radare.today - Subscribe

The Official Radare Blog

Radare.today Spined HTML

The Official Radare Blog http://radare.today/ Recent content on The Official Radare Blog Hugo -- gohugo.io en-us Fri, 31 Aug 2018 00:00:00 +0000 Radare2 and bioinformatics: a good match? http://radare.today/posts/radare2-bioinformatics/ Fri, 31 Aug 2018 00:00:00 +0000 http://radare.today/posts/radare2-bioinformatics/ Intro Ahead of this years’ radarecon, pancake nudged me into discussion we both have well-nigh how software reverse engineering and bioinformatics compare and might complement each other, if at all. Inspired by Bunnie Huang’s writeups on (computational) biology as a living example of a cross-domain polymath, I’ll struggle to write lanugo some thoughts and pointers on how radare could be used (or not) in bioinformatics and hopefully manage expectations on what’s possible today. GSoC 2018 Final: Debugging and Emulation Support for Cutter http://radare.today/posts/cutter_debug/ Mon, 20 Aug 2018 11:52:13 +0000 http://radare.today/posts/cutter_debug/ Intro Hi, I’m mandlebro and during the summer I worked on the GSOC project “Debugging and Emulation Support for Cutter”. The goal of this GSOC project was to integrate radare2’s debugging and emulation capabilities in Cutter. You can trammels all my commits in the pursuit links: Cutter commits radare2 commitsRipenedfeatures During the elapsing of the project I both worked in radare2 and Cutter. On radare2 side I provided a json interface to existing r2 commands so that they could be well parsed on Cutter side as well as worked on some ESIL features. GSoC 2018 Final:PanelInterface Improvementes http://radare.today/posts/cli_improvements/ Sun, 19 Aug 2018 08:27:46 +0200 http://radare.today/posts/cli_improvements/ Introduction Hi, I’m cyanpencil and I was selected for thePanelInterface Improvement task for the 2018 edition of the GSoC. I had a lot of fun spending this summer coding for radare. I learned so many things, and had an wondrous wits overall. I am very grateful to my mentors, Xvilka, Pancake and Maijin, they were unchangingly present and closely followed me during the unshortened summer. My task was to modernize some aspects of the terminal interface of radare2. GSoC 2018:TenancyFlow Structuring for Radeco-lib http://radare.today/posts/gsoc_2018_radeco_cfs/ Sun, 12 Aug 2018 21:42:12 -0400 http://radare.today/posts/gsoc_2018_radeco_cfs/ GSoC 2018:TenancyFlow Structuring for Radeco-lib Introduction This summer, I implemented the tenancy spritz structuring algorithm described in NoIncreasinglyGotos. The algorithm takes a program represented as a tenancy spritz graph and converts it into a semantically equivalent program but with all tenancy spritz represented with C-like tenancy spritz statements (e.g. if-statements, while-loops, etc.) and zero goto statements. Example bool c0 = test0(); if (!c0) { run1(); } if (c0 && test2()) { run4(); } else { run3(); } run5(); Algorithm Overview This section is substantially a (very brief) summary of NoIncreasinglyGotos. Gsoc 2018 Radeco Pseudo CLawmakingGeneration http://radare.today/posts/gsoc_2018_radeco_pseudo_c_code_generation/ Sun, 12 Aug 2018 23:26:15 +0900 http://radare.today/posts/gsoc_2018_radeco_pseudo_c_code_generation/ GSoC 2018 Radeco Pseudo CLawmakingGeneration Introduction This summer, I was working on C-like pseudocode generation with radeco. Althrough radeco was worldly-wise to unriddle executables, it could not decompile analyzed executables. My work allows to use radeco for generating C-like pseudocode from analyzed executables. Usage Installation Note: Nightly Rust is required. You can install it using rustup. $ rustup install nightly $ rustup default nightly $ git clone https://github. GSoC'18 Final: Type inference http://radare.today/posts/type_inference/ Sun, 12 Aug 2018 01:45:16 +0200 http://radare.today/posts/type_inference/ GSoC has scrutinizingly been finished. I would like to summarize my work washed-up so far this summer. The goal of this task was to integrate types handling into the radare2 wringer loop, including will-less inference and suggestions. Example C - source lawmaking #include <stdio.h> #include <stdlib.h> #include <string.h> void main() { int length, length2; char *final; char *s1 = "Hello"; char *s2 = " r2-folks"; length = strlen (s1); length2 = strlen (s2); }Surpassingmy work / (fcn) sym. Background Tasks in radare2 http://radare.today/posts/background_tasks/ Tue, 03 Jul 2018 20:45:00 +0200 http://radare.today/posts/background_tasks/ Recently, I have been working on improving performance in Cutter, the radare2 GUI, expressly when working with larger binaries. One major issue was that scrutinizingly everything that accessed r2, such as updating the list of functions, strings, etc., was running on the main thread, and thus freezing the UI. While this is barely noticeable with smaller binaries, it can lead to a severe impact on usability for larger ones. Android Crackme and Structure offset propagation http://radare.today/posts/crackme_with_tl/ Sat, 16 Jun 2018 01:45:16 +0200 http://radare.today/posts/crackme_with_tl/ Today we will squint into the recently introduced full-length in r2 - structure offset propagation. We will use it to solve a crackme based on reversing an Android JNI (Java Native Interface) library.Beware that the full-length is still WIP and stuff constantly improved. This rencontre is originally from NDH2012-wargame, so we are provided with an NDH.apk file, now without decompiling and using JD-GUI to scan through the lawmaking we can find some interesting functions : GSoC'18 Progress Report - May http://radare.today/posts/gsoc_2018_progress_report_may/ Thu, 31 May 2018 01:45:16 +0200 http://radare.today/posts/gsoc_2018_progress_report_may/ A few weeks passed but our students worked nonflexible and achieved a tremendous results already. Lets see what they have to say well-nigh this: Cyanpencil’s update Hi, I’m cyanpencil, and in those initial three weeks of the GSoC 2018 I took superintendency of the commands relative to graph drawing (all the commands starting with ag). Those commands were a bit troublemaking considering each of them required a variegated syntax / used variegated config variables, resulting in a ag? GSoC 2018 Selection Results http://radare.today/posts/gsoc_2018_selection/ Tue, 24 Apr 2018 02:45:16 +0200 http://radare.today/posts/gsoc_2018_selection/ We are happy to signify this year we wonted five students: two for radare2 itself, two for radeco and one for cutter. HMPerson1 Hi, I’m Michael Zhang, moreover known as HMPerson1. I’m a first-year student at Purdue University. I use radare2 regularly when playing CTFs to disassemble and unriddle binaries. Although radare is very powerful, there’s only so much that can be washed-up staring at dissassembly. Having wangle to source lawmaking would make wringer much easier. GSoC 2018 http://radare.today/posts/gsoc_2018/ Mon, 05 Mar 2018 02:45:16 +0200 http://radare.today/posts/gsoc_2018/ Hell yeah! We’re wonted in the Google Summer of Code, again! Hurry hurry, pick (or propose) a task, and spend the summer with us, improving radare2! Analysis, decompilation, GUI, portability, … you name it. During the previous years, students implemented superstitious features (analysis, structure support, windows-related improvements, …). What are you going to implement next? The applications are ending the 27th of March, so hurry up, we’re waiting for you ♥ Using r2 to analyse Minidumps http://radare.today/posts/minidump/ Mon, 02 Oct 2017 08:00:00 +0200 http://radare.today/posts/minidump/ The minidump format is used by Microsoft for storing user-mode memory dumps. It is an openly documented format that is moreover extensible, but it is scrutinizingly unchangingly analysed in WinDbg [1][2]. This vendible describes how to perform wringer of minidumps using radare2 mdmp module. Installation If you use radare2 from git as recommended nothing to do, you should once be worldly-wise to identify the fileformat as mdmp rather than any. GSoC 2nd stage and RSoC 1st stage report http://radare.today/posts/gsocrsoc_2017_2/ Mon, 14 Aug 2017 08:00:00 +0200 http://radare.today/posts/gsocrsoc_2017_2/ GSoC 2nd stage and RSoC 1st stage report Good morning ladies and gentlemen. As you probably know radare2 project was overly rented this summer by hosting Google Summer ofLawmakingand our own - Radare Summer of Code, 5 students in total. Woot, but now as summer comes to a close, we would like to report the progress from each of our students! Srimanta Barua (GDB server and client) Compared to the feature-implementing frenzy of the first phase, the second phase of GSoC involved increasingly bug-fixes and latter of old issues. r2pipe API http://radare.today/posts/r2api/ Mon, 17 Jul 2017 00:00:00 +0100 http://radare.today/posts/r2api/ r2pipe The r2pipe diamond comes from the fact that using native APIs is much increasingly ramified and slower rather than using raw writ strings and parsing the output. It encourages users to write pipe implementations which interact with the “quiet” mode of radare2 and use JSONs for easier deserialization. We have multiple implementations once present with a number of users opting to use exploratory languages such as Python and Ruby. RSOC 2017 http://radare.today/posts/rsoc-2017/ Wed, 21 Jun 2017 21:42:10 -0700 http://radare.today/posts/rsoc-2017/ Radare Summer ofLawmaking2017 - Selection Results This year, untied from our Google Summer ofLawmakingcampaign we decided to start our own wayfarers again. But unlike the previous year we asked our candidates to focus on the high-level part of radare project - radeco and rune. We’ve been working on a decompiler (radeco) for 3 years already, and hope that this year you’ll be worldly-wise to see the generated C pseudocode for the first time. GSoC 2017 selection results http://radare.today/posts/gsoc_2017_selection/ Mon, 15 May 2017 02:45:16 +0200 http://radare.today/posts/gsoc_2017_selection/ Google Summer ofLawmaking2017 Good morning ladies and gentlemen! We’re happy to present you our 3 students, who passed all the hurdles of GSoC’17 selection and successfully shown their passion for radare2 development. Two projects are related to debugging capabilities of radare2 - both local and remote, and the 3rd one will modernize the most wanted platform support - Windows. Here they are introducing themselves and their projects: Project files http://radare.today/posts/project-files/ Sun, 12 Mar 2017 17:30:00 +0100 http://radare.today/posts/project-files/ Project files Disclaimer: Projects files are highly subject to transpiration but here is the current state on March 14th 2017. The full-length is still under upper work in progress please see the section Future of Project Files and How to Help. Purposes The Project files are used to store information related to your radare2 session. The idea is to use this Project file to save your wringer for later work, share it with an regulars (colleagues, friend, RE articles…), and scripting. Radare2 and Capstone http://radare.today/posts/radare2-capstone/ Thu, 09 Mar 2017 18:30:00 +0100 http://radare.today/posts/radare2-capstone/ Radare2 and Capstone This blogpost is the response to an observable fact: People don’t know that Radare2 is using Capstone/Keystone/Unicorn. This is moreover a blogpost to write the numerous comparisons washed-up online to these two variegated components. Defining the tools Capstone is a multi-architecture disassembly framework Keystone is a multi-architecture assembler framework Unicorn Engine is a multi-architecture CPU emulator framework Radare2 is a reverse engineering framework, it includes, in wing to other functionality: multi-architecture disassembly, assembly, and CPU emulation. GSoC 2017 http://radare.today/posts/gsoc_2017/ Thu, 09 Mar 2017 02:45:16 +0200 http://radare.today/posts/gsoc_2017/ Good news everyone! Gather round, we’ve got incredible good news for everyone! We’re happy to signify that we’re (again) wonted for the Google Summer of Code! For this occasion, we wrote a fancy website with everyone you have to know to participate: mentors, ideas, contacts, protips, micro-tasks, … During the last years, students implemented interesting features, like structures support, a largest wringer engine, … we’re looking forward to see what you are going to implement next ;) R2-1.0 Finally released http://radare.today/posts/r2-1.0/ Sun, 06 Nov 2016 17:40:41 +0100 http://radare.today/posts/r2-1.0/ radare2 1.0 comes with 20122 new lines of new features, bug fixes and enhancements. Here some of the most important highlights: The project have finally reached 1.0. What does it mean? It ways that 10 years have passed and the ecosystem reverted unbearable since its inception that it requires a new rethink of the versioning numbers. Pushing a new release every 6 weeks, increasing 0.1. And subtracting +1.0 without every r2con. r2con http://radare.today/posts/r2con_2016/ Mon, 12 Sep 2016 12:30:00 +0100 http://radare.today/posts/r2con_2016/ During the last couple of days in Barcelona, at the aurea social, everyone was at the r2con, to gloat the 10th birthday of radare2! It was an wondrous 3-days event, which first day was defended to trainings, while the two others were all well-nigh interesting/fancy/weird talks! We did our very weightier to setup a video stream, but unfortunately, we didn’t managed to get something working. But, all the talks (except one) were recorded, and are now misogynist online! GSOC, The last commit 213c6f http://radare.today/posts/gsoc-the-last-commit-213c6f/ Thu, 25 Aug 2016 13:13:29 +0200 http://radare.today/posts/gsoc-the-last-commit-213c6f/ It has been so long since I posted, the reason is that I have been quite rented with my GSOC timeline. Yes, I know I said I will write blogs once every week, but I learned the nonflexible way how not to do such promises then ;). I guess it is time to summarize the whole 3 months work, but surpassing I start, I would like to state that all my contributions are in basically 2 repositories: radare2 and radare2-regression, you can find my contributions here and here for both repositories. GSoC WebUI overview http://radare.today/posts/gsoc-webui-overview/ Sat, 20 Aug 2016 17:40:41 +0100 http://radare.today/posts/gsoc-webui-overview/ by https://twitter.com/GautierGC April 22th, my GSoC proposal for the radare web UI [was accepted] https://summerofcode.withgoogle.com/organizations/4965722304282624/#5484657504157696. Until today, I’ve made the UI progressed. The purpose of this vendible isn’t to tropical this installment but to relate what I’ve washed-up and share my wits well-nigh this Google Summer of Code. I would like to make a short overview of what I’ve done, a big picture of what I improved during the last months. Emulating a simple bootloader http://radare.today/posts/emulating-simple-bootloader/ Tue, 16 Aug 2016 19:16:00 +0200 http://radare.today/posts/emulating-simple-bootloader/ Introduction Generally speaking, emulating a bootloader is simpler than it is for regular binaries, considering they lack external libraries and usually have uncontrived wangle to memory and hardware. In this case, the bootloader is a binary for x86 tracery which runs in 16-bits real mode using BIOS calls to perform its loading duties and textual input/output. The idea here is to emulate Cropta1 crackme using radare2 ESIL emulation, providing the needed BIOS via a trivial quick & dirty python implementation of just what it’s needed to run the crackme code. Disassembly functionnalities inside Web UI /m http://radare.today/posts/webui-m-disasm/ Thu, 11 Aug 2016 19:02:46 +0100 http://radare.today/posts/webui-m-disasm/ by GautierGC In this blog post, we will discover the functionnalities of the disasm panel from the material Web UI and how are they implemented. This take place in the Material Web UI in place of the current implementation. If you want to read increasingly details well-nigh the implementation and how it works, you can read this technical vendible on my blog. So, this new module well-nigh disassembly has the pursuit functionnalities: Retrieving configuration of a RemoteWardshipTool (Malware) with radare2 statically http://radare.today/posts/malware-static-analysis/ Thu, 11 Aug 2016 08:30:00 +0100 http://radare.today/posts/malware-static-analysis/ Introduction This vendible was written during BSidesLV, BlackHat and Defcon events. ** We highly recommend you to try to do the wringer by yourself surpassing looking at this article. Here is a fake one cfd26988d55294870f2676117cf1307ca4acdf8d ** A remote wardship tool (also known as a RAT) is a piece of software that allows a remote “operator” to tenancy a system as if he has physical wangle to that system. While desktop sharing and remote wardship have many legal uses, such software is usually associated with criminal or malicious activity. Crosscompile radare2 with dockcross http://radare.today/posts/dockcross/ Wed, 10 Aug 2016 00:30:07 +0100 http://radare.today/posts/dockcross/ So you want to cross-compile radare to some exotic architecture? Use this docker and you’ll save some headache: Here’s and example on how changes required for i.e ARMv5 (no nonflexible float) borrowed from mk/armel.mk: ARCH=arm CROSS_ROOT=/usr/bin CROSS_TRIPLET=${ARCH}-linux-gnueabi CC=${CROSS_ROOT}/${CROSS_TRIPLET}-gcc USERCC=${CROSS_ROOT}/${CROSS_TRIPLET}-gcc RANLIB=${CROSS_TRIPLET}-ranlib CC_AR=${CROSS_ROOT}/${CROSS_TRIPLET}-ar -r ${LIBAR} (...)Withoutdefining your new mk/arch.mk file it should be pretty straighforward to install the dockcross tool from one of its own containers: $ docker run thewtex/cross-compiler-linux-armv5 > ~/bin/dockcross $ chmod +x ~/bin/dockcross And then, compile normally from inside the container: 10 years old http://radare.today/posts/10-years-old/ Fri, 05 Aug 2016 00:30:07 +0100 http://radare.today/posts/10-years-old/ 10 years passed since the first release of radare, and 8 since radare2. It was pretty primitive at the time, and lot of things has happened since that. SPOILER: Radare2’s Congress Announcement The tool was mainly used and written by me (@pancake) from the very first days. I was missing many interesting features in the opensource reverse engineering so I decided to collect and integrate all the interesting things that could fit on top of an visionary IO layer, from disassemblers to debuggers or filesystems. RSoC 2016 progress http://radare.today/posts/rsoc-2016-progress/ Tue, 02 Aug 2016 13:00:10 +0200 http://radare.today/posts/rsoc-2016-progress/ This year we’re hosting our own Radare Summer of Code, again! This is why we have selected 4 students: Aneesh Dogra (FAT PE binaries) Alexandru Razvan Caciulescu (ROP generator) Rakholia Jenish (Kernel level interfaces) Pankaj Kataria (SROP and COOP generators) FAT PE binaries At first, Aneesh Dogra subtracting the support of FAT PE binaries: those PEs can contain multiple programs inside, like 16bit MZ stub, both native and MSIL/CIL(. How goes the Google Summer of Code? http://radare.today/posts/gsoc-midterm-2016/ Thu, 23 Jun 2016 21:00:10 +0200 http://radare.today/posts/gsoc-midterm-2016/ As you know this year we’re taking part in the Google Summer of Code, with 3 students on tomfool tasks: - completing radeco, our own decompiler, by sushant94 - improving variables and function arguments analysis, by anoddcoder - completing our web interface, by gauthiergc Lets see what our students were supposed to do, what they did, and what is now planned. Radeco The main task for GSoC’16 is to introduce type inference for radeco and produce pseudo C output. Radare2 Explorations: New typesetting released! http://radare.today/posts/radare2-explorations/ Fri, 10 Jun 2016 18:00:46 +0100 http://radare.today/posts/radare2-explorations/ by http://github.com/monosource Context One of the challenges that people must squatter when starting to learn radare is getting to know how to use it for their specific needs; without all, not everyone uses radare for exploitation or forensics. As mentioned before, radare is indeed documented. If the difficulty is not related to a lack of documentation, then where does it originate from? There’s no middle ground between experimenting with each writ in radare and replicating the writeups that people post online for often difficult challenges they solved. Improving wringer http://radare.today/posts/improving-analysis/ Mon, 09 May 2016 21:00:10 +0200 http://radare.today/posts/improving-analysis/ One of the main tasks of Radare2 is to statically analyse executables. This includes binary files disassembly, analysing functions setting calling conventions, wheels detecting arguments and type propagation. Autodetecting arguments and type propagation are part of my Google Summer ofLawmakingtask. New wringer round is widow for treatise detection. It is tracery self-sustaining and supposed to capture all arguments and variables then wheels rename them. This wringer round is built on top of ESIL. The BIG big endian patch http://radare.today/posts/big-big-endian/ Wed, 04 May 2016 16:04:13 +0200 http://radare.today/posts/big-big-endian/ This text comes from radare2’s doc/endian. And aims to explain the reason why radare2 codebase was handling endianness in a problematic way. damo22 cooked a huge patch addressing those issues and making the lawmaking endian-independent. This ways that at compile time the lawmaking doesn’t assumes any local specific endian. Endian issues As hackers, we need to be enlightened of endianness. Endianness can wilt a problem when you try to process buffers or streams of bytes and store intermediate values as integers with width larger than a single byte. Using RAsm http://radare.today/posts/rasm/ Tue, 26 Apr 2016 11:47:13 +0200 http://radare.today/posts/rasm/ RAsm Recently I have noticed that many people gets saturated by the value of stuff r2 can do and most users end up not learning anything. So that’s why I am going to start writing a series of blog posts showing one full-length at a time, making it as simple as possible. What’s rasm? The ‘r’ in r_asm stands for radare, and it’s one of the several libraries shipped with radare2. Radare 0.10.2 http://radare.today/posts/radare-0-10-2/ Mon, 11 Apr 2016 23:30:07 +0100 http://radare.today/posts/radare-0-10-2/ radare2 0.10.2 - Release Notes Codename: Panamake As usual, some numbers first: Contributors: 48 Commits: 480 Issues: 135 Grep stats: * Fixes: 269 * Add: 107 * Enhance: 7 * New: 7 * Esil: 18 * Anal: 36 * Leak: 15Freelancercommit counter: (sys/pie.sh) $ sys/pie.sh 0.10.1 | sort -un | tail -n 13 1 Adrien Garin 2 Adr1 3 Kitsu 4 Darredevil 5 Anders Kaare 6 Aneesh Dogra 7 Evan Shaw 8 Jeffrey Crowell 12 Maijin 16 Anton Kochkov 36 oddcoder 46 Álvaro Felipe Melchor 237 pancake Special thanks from pancake to: Ramoji2 http://radare.today/posts/ramoji2/ Fri, 01 Apr 2016 00:00:00 +0000 http://radare.today/posts/ramoji2/ The main mutter by new radare2 users is the learning lines considering of the complexity of the mnemonic commands. This is why we are releasing a new interface based on emoji! No need to know english, or turnout or plane understand what the hell the entropy is. Just squint at those cute pictures and build a story right in your terminal. We hope that such a mode could bring the joy of reverse engineering to everyone, including kids. Radare 0.10.1 http://radare.today/posts/radare-0-10-1/ Mon, 29 Feb 2016 23:30:07 +0100 http://radare.today/posts/radare-0-10-1/ radare2 0.10.1 - Release Notes Six weeks ago, when our unconfined leader pancake spoken “a release every 6 weeks”, everyone was a bit, well, surprised, but it seems that we did it. But first, some numbers: Codename: solid chair society Weeks: 6 Commits: ~280 Issues Fixed: 50 Contributors: 38 New contributors: 10 New easter-eggs: 1 This 0.10.1 release pushes other updates for: sdb acr radare2 radare2-bindings radare2-extrasMoreoverbinary builds for Windows and OSX are moreover available. Radare 0.10.0 http://radare.today/posts/radare-0-10-0/ Thu, 21 Jan 2016 23:30:07 +0100 http://radare.today/posts/radare-0-10-0/ On Monday 16th, we released a new version of radare2, the 0.10.0, codename NOLAN. Since you might be a but too lazy to read every single commit, we’re going to highlight some tomfool new features together! Numbers Thanks to increasingly than 100 contributors who issued increasingly than 2000 commits, here is what changed: $ git checkout 0.10.0 && git unequal 0.9.9 --shortstat 1095 files changed, 80695 insertions(+), 40792 deletions(-) We would like to thanks all contributors, expressly the newcomers, that made this release possible. Unpacking shikata-ga-nai by scripting radare2 http://radare.today/posts/unpacking-shikata-ga-nai-by-scripting-radare2/ Tue, 08 Dec 2015 01:00:00 +0200 http://radare.today/posts/unpacking-shikata-ga-nai-by-scripting-radare2/ During latest hacklu’s radare workshop, one part was defended to how to generically unpack shikata-ga-nai. This blogpost is a simple transposition of the slides into a blogpost. Disclaimer: scrutinizingly everything here is stolen based on ideas from NighterMan. First, was is Shitkata-ga-nai? It’s a polymorphic shellcode encoder implemented into metasploit: msf > info encoder/x86/shikata_ga_nai > out.txt Name: Polymorphic XOR Additive Feedback Encoder Module: encoder/x86/shikata_ga_nai Platform: All Arch: x86 Rank: Excellent Provided by: spoonm <spoonm@no$email.WringerBy Default http://radare.today/posts/analysis-by-default/ Wed, 25 Nov 2015 12:47:13 +0200 http://radare.today/posts/analysis-by-default/WringerBy Default Many people that starts using radare2 mutter well-nigh having a variegated workflow than other similar tools like IDA or Hopper. Probably the most worrying part for them is that it doesn’t run the wringer at startup. And this is the reason why I’m writing this blog post right now : to stave having to explain why, then and then :) To uncork with, r2 is a pretty wholesale tool. Hacklu 2015 http://radare.today/posts/hacklu-2015/ Tue, 27 Oct 2015 16:10:46 +0100 http://radare.today/posts/hacklu-2015/ Like last year, some radare2 developers and contributors went to the 11th edition of the hack.lu, in Luxembourg, to hold not one, but two 5 hours-long workshops! maijin did the first part, well-nigh what is radare2 and how to use it jvoisin did the second one, well-nigh how to write a nocd for a archetype game, and (based on the work of NighterMan, moreover well-nigh how to unpack shikata ga nai with ESIL. Update On Radeco http://radare.today/posts/update-on-radeco/ Sat, 26 Sep 2015 23:51:06 +0200 http://radare.today/posts/update-on-radeco/ This post is to outline the work completed during the Google Summer ofLawmaking2015 (GSoC) period and show you a glimpse of radeco and where we are heading with it. For those who are not aware, radeco is a decompiler framework that is ripened and maintained by the radare team. The unshortened framework is unshut source, flexible and reusable. The wiring of radeco is radeco-lib that implements the wringer and transformations that are needed for decompiler. Extracting Digital Signatures from Signed Malware with pf http://radare.today/posts/extracting-digital-signatures-from-signed-malware/ Thu, 03 Sep 2015 23:14:16 +0200 http://radare.today/posts/extracting-digital-signatures-from-signed-malware/ Introduction Lot of malware/PUP (Potential Unwanted Programs)/Adwares are now digitally signed. Those signatures can contain interesting properties that can be used as Indicators Of Compromise (IOC) by analysts or used to perform some large-scale wringer on a lot of samples. As an example, let’s use the recent signed dridex sample sample (5df62149bb91084eb677aecff7a8ca5fffeaaa23). On Windows the Portable Executable file format uses IMAGE_DIRECTORY_ENTRY_SECURITY to store the information which corresponds to the 5th IMAGE_DATA_DIRECTORY. chsh -s /usr/bin/r2 http://radare.today/posts/r2-as-a-unix-shell/ Wed, 26 Aug 2015 16:36:33 +0200 http://radare.today/posts/r2-as-a-unix-shell/ Radare2’s prompt is quite powerful and handy to use, but sometimes you need to interact with the filesystem or spawn system programs.. and spawning new shells or quitting r2 is not an option. For those cases, the simplest solution would be to just type ! and then type the shell writ you like. This prefix writ will just escape to the shell and run the text you type as in the system shell. The GSoC is Over! http://radare.today/posts/the-gsoc-is-over/ Tue, 25 Aug 2015 13:13:29 +0200 http://radare.today/posts/the-gsoc-is-over/ Good news everyone! Our first time participation in the Google Summer of Code, thanks to our previous and current wits of the hosting of the Radare Summer of Code, was a unconfined success. It wouldn’t have been possible without the help of the unconfined Solar Designer, who took us under Openwall’s project umbrella for the GSoC. We had two GSoC students successfully well-constructed tasks related to Radeco, our new, work in progress, decompiler. Interview of ret2libc http://radare.today/posts/interview-of-ret2libc/ Thu, 16 Jul 2015 11:53:57 +0200 http://radare.today/posts/interview-of-ret2libc/Scrutinizinglyone month since our last article, time flees. This vendible is an interview of a new contributor, that profoundly enhanced one of the most visually impressive full-length of radare2, the one that our propaganda department contributors loves to show at conferences! Who are you ? Hi, I’m ret2libc, I was an IDA fond and this is my 10th day that I don’t use IDA. Hi ret2libc Just joking, I still use IDA, but I’d really love to switch in the future, when r2 will be good enough. Update from the GSoC 2 http://radare.today/posts/update-from-the-gsoc-2/ Thu, 18 Jun 2015 14:55:42 +0200 http://radare.today/posts/update-from-the-gsoc-2/ As part of GSoC I (dkreuter) and sushant94 have been working the last three weeks on what should wilt the understructure for a decompiler integrated with the radare2 reversing framework. For now it’s a standalone program written in Rust that can read the radare2 lawmaking format ESIL. The rough process involves generating tenancy and data spritz graphs in SSA form for the input, applying simplifications on that, similar to compilers, and picking towardly constructs in a target language to represent the input. Update From the GSoC http://radare.today/posts/update-from-the-gsoc/ Mon, 15 Jun 2015 21:36:21 +0200 http://radare.today/posts/update-from-the-gsoc/ As you know, we have 2 students working on r2 for the Google Summer of Code! As we’re 3 weeks into the Summer, here’s what one of our student, sushant94 has to say well-nigh what he’s been working on! It’s been three weeks into GSoC and I’m having an wondrous time. I am working withal side dkreuter and been learning tons from him too! Here is the repository where you can track our progress and moreover requite us suggestions :) Radare 0.9.9 http://radare.today/posts/radare-0-9-9/ Sat, 06 Jun 2015 11:46:57 +0200 http://radare.today/posts/radare-0-9-9/ Today, we’re releasing a new version of radare2, the 0.9.9, codenameScrutinizinglyThere. Since you might be a bit too lazy to read every single commit, we’re going to highlight some tomfool new features! Numbers Thanks to increasingly than 50 contributors who issued something like 1700 commits, here is what changed: $ git checkout 0.9.9 && git unequal 0.9.8 --shortstat 839 files changed, 156490 insertions(+), 18885 deletions(-) {pancake} I would like to requite a special thanks to all the new contributors that made this release possible. Solving 'int3rupted' from defcon 2015 qualifier with r2 http://radare.today/posts/solving-int3rupted-from-defcon-2015-qualifier-with-r2/ Thu, 04 Jun 2015 21:43:59 +0200 http://radare.today/posts/solving-int3rupted-from-defcon-2015-qualifier-with-r2/ In previous blog posts we’ve shown how radare2 can be useful for exploiting “baby” level challenges. Let’s show how we can use it to find the bug and ultimately exploit a 5 point pwning rencontre from the DEFCON 2015 qualifiers! You can find the binary here if you want to play withal at home. To start with, in the challenge, we were just given a hostname and ip address, no binary was given! Defeating baby_rop with radare2 http://radare.today/posts/defeating-baby_rop-with-radare2/ Tue, 19 May 2015 23:55:59 +0200 http://radare.today/posts/defeating-baby_rop-with-radare2/ In order to content the people that wanted something less hand-holding than this writeup which they say is too detailed and this one not enough, we decided to write this blogpost: not too short, not too long, and well-nigh pwning! The binary was a rencontre (called baby_rop) from a small CTF that took place in France, tabbed the sthack. As always, if you don’t get a command, suspend ? to it to get documentation. Using radare2 to pwn things http://radare.today/posts/using-radare2/ Thu, 14 May 2015 23:45:49 +0200 http://radare.today/posts/using-radare2/ While increasingly and increasingly people are using radare2 during ctf, in the same time we’ve got increasingly and increasingly complains that there is not unbearable documentation well-nigh radare2. This article’s goal is to make a small cheat-sheet when it comes to pwn things with our minion piece of software.Alimonyin mind that: Every weft has a meaning (w stands for write, p stands for print, …) Every writ can be a succession of weft (pdf stands for p: print, d: disassemble, f: function Every writ is documented with ? GSoC qualifications http://radare.today/posts/gsoc/ Mon, 27 Apr 2015 22:45:16 +0200 http://radare.today/posts/gsoc/ Attention, people of the internet! Gather round, we’ve got incredible good news for everyone! We’re incredibly happy to signify the visa of two students for the Google Summer ofLawmaking2015: David Kreuter and Sushant Dinesh. Both students have once completed ramified tasks, just as a qualification: an ESIL implementation for the 8051 architecture, and an ESIL-to-REIL converter. We hope that they’ll protract nonflexible work at the same tempo and will make decompilation for radare2 much largest Hex-Rays’ decompiler. Rop'n'roll http://radare.today/posts/ropnroll/ Sat, 18 Apr 2015 15:00:00 +0200 http://radare.today/posts/ropnroll/ You may have once read this vendible 8 months ago, but since we reverted a lot the ROP-related syntax, we’re quite sure that you won’t mind reading an updated version As attackers are moving forwards, so does the defense. Since a couple of years, every decent operating system has non-executable stack, defeating the archetype ‘put your shellcode on the stack and execute it’ modus operanti. This is why attackers are now using (among other things) Return Oriented Programming, moreover known as ROP, to shirk this protection. We have been uninventive by Hex-Rays http://radare.today/posts/we-have-been-acquired-by-hex-rays/ Wed, 01 Apr 2015 13:19:38 +0200 http://radare.today/posts/we-have-been-acquired-by-hex-rays/ [edit] Of course, this vendible was an April fool. This will be the final post here (you can now follow us on this one instead), as radare has been uninventive by Hex-Rays, and the radare2 project will be soon ported to ida-python. This has several advantages : Maintaining such a big software in such an old language like C is tiresome, using a high-level one will indulge use to write increasingly features in less lines of code. [GR]SoC http://radare.today/posts/grsoc/ Wed, 11 Mar 2015 23:02:27 +0100 http://radare.today/posts/grsoc/ We’ve got two pieces of good news for you; the first one is that our RSoC is now live! The second is a bit surprising: we’ve got a GSoC slot! GSoC Thanks to solar designer who offered us to be part of the GSoC, under the umbrella of the Openwall project, we’ve got a slot for a single student to work on radare2 for a couple of months, while stuff payed $5,500! RSoC 2015 http://radare.today/posts/rsoc-2015/ Tue, 03 Mar 2015 17:18:58 +0100 http://radare.today/posts/rsoc-2015/ It seems that our rejection from the GSoC is rhadamanthine a tradition: withal with Mozilla, Tor, The Linux Foundation, and OWASP, we weren’t accepted. But fear not, like last year, we’re going to do our very own Radare Summer of Code: welcome to the RSoC’15! Last year was our first time. Some things went wrong, others went well; but at the end r2 gained both shiny features and happy new contributorsa and those are the only things that really matter. Google Summer ofLawmaking2015 http://radare.today/posts/google-summer-of-code-2015/ Fri, 20 Feb 2015 21:37:40 +0100 http://radare.today/posts/google-summer-of-code-2015/ We have unromantic to be a mentoring organization for this year’s Google Summer of Code. We recognize that GSoC is unchangingly a fierce competition, but we are, as ever, hopeful that we will join many other fine organizations in a unconfined summer of hacking. If you are a student interested in applying, please throne over to our ideas page and uncork thinking well-nigh what you might like to hack on. Furthermore, we have several low-hanging fruits if you want to play a bit with the codebase. Interactive ASCII graphs http://radare.today/posts/awesome-ascii-graphs/ Fri, 06 Feb 2015 22:30:43 +0100 http://radare.today/posts/awesome-ascii-graphs/ The graph full-length of IDA, ImmunityDBG or Hopper are unconfined to have a quick overview of what you’re dealing with. This is why we have graphs too in radare2, but since we’re terminal-lovers, ours are potation in ASCII!Withoutanalyzing a function with af or any other method, type VV to get: We’ve got undeniability graphs, which are way increasingly understandable than simply listing the XREF adresses. To see it, simply printing V when you’re in graph mode. What is planned for r2 in 2015? http://radare.today/posts/what-is-planned-for-r2-in-2015/ Tue, 27 Jan 2015 19:39:56 +0100 http://radare.today/posts/what-is-planned-for-r2-in-2015/ That’s an interesting question, isn’t it? Our last release was intended to be focused on bug-fixing, but we unwittingly widow tons of features, a new webui, enhaced debugger, lawmaking emulation and much more. This was supposed to land in the 0.9.9 version, which will be ready in February. Local variable detection has been uncommented and it’s now using SDB as storage and supports vital X86-32⁄64 and ARM constructions. Currently, you can do several low level wringer operations like manually define/resize/remove/merge/… functions (ask a? Parsing a fileformat with radare2 http://radare.today/posts/parsing-a-fileformat-with-radare2/ Sun, 11 Jan 2015 01:55:32 +0100 http://radare.today/posts/parsing-a-fileformat-with-radare2/ Thanks to Skia, one of our RSoC participants, radare2 is now worldly-wise to show structures, like headers, in a meaningful way. Usage Lets see an example together (or watch the video): $ r2 -nn /bin/true The -nn option tells radare2 to load predefined binary structures. [0x00000000]> pf. pf.elf_header [16]z[2]E[2]Exqqqxwwwwww ident (elf_type)type (elf_machine)machine version entry phoff shoff flags ehsize phentsize phnum shentsize shnum shstrndx pf.elf_phdr qqqqqqqq type offset vaddr paddr filesz memsz flags uncurl pf. The new web interface http://radare.today/posts/the-new-web-interface/ Wed, 03 Dec 2014 10:40:18 +0100 http://radare.today/posts/the-new-web-interface/ Thanks to pwntester, we’ve got a new web-interface for radare2! You can either get it by using the latest git, or try it on our cloud. Lets highlight the new features: Graphing The web-interface is now using viz.js to show interractive graphs, and the disassembly has now syntax highlighting, like the writ line interface. When we say Interractive, we midpoint that you can not only move the graph, but moreover modify, edit and enucleate it. Radare2 is documented http://radare.today/posts/radare2-is-documented/ Wed, 26 Nov 2014 00:29:31 +0100 http://radare.today/posts/radare2-is-documented/ Some miscreants are saying that radare2 is not documented, this is wrong. TheTypesettingThe “radare book” was released together with radare 1.0, several years ago, so some of the examples/features may not be uniform with radare2. You can read it online or download the PDF. Recently, our tester in chief, maijin, started a project to update the radare typesetting to create the radare2 book; finger self-ruling to contribute. The RSoC is over http://radare.today/posts/the-rsoc-is-over/ Mon, 17 Nov 2014 08:20:09 +0100 http://radare.today/posts/the-rsoc-is-over/ October is over and we elapsed a bit the end of the RSoC in order to get everything washed-up for the release, and it seems that little happened as planned: The RSoC telecast was a unconfined opportunity to get new developers interested in contributing to the project, some of them plane without joining the RSoC took some points that weren’t requested and delivered them! That’s pretty cool, considering our two selected students disapeared during the summer. Radare 0.9.8 http://radare.today/posts/radare-0-9-8/ Wed, 12 Nov 2014 17:26:07 +0100 http://radare.today/posts/radare-0-9-8/ Eight months ago, radare2 0.9.7 was released; today, we’re happy to signify radare 0.9.8! In details and numbers:Increasinglythan 2500 commitsIncreasinglythan 120 new users in #radare (+300%)Well-nigh60 contributors. 13 colorscheme themes. 8 months 1 unconfined leader One homepage A version nubmer: 0.9.8 A soundtrack! Thanks to neuroflip! Downloads: Sources Bindings Valabind SDB Git repository Since you surely can read the 2500 commits by yourself (or the detailed changelog), we’re just going to highlight some tomfool new features and improvements: Extending r2 with new plugins http://radare.today/posts/extending-r2-with-new-plugins/ Sun, 09 Nov 2014 12:00:00 +0100 http://radare.today/posts/extending-r2-with-new-plugins/ One of the key features overdue r2 is how hands it can be extended with new libraries or plugins. In this blopost, we’ll see the steps to add a new plugin in radare2. Let’s say we want to add a new plugin for r_asm considering we are working with binaries of an tracery not supported by r2. Of course, subtracting a new plugin for flipside lib would be mostly the same. We were at hack.lu 2014! http://radare.today/posts/we-were-at-hack-lu-2014/ Thu, 06 Nov 2014 14:55:11 +0100 http://radare.today/posts/we-were-at-hack-lu-2014/ Hack.lu was a really unconfined 4 day long institute in Luxembourg, organised by the CIRCL, where we (jvoisin, maijin and xvilka) did two 6h-long workshops well-nigh radare2 wit in front of a crowed room. In total increasingly than 60 people attended! At first, we didn’t expected much people and planned only one workshop. But we ended up refusing people and doing a second one the day after! Maijin did the first part, defended to reversing and unquestionably using radare2, jvosin the second one well-nigh exploitation, and xvilka did the last one; well-nigh reversing and analysing firmwares. Zignatures http://radare.today/posts/zignatures/ Wed, 05 Nov 2014 22:16:46 +0100 http://radare.today/posts/zignatures/ by http://twitter.com/j0sm1 In this blog post, we are going to show a simple example of the radare2 “zignatures” functionality. To manage “zignatures” in radare2, the only thing you have to do is type ‘z’ in the radare console. Here you can get increasingly info on this ‘z’ command: r2console> z? |Usage: z[abcp/*-] [arg]Zignatures | z show status of zignatures | z* exhibit all zignatures | z-prefix unload zignatures with respective prefix | z-* unload all zignatures | z/[ini] [end] search zignatures between these regions | za . Solving 'At gunpoint' from hack.lu 2014 with radare2 http://radare.today/posts/solving-at-gunpoint-from-hack-lu-2014-with-radare2/ Sat, 25 Oct 2014 15:23:58 +0200 http://radare.today/posts/solving-at-gunpoint-from-hack-lu-2014-with-radare2/ Many thanks to crowell for giving us the permission to publish his writeup on this blog.Fingermoreover self-ruling to take a squint at depierre’s one. “At Gunpoint” was a 200 point Reversing rencontre in Hack.lu ctf 2014. The unravelment is as follows You 're the sheriff of a small town, investigating news well-nigh a gangster squad passing by. Rumor has it they' re easy to outsmart, so you have just followed one to their encampment by the river. Shellshock r2 fix http://radare.today/posts/shellshock-r2-fix/ Tue, 30 Sep 2014 02:08:29 +0200 http://radare.today/posts/shellshock-r2-fix/ A lot have been discussed recently well-nigh this vulnerability in bash. The internet was totally shocked just like what happened with heartbleed. Several vulnerabilities have been discovered in bash, which caused the distros to release several updates on the same package and stuff a little upturned to know which was the correct patch to take. The vulnerability was not just well-expressed local users which have a little risk, but webservers running CGIs considering http parameters are passed as environment variables to the script which was executing the functions specified in there. Adventures with Radare2 #1: A Simple ShellcodeWringerhttp://radare.today/posts/adventures-with-radare2-1-a-simple-shellcode-analysis/ Fri, 26 Sep 2014 22:41:30 +0200 http://radare.today/posts/adventures-with-radare2-1-a-simple-shellcode-analysis/ Posted on July 17, 2011 by Edd, on canthack.org. Radare2 is an open-source reverse engineering toolkit, consisting of a disassembler, debugger and hex editor. In this vendible I will show you the nuts by reversing some shellcode I found on Project Shellcode. To put this into context let’s transiently discuss what we midpoint by the term “shellcode”, not to be tumbled with “shellscript”, which is something else entirely. “Shellcode” is a term colloquially used to refer to the payload of an exploit. Scripting r2 in Vala http://radare.today/posts/scripting-r2-in-vala/ Thu, 18 Sep 2014 14:17:12 +0200 http://radare.today/posts/scripting-r2-in-vala/ Under some situations you need to automatize or proffer the features of radare. There are so many scripting languages out there: python, ruby, perl, lua between others. All of them are supported by the radare package and you can use them from inside r2 using r_lang plugins and the ‘#!’ writ or externally with the r2-swig. The main issue on scripting languages is performance. The lawmaking is interpreted and all the api bindings are wrapped, so linked list accesses and function calls are highly penalized. Solving crackmes with LDPRELOAD http://radare.today/posts/solving-crackmes-with-ldpreload/ Tue, 16 Sep 2014 15:40:28 +0200 http://radare.today/posts/solving-crackmes-with-ldpreload/ This is a translation of this article. One of the most worldwide technics used in UNIX for analyzing and modifying a program consists in preloading a library to make the dynamic linker priorize the functions in there surpassing the ones coming from external libraries. In fact, in iOS, the whole MobileSubstrate thing and the Flex app are based on this concept to proffer and modify the functionalities of the applications in a very simple way. Trainings and Translations http://radare.today/posts/trainings-and-translations/ Fri, 05 Sep 2014 15:07:09 +0200 http://radare.today/posts/trainings-and-translations/ The summer is scrutinizingly over and everyone is when to the main loop. Some of us will be in Oct 21-24 at hack.lu giving a talk and a workshop. See http://radare.today/well-be-at-hack-lu-2014/ But pancake (aka Sergi Àlvarez), the tragedian and main freelancer to the project will be rented giving two trainings in spanish: Navajas Negras 2014 He’ll be there on October 2, 3, 4. Giving a self-ruling and libre 2h introductory workshop to r2 for reverse engineering. We'll be at hack.lu 2014 http://radare.today/posts/well-be-at-hack-lu-2014/ Sun, 31 Aug 2014 01:50:09 +0200 http://radare.today/posts/well-be-at-hack-lu-2014/ We are wonted at hack.lu, both for a talk and a workshop: three of our contributors (jvoisin, maijin and xvilka) will be in Luxembourg to spread to good word well-nigh radare2! Talk If you don’t know radare2 yet, make sure to shepherd the talk, since it will explain what it is, why a tool like this is needed, and some examples well-nigh what it’s possible to unzip with it: exploitation, firmwares, malwares analysis, … Visual mode http://radare.today/posts/visual-mode/ Thu, 28 Aug 2014 00:35:56 +0200 http://radare.today/posts/visual-mode/ One of the main mutter we get well-nigh radare2 is that it has no GUI. Maybe we’ll get one someday, but for now, if you don’t like the CLI, you can use the visual mode, by inward V. Like with very writ in r2, you can get help with the ?. Also, notice the fact that the CLI-command to get the same result it displayed on the top of your terminal. Binary diffing http://radare.today/posts/binary-diffing/ Thu, 21 Aug 2014 16:28:49 +0200 http://radare.today/posts/binary-diffing/ Yesterday, a new full-length was pushed to radare2: offset-based function diffing. We’d like to take this opportunity to write a bit well-nigh radare2’s diffing features surpassing showing the shiny new one. Let’s take a reprinting of a croaky crackme as an example, and the true and false binaries. Without parameter, radiff2 will by default show what bytes changed, and the respective offsets. $ radiff2 genuine croaky 0x000081e0 85c00f94c0 => 9090909090 0x000081e0 0x0007c805 85c00f84c0 => 9090909090 0x0007c805 $ rasm2 -d 85c00f94c0 test eax, eax sete al Notice how the two jumps are noped. Payloads in C http://radare.today/posts/payloads-in-c/ Sun, 17 Aug 2014 16:15:17 +0200 http://radare.today/posts/payloads-in-c/ Writing exploits requires to perform several steps to unzip the final purpose of the attack. find a vulerability reverse engineer the bug unzip lawmaking execution write the payload profit This post will focus on the later step: write the payload. The payload can spawn a shell, reuse a socket or do a connect back. But sometimes we will need a increasingly ramified payload that will need to unshut a file, transpiration some permissions, do some mmap, etc. How goes the RSoC by the way? http://radare.today/posts/how-goes-the-rsoc-by-the-way/ Mon, 28 Jul 2014 18:33:47 +0200 http://radare.today/posts/how-goes-the-rsoc-by-the-way/Untiedmoving a bit slowly, it’s going fine. Skia is working on extending ‘pf’ writ to modernize exhibit of nested structures, then will start to implement provisionary structures, to lay the foundations of 010-templates-like support. jfrankowski is improving the YARA support, and will likely profoundly enhance the zignature feature. fr33tux is working on sdb, but it seems that he has lost his internet connection. Things are moving slowly, but students seems to be interested by their tasks, and we’re doing the weightier to mentor them. Types http://radare.today/posts/types/ Wed, 02 Jul 2014 02:27:59 +0200 http://radare.today/posts/types/ One of the most wanted features for the RSoC was the support for 010-like templates. This is still planned, but there have been no recent movement on the topic. But some of the vital cparse support has been implemented and I think it’s time to get in touch with it in order to get ready for the integration with the rest of the wringer engine. Current cparse is worldly-wise to handle cpp and C syntax with support for enums, structs and nested structs. We were at PSES! http://radare.today/posts/we-were-at-pses/ Tue, 01 Jul 2014 18:06:58 +0200 http://radare.today/posts/we-were-at-pses/ One of our resident freelancer (jvoisin) was at PSES to do a talk in French, entitled Rétro-ingénierie avec radare2 - Parce que l’assembleur, c’est sympathique, aka Reversing with radare2 -Consideringassembly is sympathetic. If you’re interested in french terms (some of them are funny), you can watch the whole talk on youtube, and download the slides here Since the regulars was non-technical, the first part is a gentle introduction to reverse engineering, and the second one is well-balanced of two (messies) demos of radare2 in whoopee for a WAP54G pwnage, and moreover a quick and dirty one-liner for an old game. Carving bins http://radare.today/posts/carving-bins/ Fri, 20 Jun 2014 17:36:23 +0200 http://radare.today/posts/carving-bins/ Radare was initially ripened as a forensic tool. Nowadays most people use it for static lawmaking wringer or binary patching, but the framework and the tools still provide functionalities for analyzing disk partitions or filesystems.. In this post I’m going to explain how to use r2 to pericope some ELFs files from a raw memory dump or unknown format firmware image. This kind of search is tabbed ‘carving’ and there are once several tools that can do this automatically for free. The RSoC is starting! http://radare.today/posts/the-rsoc-is-starting/ Tue, 17 Jun 2014 12:00:00 +0200 http://radare.today/posts/the-rsoc-is-starting/ As announced, the Radare Summer ofLawmakingis starting today! If you’re an applicant, please alimony us up to stage well-nigh what you’re working on. If you’re a mentor, please help applicants you’re in tuition of. If you’re curious well-nigh what the RSoC is, please trammels this page. If you want to help, please finger self-ruling to crash into our irc chan If you want to have news well-nigh the RSoC, please add this blog to your RSS reader. Who uses r2 ? http://radare.today/posts/who-uses-r2/ Wed, 11 Jun 2014 12:59:21 +0200 http://radare.today/posts/who-uses-r2/ Everyone knows IDA and Ollydbg, but not everyone has 2700€ to spend on a software, nor wants to trust/use closed-source applications. But who uses radare2 as a replacement ?Tomfoolprojects Some reverse-engineering/security-oriented projects are using radare2, thanks to its user-friendly license (GPL/LGPL). some coreboot developers are using radare2, since it supports not only x86 but moreover 8051, H8, CR16, ARM, used as embedded controllers. Droid Developers / MILEDROPEDIA using radare2 for the reversing baseband DSP firmware/RTOS (TMS320C55x+ architecture, unsupported in IDA Pro). TechnicalWringerOf The GnuTLS Hello Vulnerability http://radare.today/posts/technical-analysis-of-the-gnutls-hello-vulnerability/ Sun, 01 Jun 2014 22:38:43 +0200 http://radare.today/posts/technical-analysis-of-the-gnutls-hello-vulnerability/ This past friday I checked out the gnutls repository and noticed a commit washed-up two weeks ago: 2014-05-23 19:50 Nikos Mavrogiannopoulos <nmav@gnutls.org> Prevent memory self-indulgence due to server hello parsing. The patch adds a second trammels to verify the purlieus of the session id size. - if (len < session_id_len) { + if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) { The memory self-indulgence keywords triggered my attention, and just 6 days later there’s flipside funny commit: We were at PHDays! http://radare.today/posts/we-were-at-phdays/ Sun, 25 May 2014 12:55:41 +0200 http://radare.today/posts/we-were-at-phdays/ One of our resident developers (xvilka) was at PHDays to do a talk (A fast-track one):Usingof Radare2 Illustrated by Shylock and Snakso.AWringerThe speaker will present his wits of applying Radare2 — an open-source reverse engineering tool, and illustrate it by the examples of the Windows trojan Shylock and 64-bit Linux malware Snakso.A. The techniques of wringer include both statistical disassembling of the lawmaking and its debugging with Radare2. Loading iOS binaries http://radare.today/posts/loading-ios-binaries/ Mon, 19 May 2014 02:02:01 +0200 http://radare.today/posts/loading-ios-binaries/ There are several posts explaining the process to decrypt an iOS app, this is not new, but no one explained the instruction to do it with r2. We have no aim in promoting piracy or cracking, but that’s the only way to unriddle applications from the AppleStore. Retrieving information First of all you need a jailbroken device, in Cydia add the cydia.radare.org repository, in order to get the latest radare2 package from there. Javascript in r2 http://radare.today/posts/javascript-in-r2/ Tue, 13 May 2014 00:56:19 +0200 http://radare.today/posts/javascript-in-r2/ One of the most prominent scripting languages right now is Javascript. Browsers rule the Internet and they all can execute lawmaking in this language, in addition, several other programming languages like C, C++, Go, Wisp, CoffeeScript, TypeScript, LUA, Python, Perl, Dart, Java, … can be transpiled into JS. For those reasons r2 implements several ways to run Javascript and interact with the cadre APIs and commands. Embedded WebServer (using AJAX from vendee side) Duktape RLang plugin (#! Mitigations detection http://radare.today/posts/mitigations-detection/ Sat, 10 May 2014 20:40:10 +0200 http://radare.today/posts/mitigations-detection/ Since the Smashing The Stack For Fun And Profit vendible from Aleph1, a lot has been washed-up on mitigation side: canaries, DEP/W^X, PIC (to indulge ASLR), RELRO, SafeSEH, …Consideringradare2 is moreover designed to be a present in the exploit writer arsenal, jvoisin implemented detection for some of those mitigations. GNU/Linux GCC’s canary implementation can be detected by the presence of the __stack_chk_fail function. It is used to terminate a function, in specimen of stack overflow. Getting the latest radare2 http://radare.today/posts/getting-the-latest-radare2/ Fri, 09 May 2014 23:31:43 +0200 http://radare.today/posts/getting-the-latest-radare2/ Since radare2’s developement is pretty quick, the recommended version is the current git, and not the stable one. At least if you want to play with it in a well-appointed way. You can unchangingly install it from your favorite packet manager if you are lazy: we are packaged in a lot of distributions. Simple way $ git clone https://github.com/radare/radare2.git $ cd radare2 $ ./sys/install.sh And that’s it, radare2 will be RSoC selections results http://radare.today/posts/rsoc-selections-results/ Fri, 09 May 2014 00:13:06 +0200 http://radare.today/posts/rsoc-selections-results/ We’re the 8th of May, and as planned, this is the day we signify the selected applicants/tasks. Money Thanks to the crowfunding, we managed to get a pearly value of money, less than we hoped, but it’s still nice. Euros: 1347 EUR Bitcoin: 0.45 BTC Dogecoins: 123935 XDG We didn’t managed to get corporate sponsors. Hopefully, since the project is gaining momentum, we’ll be worldly-wise to get some for next year! Countries http://radare.today/posts/countries/ Thu, 08 May 2014 10:33:18 +0200 http://radare.today/posts/countries/ A couple of weeks ago, we did some warlike telecast for the RSoC. Time to take a squint at the results. It seems that xvilka’s post on habrahabr attracted many peoples, then comes reddit and twitter. The lobbying on stackexchange is starting to pay. Most people are landing on the main page, and the second most viewed is the crowfunding one. Unsurprisingly, our main visitor wiring is from Russia and USA. Cleaning up http://radare.today/posts/cleaning-up/ Wed, 07 May 2014 00:36:29 +0200 http://radare.today/posts/cleaning-up/ By default sys/install.sh puts everything under /usr. Just to make things easier There are several reasons for this, but it may polute your system if you install multiple versions of r2 or use the one contained in the package system of your distro. If you want to remove previous installations of r2 from a specific directory type the pursuit commands: $ ./configure --prefix=/usr/local $ make purge The purge will remove all r2 files from current and previous installations (older versions of it) from the /usr/local directory. x86 Capstone tests http://radare.today/posts/testing-coverity/ Tue, 06 May 2014 15:14:16 +0200 http://radare.today/posts/testing-coverity/ As you may know, we are using the capstone as a disassembling engine for several architectures. We are plane planning to use it as main engine and to ditch udis86. Since the x86 is one of the most worldwide architecture, we want to be sure that the transition does’t unravel anything. This is why our resident test writer maijin did the pursuit things: He widow one thousand x86-related tests! Making Coverity happy http://radare.today/posts/making-coverity-happy/ Mon, 05 May 2014 20:06:37 +0200 http://radare.today/posts/making-coverity-happy/ We are currently using Coverity to spot bugs and issues. During the last week, jvoisin and xvilka went full berzerk and killed increasingly than a hundret of bugs, moreover helped by the usual contributors.Fingerfree to help us and enter our one-fix-a-day contest! Initial ascii-art graph layout http://radare.today/posts/initial-ascii-art-graph-layout/ Mon, 05 May 2014 04:15:37 +0200 http://radare.today/posts/initial-ascii-art-graph-layout/ Lately, a lot of whoosh has been going on with the new graph viewer implemented on top of RConsCanvas, which renders the vital blocks graph of a function using ascii art. Today we get an initial layout implemented by pancake which is just a PoC. It’s an initial work to implement the proper layouting algorithm to make the graph squint increasingly natural and readable by humans. Additionally the ? key in VV (visual graph) view now shows the help message explaining how to: End of RSoC participants using http://radare.today/posts/end-of-rsoc-participants-application/ Sun, 04 May 2014 16:54:26 +0200 http://radare.today/posts/end-of-rsoc-participants-application/ As announced, the applications are now closed. We currently have a little bit less than 25 applicants, this is incredible. They are all encouraged to join the #radare channel, and to submit (at least) one (non-trivial) patch to the radare2 codebase and one test specimen to radare2-regressions (any github issue, including sealed is ok for writing test) to indulge us to trammels that they know some lawmaking :) We can not sire to winnow everyone, and we repent for this: we should only be worldly-wise to pay two people. Jumping virtually in visual mode http://radare.today/posts/jumping-around-in-visual-mode/ Sun, 04 May 2014 01:33:41 +0200 http://radare.today/posts/jumping-around-in-visual-mode/ Yesterday, someone asked on IRC how to jump virtually in visual mode (V key to vivify it, and ? for help, as usual). This is a perfect pretext for flipside blogpost. To move in visual mode, you can use: g to seek to the begining of the file G to seek to the end of the file hjkl to move, à la vim. mK to set the mark K at the current offset 'K to seek to the previously set K mark. Playing with rasm2 http://radare.today/posts/playing-with-rasm2/ Fri, 02 May 2014 12:43:49 +0200 http://radare.today/posts/playing-with-rasm2/ Radare2’s assembler/disassembler is rasm2, and albeit stuff used internally, it is moreover a standalone binary that you can use. It can of undertow disassemble $ rasm2 -d 89d85d90 mov eax, ebx;pop ebp;nop but moreover hoke $ rasm2 'mov eax, ebx;pop ebp;nop' 89d85d90 Not only x86, but moreover mips $ rasm2 -a mips 'addiu a1, a2, 8' 0800c524 $ rasm2 -a mips -d 0800c524 addiu a1, a2, 8 and many more. Exploring the database http://radare.today/posts/exploring-the-database/ Thu, 01 May 2014 17:48:58 +0200 http://radare.today/posts/exploring-the-database/ We’re currently trying to integrate sdb into radare2. This will profoundly reduce lawmaking complexity, modernize portability, and unshut the way to collaborative reversing. What is sdb ? sdb is a simple string key/value database based on djb’s cdb disk storage and supports JSON and arrays introspection. There’s moreover the sdbtypes: a vala library that implements several data structures on top of an sdb or a memcache instance. It has: YARA support http://radare.today/posts/yara-support/ Wed, 30 Apr 2014 23:30:45 +0200 http://radare.today/posts/yara-support/ We now have (experimental) YARA support inside radare2. If you are towers from the latest git, you just have to install libyara, no need to recompile anything. [0x00000000]> yara Yara plugin | add [path] : add yara rules | well-spoken : well-spoken all rules | help : show this help | list : list all rules | scan : scan the current file [0x00000000]> Since you may not once have some rules, we bundled some defaults ones, for packers and crypto primitives. ASCII graphs! http://radare.today/posts/ascii-graphs/ Wed, 30 Apr 2014 12:47:13 +0200 http://radare.today/posts/ascii-graphs/ We may not have a GUI like IDA, but we still have some graphs. This is a small (200 lines of code) proof of concept, but there is increasingly to come colors utf-8 layouts resizing animations … You can try this new full-length with VV if you are using radare2 from git. And by the way, this is documented, and has some tests to stave regressions.Fingerfree to take a squint at the /libr/cons folder if you want to contribute. ?e Hello World http://radare.today/posts/e-hello-world/ Wed, 30 Apr 2014 01:12:50 +0200 http://radare.today/posts/e-hello-world/ Today we are announcing the official blog of the Radare project in order to explain new features and changes, share tips and tricks, tutorials and more. The polity of radare has grown a lot recently, and we need increasingly tools to provide users a source for updated information without having to read every commit or IRC log.