Awesome Radare2
A curated list of awesome projects, articles and the other materials powered by Radare2.
What is Radare2?
Radare is a portable reversing framework that can...
- Disassemble (and assemble for) many different architectures
- Debug with local native and remote debuggers (gdb, rap, r2pipe, winedbg, windbg, ...)
- Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
- Perform forensics on filesystems and data carving
- Be scripted in Python, Javascript, Go and more
- Visualize data structures of several file types
- Patch programs to uncover new features or fix vulnerabilities
- Use powerful analysis capabilities to speed up reversing
- Aid in software exploitation
More info here.
Table of Contents
Awesome Radare2 Materials
Books
Videos
Recordings
- r2pipe - connector to r2
- Solving a Self-modifying Crackme with r2pipe EMU vs DBG vs XOR
- Creating a keygen for FrogSek KGM#1 - by @binaryheadache
- Radare2 - An Introduction with a simple CrackMe - Part 1 - by @antojosep007
- Introduction To Reverse Engineering With Radare2
- Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
- Solving a Crackme with Cutter and Z3
- Handling self modifying code (SMC) with radare2
- Introduction to r2dec
- radare2 explained - write over
- radare2 explained - Text transformations
- Solving "Dialtone" from Google CTF 2019 Quals using Cutter
Asciinemas
- metasploit x86/shikata_ga_nai decoder using r2pipe and ESIL
- ESIL for Windows programm (IOLI-crackme 0x02)
- Filter for string's searching (urls, emails)
- Manual unpacking UPX on linux 64-bit
- radare2 classes recovery from rtti itanium
- example of finding ROP gadgets in dyld library cache
Conferences
- HITB2019AMS - Overcoming Fear: Reversing with radare2 - by @arnaugamez
- r2con 2019 - videos, r2con 2019 - materials
- r2con 2018
- r2con 2017
- LinuxDays 2017 - Disassembling with radare2
- SUE 2017 - Reverse Engineering Embedded ARM Devices
- radare demystified (33c3)
- r2con 2016
- Reversing with Radare2 - OverDrive Conference
- Radare2 & frida hack-a-ton 2015
- Radare from A to Z 2015
- Reverse engineering embedded software using Radare2 - Linux.conf.au 2015
- OggCamp - Shellcode - vext01
- radare2 In Conversation - Richard Seymour
- recon2017 - Bubble Struggle Call Graph Visualization with Radare2 - by mari0n
Slides and Workshops
- Radare2 cheat-sheet
- r2m2 - radare2 + miasm2 =
β₯ - Radare2 Workshop 2015 (Defcon)
- Emulating Code In Radare2
- Radare from A to Z 2015
- Radare2 Workshop 2015 (Hack.lu)
- Radare2 & frida hack-a-ton 2015
- radare2: evolution
- radare2: from forensics to bindiffing
- ESIL, the Universal IL for radare2 (ZeroNights)
- Brief intro to RE using @radareorg
Tutorials and Blogs
- Configuring and running radare2 on mobile Android phones
- Arbitrary Code Guard vs. Kernel Code Injections
- Radare2 Practical Guide - by @koffiezuiper
- Radare2 Supporting a new architecture - by @koffiezuiper
- Reversing a Self-Modifying Binary with radare2 - by @megabeets_
- Linux Malware by @MalwareMustDie
- Radare2 - Using Emulation To Unpack Metasploit Encoders - by @xpn
- Reverse engineering a Gameboy ROM with radare2 - by @megabeets_
- radare2 as an alternative to gdb-peda
- How to find offsets for v0rtex (by Siguza)
- Debugging a Forking Server with r2
- Defeating IOLI with radare2 in 2017
- Using r2 to analyse Minidumps
- Android malware analysis with Radare: Dissecting the Triada Trojan
- Reversing EVM bytecode with radare2
- Radare2βs Visual Mode
- Crackme0x03 Dissected with Radare2
- Crackme0x02 Dissected with Radare2
- Crackme0x01 Dissected with Radare2
- Debugging Using Radare2β¦ and Windows! - by @jacob16682
- Decrypting APT33βs Dropshot Malware with Radare2 and Cutter β Part 1 - by @megabeets_
- Decrypting APT33βs Dropshot Malware with Radare2 and Cutter β Part 2 - by @megabeets_
- A journey into Radare 2 β Part 2: Exploitation - by @megabeets_
- A journey into Radare 2 β Part 1: Simple crackme - by @megabeets_
- Reverse Engineering With Radare2 - by @insinuator
- radare2 redux: Single-Step Debug a 64-bit Executable and Shared Object
- Reversing and Exploiting Embedded Devices: The Software Stack (Part 1)
- Binary Bomb with Radare2 - by @binaryheadache
- crackserial_linux with radare2 - by @binaryheadache
- Examining malware with r2 - by @binaryheadache
- Breaking Cerber strings obfuscation with Python and radare2 - by @aaSSfxxx
- Radare2 of the Lost Magic Gadget - by @0xabe_io
- Radare 2 in 0x1E minutes - by @superkojiman
- Pwning With Radare2 - by @crowell
- How to radare2 a fake openssh exploit - by jvoisin
- Disassembling 6502 code with Radare β Part I - by @ricardoquesada
- Disassembling 6502 code with Radare β Part II - by @ricardoquesada
- Unpacking shikata-ga-nai by scripting radare2
- This repository contains a collection of documents, scripts and utilities that will allow you to use IDA and R2
- Raspberry PI hang instruction - by @pancake
- Reverse Engineering With Radare2, Part 1 - by @sam_symons
- Simple crackme with Radare2 - by @futex90
- Pwning With Radare2 - by @crowell
- Reversing the FBI malware's payload (shellcode) with radare2 - by @MalwareMustDie
- ROPping to Victory
- ROPping to Victory - Part 2, split
- Radare2 IO plugin tutorial
- Unpacking Executables - The ESP Trick
- Linux Malware AnalysisβββWhy Homebrew Encryption is Bad
- Writing A Malware Config Parser Using Radare2 And Ruby
- Hackaday Superconference Badge Hacking
- OnePlus Device Root Exploit: Backdoor in EngineerMode App for Diagnostics Mode
- GSoC 2018 Final: Debugging and Emulation Support for Cutter
- GSoC 2018 Final: Console Interface Improvementes
- GSoC 2018 Radeco Pseudo C Code Generation
- GSoC'18 Final: Type inference
- Easy way for analyzing the GootKit banking malware with radare2 - by @D00RT
- Decrypting Mirai Configuration With Radare2 (Part 1)
- Decrypting Mirai Configuration With Radare2 (Part 2)
- Reversing Bushido IOT Botnet by ZullSec
- Emulating Decryption Function With Radare2
- Automating RE Using r2pipe
- Unstacking Strings with Cutter and Radare2
- English Report of "FHAPPI Campaign" : FreeHosting APT PowerSploit Poison Ivy
- Binary patching and intro to assembly with r2
- Ground Zero: Part 3-2 β Reverse Engineering β Patching Binaries with Radare2 β ARM64
- Intro to radare2 for malware analysi - by @asoni
- Intro to cutter for malware analysis - by @asoni
- Binary Analysis with Jupyter and Radare2
- Down the Rabbit Hole - Part II: Analyzing an EFI Application with Radare2 - by @ihavelotsofspac
- Down the Rabbit Hole - Part III: Patching the Whitelist - by @ihavelotsofspac
- Reversing C code in x64 systems with Radare2 part I
- Reversing x64 linux code with Radare2 part II
- Deobfuscating APT32 Flow Graphs with Cutter and Radare2
- Intro to Reversing iOS Swift Apps with radare2
- MMD-0064-2019 - Linux/AirDropBot
- Dynamic Instrumentation: Frida And r2frida For Noobs
CTF Writeups
- Reversing MalwareTech challenge with Radare2 and inline assembly
- Solving avatao's "R3v3rs3 4" - by @sghctoma
- Solving βheapβ from defcon 2014 qualifier with r2 - by @alvaro_fe
- Exploiting ezhp (pwn200) from PlaidCTF 2014 with radare2
- Write-ups from RHME3 pre-qualifications at RADARE2 conference
- Hackover CTF 2016 - tiny_backdoor writeup
- Baleful was a challenge relased in picoctf
- At Gunpoint Hacklu 2014 With Radare2 - by @crowell
- Solving game2 from the badge of Black Alps 2017 with radare2
- ROPEmporium: Pivot 64-bit CTF Walkthrough With Radare2
- ROPEmporium: Pivot 32-bit CTF Walkthrough With Radare2
- Gynvael - Mission 22 - Solution
- Xiomara CTF 2018 - Slammer
- mrmcd ctf 2017 - once_upon_a_time
- Pinky's Palace siege
- Introduction to Reverse Engineering with radare2 Cutter - Part I
- Introduction to Reverse Engineering with radare2 Cutter - Part II
- Introduction to Reverse Engineering with radare2 Cutter - Part III
- Android OWASP crackmes: Write-up UnCrackable Level 2
Tools
- Docker image encapsulates the reverse-engineering framework
- Malfunction - Malware Analysis Tool using Function Level Fuzzy Hashing
- rarop - graphical ROP chain builder using radare2 and r2pipe
- Radare2 and Frida better together
- r2frida wiki
- Android APK analyzer based on radare2
- Cutter - A Qt and C++ GUI for radare2
- Fuzzing tool (TFuzz): a fuzzing tool based on program transformation
- Radare2 VMI IO and debugger plugins
- Radare2 module for Yara
- predator - genetic Algorithm in C++ to evolve assembly opcodes to harm the linux system in order to identify red flags or vulnerabilities
- radare2 + miasm2
- Use angr inside the radare2 debugger. Create an angr state from the current debugger state.
- Bootloader research tools (very much a work in progress)
- ICSREF: ICS Reverse Engineering Framework
- Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database. Supporting radare2
- Deep ghidra decompiler integration for radare2
Scripts
- r2kit - a set of scripts for a radare-based malware code analysis workflow - by @cmatthewbrooks
- Malware analysis toolbox
- helper radare2 script to analyze UEFI firmware modules
- ThinkPwn Scanner - by @d_olex and @trufae
- radare2-lldb integration
- create a YARA signature for the bytes of the current function
- A radare2 Plugin to perform symbolic execution with a simple macro call (r2 + angr)
- Just a simple radare2 Jupyter kernel
- r2scapy - a radare2 plugin that decodes packets with Scapy
- A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
- radare2 plugin - converts asm to pseudo-C code (experimental)
- A python script using radare2 for decrypt and patch the strings of GootKit malware
- Collection of scripts for radare2 for MIPS arch
- Extract functions and opcodes with radare2 - by @andrewaeva
- r2-ropstats - a set of tools based on radare2 for analysis of ROP gadgets and payloads
- Patch kextd using radare2
- Python-r2pipe script that draws ascii and graphviz graphs of library dependencies
- Simple XOR DDOS strings deobfuscator - by @NighterMan
- Decode multiple shellcodes encoded with msfencode - by @NighterMan
- Baleful CTF task plugins
- Integration of pwntools and radare2
- r2scapy - a radare2 plugin that decodes packets with Scapy - by @guedou
- Deobfuscation of API calls in Bitpaymer (v2)
- Prints agx (cross reference graph) with 2 caller levels
- radare2 script to autoname functions by taking it from the assert calls
- r2 plugin to read/write memory using the checkm8 exploit