What is Radare? And its features

Posted by Suraj Singh on December 06, 2018 · 5 mins read

What Is Radare2?

Ans. "Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processors and operating systems." - Wikipedia

In Simple Words, Radare is a Complete Framework That Can Help In Performing Various Type Of Activities, Operations And Functions with binary files. Basically, You Can Consider Radare As a Complete Set Of Tools And Scripts Written in C, That Help To Achieve Various Types Of Goals.

What is Reverse Engineering?

Ans. Actually, Radare in Starting Was Specially Design As A Reverse Engineering Frameworks. As You Can Read Into Their Official Website.

Radare is a portable reversing framework that can...

  • Disassemble (and assemble for) many different architectures
  • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
  • Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
  • Perform forensics on filesystems and data carving
  • Be scripted in Python, Javascript, Go and more
  • Support collaborative analysis using the embedded webserver
  • Visualize data structures of several file types
  • Patch programs to uncover new features or fix vulnerabilities
  • Use powerful analysis capabilities to speed up reversing
  • Aid in software exploitation

What is Binary Exploitation?

Ans. Because Of its Big List of Features. Experts Hacker normally use Radare For Binary Exploitation. Those Who Don't Know What it Is? Binary exploitation is the process of subverting a compiled application such that it violates some trust boundary in a way that is advantageous to you, the attacker.

What is Computer Forensic?

Ans. Forensic is Basically Reverse Engineering of Binary Files. Basically, In Forensic Their main motive is to collect as much as various type of useful information can collect. For More info.. Use Google.

Features Of Radare2

Multi-architecture and multi-platform

  • GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
  • x86{16,32,64}, dalvik, avr, arm, java, powerpc, sparc, mips, bf, csr, m86k, msil, sh
  • pe{32,64}, [fat]mach0{32,64}, elf{32,64}, te, dex and java classes

Highly scriptable in various Scripting Language

  • Vala, Go, Python, Guile, Ruby, Perl, Lua, Java, JavaScript, sh, ..
  • batch mode and native plugins with full internal API access
  • native scripting based in mnemonic commands and macros

Hexadecimal editor

  • 64bit offset support with virtual addressing and section maps
  • Assemble and disassemble from/to many architectures
  • colorizes opcodes, bytes and debug register changes
  • print data in various formats (int, float, disasm, timestamp, ..)
  • search multiple patterns or keywords with binary mask support
  • checksumming and data analysis of byte blocks

IO is wrapped

  • support Files, disks, processes and streams
  • virtual addressing with sections and multiple file mapping
  • handles gdb:// and rap:// remote protocols

Filesystems support

  • allows to mount ext2, vfat, ntfs, and many others
  • support partition types (gpt, msdos, ..)

Debugger support

  • gdb remote and brainfuck debugger support
  • software and hardware breakpoints
  • tracing and logging facilities

Diffing between two functions or binaries

  • graphviz readersly code analysis graphs
  • colorize nodes and edges

Code analysis at opcode, basicblock, function levels

  • embedded simple virtual machine to emulate code
  • keep track of code and data references
  • function calls and syscall decompilation
  • function description, comments and library signatures

Radare2 Supports Various Types of file formats like

  • COFF and derivatives, 
  • including Win32/64/generic PE
  • ELF and derivatives
  • Mach-O (Mach) and derivatives
  • Game Boy and Game Boy Advance cartridges
  • MZ (MS-DOS)
  • Java class
  • dyld cache dump[21]
  • Dex (Dalvik EXecutable)
  • Xbox xbe format[22]
  • Plan9 binaries
  • WinRAR virtual machine[23]
  • File system like the ext family, ReiserFS, HFS+, NTFS, FAT, ...
  • DWARF and PDB file formats for storing additional debug information
  • Lua 5.1
  • Raw binary

Radare2 Supported Instructions Sets

  • Intel x86 family
  • ARM architecture
  • Atmel AVR series
  • Brainfuck
  • Motorola 68k and H8
  • Ricoh 5A22
  • MOS 6502
  • Smartcard PSOS Virtual Machine
  • Java virtual machine
  • MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l
  • PowerPC
  • SPARC Family
  • TMS320Cxxx series
  • Argonaut RISC Core
  • Intel 51 series: 8051/80251b/80251s/80930b/80930s
  • Zilog Z80
  • CR16
  • Cambridge Silicon Radio (CSR)
  • AndroidVM Dalvik
  • DCPU-16
  • EFI bytecode
  • Gameboy (z80-like)
  • Java Bytecode
  • Malbolge
  • Nios II
  • SuperH
  • Spc700
  • Systemz
  • TMS320
  • V850
  • Whitespace
  • XCore

Conclusion: Radare2 Is Damn Cool And Fantastic But Also Very Hard To Learn And Use.

Official Site Of Radare: Click Here