radare2 aims to create a complete, portable, multi-architecture, Unix-like toolchain for reverse engineering. It is composed of a hexadecimal editor (radare) with a wrapped I/O layer supporting multiple backends for local/remote files, debugger (OS X, BSD, Linux, W32), stream analyzer, assembler/disassembler (rasm) for x86, ARM, PPC, m68k, Java, MSIL, and SPARC, code analysis modules, and scripting facilities. It also has a bindiffer named radiff, base converter (rax), a shellcode development helper (rasc), a binary information extractor supporting PE, Mach0, ELF, class, etc. named rabin, and a block-based hash utility called rahash. Radare was rewritten as radare2, and the old version is only maintained for bugfixes.
|Tags||Software Development Debuggers binary viewer malware binary diffing|
|Operating Systems||Linux (32 and 64 bit) Mac OS X Windows (32 and 64bit) BSD Solaris|
|Implementation||C Perl Vala|
Release Notes: New Platforms (Windows64 (mingw64) and OS X 10.7). New commands (ad, pm, wa*, dm*, dh, pdb, ia, /q, ax, dd, and /d). Brainfuck support. hex:// and http:// r_io plugins. Metadata support for rap://. Fixes for several builds (bindings and static). Fixes for many crashes, several memory leaks, and minor bugs.
Release Notes: This release uses BSD tar for releases (GNU tar --format posix lies). It fixes debugger support for i386 and amd64 for: GNU kFreeBSD, FreeBSD, NetBSD, and OpenBSD. It detects page protection permissions in MACH0 sections (from segments). It avoids dangerous flag names by using the r_name_filter before storing. It removes rsc2. It fixes ELF shstrtab/strtab parsing errors and vala r_asm regression.
Release Notes: Better maemo integration, support for fixed graph nodes with user defined contents, a fuzzing script in Lua, a memory protection manager command for Linux/x86 and Win32, support for SPARC disassembler and the MIPS loongson2f debugger, breakpoint-based step command (useful for step-less architectures), relative address display, and many small fixes and usability enhancements.
Release Notes: ASCII art lines in disassembly with code analysis. The debugger has been integrated with the graph view. Usability enhacements in visual mode. Many fixes for stability and feature enhancements. The first GTK port for ARM Linux (maemo). Real-time on-screen string filtering. Support for binary plugins. The Win32 debugger port is mostly fixed and working. Support for opening EnCase forensic images with the EWF plugin. Support for PowerPC and m68k. Initial usb-gecko (Wii debugger) steps. A nicer search engine interface.
Release Notes: A new search engine. I/O plugin layers (debugging, Haret, and POSIX). Debugging on NetBSD. Arguments to the debugged process (radare "dbg:///bin/ls /usr"). Base address ('B' command). xc now can convert from stdin binary data to hex pairs. Date format string and filetime (NTFS) support. Non-readline interface fixes (more orthogonalized). Wide-char support (reading and writing '00' filled strings). Fixes in the visual mode. The debugger can backtrace on Linux/x86 (needs more work). New xor/xorpair hashing algorithms for 'hasher'.