
r2 supports a wide variety of architectures, file formats, and operating systems, making it a versatile tool for security researchers, malware analysts, and software developers.
It can be used for disassembling code, analyzing control flow, patching binaries, and even writing exploits. The framework is highly modular and extensible, allowing users to customize its functionality through plugins and scripts.
Radare2 is known for its powerful command-line interface and scripting capabilities, enabling complex analysis tasks to be automated. It operates on a 'everything is a file' paradigm, allowing it to handle diverse data sources. It is built around a core library, librz, which provides the fundamental functionalities.
CAVEATS
Radare2 has a steep learning curve due to its powerful but complex command-line interface. Mastering its commands and scripting capabilities requires significant time and effort.
COMMAND MODE
Radare2 operates in different command modes. The most common mode is interactive mode where you enter commands via the prompt. Another important mode is script mode, where you can execute sequences of commands from a file. Other modes, like visual mode (using 'V'), provide an ncurses-based interface.
ANALYSIS COMMANDS
Radare2 provides many commands for analyzing binary files, including 'aa' (analyze all), 'af' (analyze function), 'pdf' (print disassembled function), 's' (seek to address), and 'i' (display file information).
HISTORY
Radare2 was originally written by pancake (Rodrigo Diaz) as a fork of the rizin disassembler, later it was refactored to be an independent project focused on reverse engineering and security analysis.
Over the years, it has evolved into a feature-rich framework with extensive community support and continuous development.
Radare2 is used in a wide range of applications, from analyzing malware and finding vulnerabilities to disassembling embedded systems and exploring file formats.