Radare2 : UNIX-like Reverse Engineering Framework And Command-Line Toolset

Radare2 is a rewrite from scratch of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks.

The radare project started as a simple command-line hexadecimal editor focused on forensics, over time more features were added to support a scriptable command-line low level tool to edit from local hard drives, kernel memory, programs, remote gdb servers and be able to analyze, emulate, debug, modify and disassemble any binary.

  • Install r2 from Git (Clone the repo and run sys/install.sh) or use pip install r2env
  • Read the Official radare2 book
  • COMMUNITY.md engagement
  • CONTRIBUTING.md general rules
  • DEVELOPERS.md to improve r2 for your needs
  • SECURITY.md on vulnerability report instructions
  • USAGE.md for an introductory session
  • INSTALL.md instructions

git clone https://github.com/radareorg/radare2
radare2/sys/install.sh

Plugins

Most of the plugins you need may be available in the stock r2 installation, but you can find more in the r2pm package manager.

r2pm update # initialize and update the package database
r2pm install [pkg] # installs the package

Some of the most installed packages are:

  • r2ghidra the native ghidra decompiler plugin: pdg command
  • esilsolve symbolic execution r2 plugin based on esil and z3
  • r2dec decompiler based on r2 written in js pdd
  • r2frida the frida io plugin r2 frida://0
  • iaito – official graphical interface (Qt)

Operating Systems

Windows (since XP), Linux, Darwin, GNU/Hurd, Apple’s {Mac,i,iPad,watch}OS, Android [Dragonfly, Net, Free, Open] BSD, Z/OS, QNX, Solaris, Haiku, FirefoxOS.

Architectures

i386, x86-64, ARM, MIPS, PowerPC, SPARC, RISC-V, SH, m68k, m680x, AVR, XAP, S390, XCore, CR16, HPPA, ARC, Blackfin, Z80, H8/300, V810, V850, CRIS, XAP, PIC, LM32, 8051, 6502, i4004, i8080, Propeller, Tricore, CHIP-8, LH5801, T8200, GameBoy, SNES, SPC700, MSP430, Xtensa, NIOS II, Java, Dalvik, WebAssembly, MSIL, EBC, TMS320 (c54x, c55x, c55+, c66), Hexagon, Brainfuck, Malbolge, whitespace, DCPU16, LANAI, MCORE, mcs96, RSP, SuperH-4, VAX, AMD Am29000.

File Formats

ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, QNX, WAD, OFF, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems.

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

10 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago