radare2

r2 [-a arch] [-b bits] [-B baddr] [-c cmd] [-e k=v] [-i file] [-I prefile] [-k kernel] [-m addr] [-p project] [-P patch] [-r rarun2] [-R rr2rule] [-s addr] [-0AdfDjLMnNqStTuVwxX] file

radare2 (r2) is an open-source reverse engineering framework for binary analysis, debugging, and exploitation. It disassembles, analyzes, and patches binaries across many architectures and formats.The tool operates through a command-line interface with hundreds of commands. Commands are typically short mnemonics: 'p' for print, 'a' for analyze, 's' for seek. Help is available by appending '?' to any command prefix.Analysis identifies functions, strings, cross-references, and control flow. The 'aaa' command performs comprehensive analysis. Results populate databases queryable through commands.Visual modes provide cursor-based navigation and graph views. Function graphs show control flow with block connections. Hex editing mode enables direct binary modification.Debugging integrates natively, attaching to processes or launching programs. Breakpoints, stepping, register manipulation, and memory inspection work across supported platforms.Scripting uses r2pipe for external automation (Python, JavaScript, etc.) or internal radare2 scripts. Extensive plugin API enables custom analysis.

-A

Run 'aaa' command to analyze all referenced code before prompt.

Force asm.arch (x86, ppc, arm, mips, bf, java, ...).

Force asm.bits (16, 32, 64).

Specify the base address for loading a new binary.

Execute the given command before giving prompt.

Start in debugger mode.

Enable debug mode with a specific debug backend.

Set configuration eval variable key=value.

Set blocksize to file size.

Run script file after the file is loaded.

Run script file before the file is loaded.

Select kernel (asm.os) for syscall resolution.

Load a given plugin file.

List loaded IO plugins.

Map file at given address.

Disable demangling.

Do not perform any analysis. Just load the raw file.

Only load the rbin structures (elf, mach0, ...).

Do not load user settings or projects from ~/.radare2rc.

Set project file.

Apply rapatch file and quit.

Quiet mode. Exit after running -c commands.

Specify dbg.profile rarun2 profile for spawning programs.

Specify custom rarun2 directives without creating a profile.

Start seeking at this address.

Enable sandboxed mode.

Avoid computing file hashes.

Show version information and exit.

Open in write mode.

~/.radare2rc

Startup configuration file executed on launch, containing default settings and commands to run automatically. Use -N to skip loading.

Runtime configuration variables controlling analysis depth, display format, and tool behavior. Use `e??` inside r2 to list all options.

Project files saving analysis state including function names, comments, and flags for resuming work on a binary.

pdf

Disassemble function.

List functions.

Analyze all (functions, references, strings, etc.).

Seek to address.

Enter visual mode.

Enter graph mode.

Print N bytes as hex.

List strings in data sections.

List imports.

List entrypoints.

Set breakpoint.

Continue execution.

Step one instruction.

Show registers.

Show help. Append ? to any command prefix for subcommand help.

Quit.

Steep learning curve - command syntax takes time to master. Documentation can be sparse. Analysis may miss obfuscated code. Some features are platform-specific. Memory usage grows with analysis depth.

radare2 was created by pancake (Sergi Alvarez) around 2006, evolving from the original radare. It grew from a hex editor to a full reverse engineering platform. The project emphasizes freedom, portability, and Unix philosophy. Despite its complexity, it has a dedicated community and is used in CTF competitions and security research.

objdump(1), gdb(1), ltrace(1), strace(1), readelf(1), strings(1), xxd(1)