# radare2 utilities


rax2: base converter

# rax2 =2 31337
111101001101001b

# rax2 =16 111101001101001b
0x7a69

# rax2 -s 64656164
dead

# rax2 -S babe
62616265

# rax2 =16 0xbeef^0x7411
0xcafe

rabin2: binary program info extractor

# rabin2 -d challenge # show debug/dwarf information
# rabin2 -e challenge # show entrypoints
# rabin2 -H challenge # show headers
# rabin2 -I challenge # show binary info
# rabin2 -i challenge # show imports
# rabin2 -l challenge # list linked libraries
# rabin2 -R challenge # show relocations
# rabin2 -s challenge # show exported symbols
# rabin2 -S challenge # show sections
# rabin2 -z challenge # show strings inside .data section
# rabin2 -zz challenge # show strings
# rabin2 -g challenge # show all possible information

rasm2: assembler and disassembler tool

# rasm2 -a x86 -b 32 'mov eax, 33' # assemble
# rasm2 -a x86 -b 32 -d -s intel b821000000 # disassemble in intel
# rasm2 -a x86 -b 32 -d -s intel "\x31\xc0\x99\xb0\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x89\xe2\x53\x89\xe1\xcd\x80"
# rasm2 -a x86 -b 32 -E b821000000 # disassemble in esil
# rasm2 -L # list asm plugins
# rasm2 -a avr -b 8 -w spm # describe opcode (spm)

radiff2: unified binary diffing utility

# radiff2 -a x86 -b 64 /bin/true /bin/false 
# radiff2 -a x86 -b 64 -AA -C /bin/true /bin/false # code diffing using grapdiff algorithm

rafind2: advanced commandline hexadecimal editor

# rafind2 -z challenge # display zero-terminated strings
# rafind2 -s secret -X challenge # search a specific string and display hexdump
# rafind2 -m challenge # carve for known file-types

rahash2: block based hashing utility

# rahash2 -L # list available algorithms
# rahash2 -a all challenge # hash the file with all algorithms
# rahash2 -B -b 512 -a entropy challenge # entropy for each 512 byte block
# rahash2 -B -b 512 -a sha512 challenge # sha256 hash for each 512 byte block
# rahash2 -a sha384 -s "1234" # hash a string
# rahash2 -E base91 challenge # encode with base91
# rahash2 -E blowfish -S secretkey challenge # encrypt with blowfish

rarun2: run programs in exotic environments

Directives:
arg[0-3]: set arguments
aslr: enable/disable
clearenv
connect: stdin/stdout/stderr to a socket
input: string passed to stdin
libpath: override shared libraries path
listen: bound stdin/stdout/stderr to a listening socket
preload: a library
program: to be executed
setenv: set value to a given environment variable
setuid: set process user id
sleep: seconds
stdin: select file to read data
stdout: select file to write data
unsetenv: unset one environment variable
# rarun2 program=challenge listen=1234
# nc -v localhost 1234

ragg2-cc: CC frontend for compiling shellcodes

# cat execve.c
int main(){
        char *shell[2];
        shell[0]="/bin/sh";
        shell[1]=0;
        execve("/bin/sh",shell,NULL);
}
# ragg2-cc -a x86 -b 64 -k linux -x execve.c
eb00488d3d1b00000066480f6ec70f294424e8488d7424e831d2b83b0000000f0531c0c32f62696e2f736800

ragg2: frontend for r_egg

# ragg2 -a x86 -b 64 -k linux -f elf -i exec -e xor -c key=0xcc -s
.hex 31c048bbd19d9691d08c97ff48f7db53545f995257545eb03b0f05

# ragg2 -a x86 -b 64 -k linux -f elf -B `ragg2-cc -a x86 -b 64 -k linux -x execve.c` -e xor -c key=0xcc -s
.hex eb00488d3d1b00000066480f6ec70f294424e8488d7424e831d2b83b0000000f0531c0c32f62696e2f736800

No comments: