# radare2 utilities


rax2: base converter

# rax2 =2 31337
111101001101001b

# rax2 =16 111101001101001b
0x7a69

# rax2 -s 64656164
dead

# rax2 -S babe
62616265

# rax2 =16 0xbeef^0x7411
0xcafe

rabin2: binary program info extractor

# rabin2 -d challenge # show debug/dwarf information
# rabin2 -e challenge # show entrypoints
# rabin2 -H challenge # show headers
# rabin2 -I challenge # show binary info
# rabin2 -i challenge # show imports
# rabin2 -l challenge # list linked libraries
# rabin2 -R challenge # show relocations
# rabin2 -s challenge # show exported symbols
# rabin2 -S challenge # show sections
# rabin2 -z challenge # show strings inside .data section
# rabin2 -zz challenge # show strings
# rabin2 -g challenge # show all possible information

rasm2: assembler and disassembler tool

# rasm2 -a x86 -b 32 'mov eax, 33' # assemble
# rasm2 -a x86 -b 32 -d -s intel b821000000 # disassemble in intel
# rasm2 -a x86 -b 32 -d -s intel "\x31\xc0\x99\xb0\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x89\xe2\x53\x89\xe1\xcd\x80"
# rasm2 -a x86 -b 32 -E b821000000 # disassemble in esil
# rasm2 -L # list asm plugins
# rasm2 -a avr -b 8 -w spm # describe opcode (spm)

radiff2: unified binary diffing utility

# radiff2 -a x86 -b 64 /bin/true /bin/false 
# radiff2 -a x86 -b 64 -AA -C /bin/true /bin/false # code diffing using grapdiff algorithm

rafind2: advanced commandline hexadecimal editor

# rafind2 -z challenge # display zero-terminated strings
# rafind2 -s secret -X challenge # search a specific string and display hexdump
# rafind2 -m challenge # carve for known file-types

rahash2: block based hashing utility

# rahash2 -L # list available algorithms
# rahash2 -a all challenge # hash the file with all algorithms
# rahash2 -B -b 512 -a entropy challenge # entropy for each 512 byte block
# rahash2 -B -b 512 -a sha512 challenge # sha256 hash for each 512 byte block
# rahash2 -a sha384 -s "1234" # hash a string
# rahash2 -E base91 challenge # encode with base91
# rahash2 -E blowfish -S secretkey challenge # encrypt with blowfish

rarun2: run programs in exotic environments

Directives:
arg[0-3]: set arguments
aslr: enable/disable
clearenv
connect: stdin/stdout/stderr to a socket
input: string passed to stdin
libpath: override shared libraries path
listen: bound stdin/stdout/stderr to a listening socket
preload: a library
program: to be executed
setenv: set value to a given environment variable
setuid: set process user id
sleep: seconds
stdin: select file to read data
stdout: select file to write data
unsetenv: unset one environment variable
# rarun2 program=challenge listen=1234
# nc -v localhost 1234

ragg2-cc: CC frontend for compiling shellcodes

# cat execve.c
int main(){
        char *shell[2];
        shell[0]="/bin/sh";
        shell[1]=0;
        execve("/bin/sh",shell,NULL);
}
# ragg2-cc -a x86 -b 64 -k linux -x execve.c
eb00488d3d1b00000066480f6ec70f294424e8488d7424e831d2b83b0000000f0531c0c32f62696e2f736800

ragg2: frontend for r_egg

# ragg2 -a x86 -b 64 -k linux -f elf -i exec -e xor -c key=0xcc -s
.hex 31c048bbd19d9691d08c97ff48f7db53545f995257545eb03b0f05

# ragg2 -a x86 -b 64 -k linux -f elf -B `ragg2-cc -a x86 -b 64 -k linux -x execve.c` -e xor -c key=0xcc -s
.hex eb00488d3d1b00000066480f6ec70f294424e8488d7424e831d2b83b0000000f0531c0c32f62696e2f736800

1 comment:

Blogger said...

If you need your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (even if they're dating somebody else now) you got to watch this video
right away...

(VIDEO) Why your ex will NEVER get back...