Awesome

Awesome Radare2

<img src="r2.svg" align="right" width="100">

A curated list of awesome projects, articles and the other materials powered by Radare2.

What is Radare2?

Radare is a portable reversing framework that can...

• Disassemble (and assemble for) many different architectures
• Debug with local native and remote debuggers (gdb, rap, r2pipe, winedbg, windbg, ...)
• Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
• Perform forensics on filesystems and data carving
• Be scripted in Python, Javascript, Go and more
• Visualize data structures of several file types
• Patch programs to uncover new features or fix vulnerabilities
• Use powerful analysis capabilities to speed up reversing
• Aid in software exploitation

More info here.

Table of Contents

• Books
• Videos
  • Recordings
  • Asciinemas
  • Conferences
• Slides
• Tutorials and Blogs
• Tools
• Scripts
• Contributing

Awesome Radare2 Materials

Books

• R2 "Book"
• Radare2 Explorations
• Radare2 wiki
• Binary Analysis Course

Videos

Recordings

• r2pipe - connector to r2
• Solving a Self-modifying Crackme with r2pipe EMU vs DBG vs XOR
• Creating a keygen for FrogSek KGM#1 - by @binaryheadache
• Radare2 - An Introduction with a simple CrackMe - Part 1 - by @antojosep007
• Introduction To Reverse Engineering With Radare2
• Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
• Solving a Crackme with Cutter and Z3
• Handling self modifying code (SMC) with radare2
• Introduction to r2dec
• radare2 explained - write over
• radare2 explained - Text transformations
• Solving "Dialtone" from Google CTF 2019 Quals using Cutter

Asciinemas

• metasploit x86/shikata_ga_nai decoder using r2pipe and ESIL
• ESIL for Windows programm (IOLI-crackme 0x02)
• Filter for string's searching (urls, emails)
• Manual unpacking UPX on linux 64-bit
• radare2 classes recovery from rtti itanium
• example of finding ROP gadgets in dyld library cache

Conferences

• HITB2019AMS - Overcoming Fear: Reversing with radare2 - by @arnaugamez
• r2con 2019 - videos, r2con 2019 - materials
• r2con 2018
• r2con 2017
• LinuxDays 2017 - Disassembling with radare2
• SUE 2017 - Reverse Engineering Embedded ARM Devices
• radare demystified (33c3)
• r2con 2016
• Reversing with Radare2 - OverDrive Conference
• Radare2 & frida hack-a-ton 2015
• Radare from A to Z 2015
• Reverse engineering embedded software using Radare2 - Linux.conf.au 2015
• OggCamp - Shellcode - vext01
• radare2 In Conversation - Richard Seymour
• recon2017 - Bubble Struggle Call Graph Visualization with Radare2 - by mari0n

Slides and Workshops

• Radare2 cheat-sheet
• r2m2 - radare2 + miasm2 = ♥
• Radare2 Workshop 2015 (Defcon)
• Emulating Code In Radare2
• Radare from A to Z 2015
• Radare2 Workshop 2015 (Hack.lu)
• Radare2 & frida hack-a-ton 2015
• radare2: evolution
• radare2: from forensics to bindiffing
• ESIL, the Universal IL for radare2 (ZeroNights)
• Brief intro to RE using @radareorg

Tutorials and Blogs

• Configuring and running radare2 on mobile Android phones
• Arbitrary Code Guard vs. Kernel Code Injections
• Radare2 Practical Guide - by @koffiezuiper
• Radare2 Supporting a new architecture - by @koffiezuiper
• Reversing a Self-Modifying Binary with radare2 - by @megabeets_
• Linux Malware by @MalwareMustDie
• Radare2 - Using Emulation To Unpack Metasploit Encoders - by @xpn
• Reverse engineering a Gameboy ROM with radare2 - by @megabeets_
• radare2 as an alternative to gdb-peda
• How to find offsets for v0rtex (by Siguza)
• Debugging a Forking Server with r2
• Defeating IOLI with radare2 in 2017
• Using r2 to analyse Minidumps
• Android malware analysis with Radare: Dissecting the Triada Trojan
• Reversing EVM bytecode with radare2
• Radare2’s Visual Mode
• Crackme0x03 Dissected with Radare2
• Crackme0x02 Dissected with Radare2
• Crackme0x01 Dissected with Radare2
• Debugging Using Radare2… and Windows! - by @jacob16682
• Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1 - by @megabeets_
• Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2 - by @megabeets_
• A journey into Radare 2 – Part 2: Exploitation - by @megabeets_
• A journey into Radare 2 – Part 1: Simple crackme - by @megabeets_
• Reverse Engineering With Radare2 - by @insinuator
• radare2 redux: Single-Step Debug a 64-bit Executable and Shared Object
• Reversing and Exploiting Embedded Devices: The Software Stack (Part 1)
• Binary Bomb with Radare2 - by @binaryheadache
• crackserial_linux with radare2 - by @binaryheadache
• Examining malware with r2 - by @binaryheadache
• Breaking Cerber strings obfuscation with Python and radare2 - by @aaSSfxxx
• Radare2 of the Lost Magic Gadget - by @0xabe_io
• Radare 2 in 0x1E minutes - by @superkojiman
• Pwning With Radare2 - by @crowell
• How to radare2 a fake openssh exploit - by jvoisin
• Disassembling 6502 code with Radare – Part I - by @ricardoquesada
• Disassembling 6502 code with Radare – Part II - by @ricardoquesada
• Unpacking shikata-ga-nai by scripting radare2
• This repository contains a collection of documents, scripts and utilities that will allow you to use IDA and R2
• Raspberry PI hang instruction - by @pancake
• Reverse Engineering With Radare2, Part 1 - by @sam_symons
• Simple crackme with Radare2 - by @futex90
• Pwning With Radare2 - by @crowell
• Reversing the FBI malware's payload (shellcode) with radare2 - by @MalwareMustDie
• ROPping to Victory
• ROPping to Victory - Part 2, split
• Radare2 IO plugin tutorial
• Unpacking Executables - The ESP Trick
• Linux Malware Analysis — Why Homebrew Encryption is Bad
• Writing A Malware Config Parser Using Radare2 And Ruby
• Hackaday Superconference Badge Hacking
• OnePlus Device Root Exploit: Backdoor in EngineerMode App for Diagnostics Mode
• GSoC 2018 Final: Debugging and Emulation Support for Cutter
• GSoC 2018 Final: Console Interface Improvementes
• GSoC 2018 Radeco Pseudo C Code Generation
• GSoC'18 Final: Type inference
• Easy way for analyzing the GootKit banking malware with radare2 - by @D00RT
• Decrypting Mirai Configuration With Radare2 (Part 1)
• Decrypting Mirai Configuration With Radare2 (Part 2)
• Reversing Bushido IOT Botnet by ZullSec
• Emulating Decryption Function With Radare2
• Automating RE Using r2pipe
• Unstacking Strings with Cutter and Radare2
• English Report of "FHAPPI Campaign" : FreeHosting APT PowerSploit Poison Ivy
• Binary patching and intro to assembly with r2
• Ground Zero: Part 3-2 – Reverse Engineering – Patching Binaries with Radare2 – ARM64
• Intro to radare2 for malware analysi - by @asoni
• Intro to cutter for malware analysis - by @asoni
• Binary Analysis with Jupyter and Radare2
• Down the Rabbit Hole - Part II: Analyzing an EFI Application with Radare2 - by @ihavelotsofspac
• Down the Rabbit Hole - Part III: Patching the Whitelist - by @ihavelotsofspac
• Reversing C code in x64 systems with Radare2 part I
• Reversing x64 linux code with Radare2 part II
• Deobfuscating APT32 Flow Graphs with Cutter and Radare2
• Intro to Reversing iOS Swift Apps with radare2
• MMD-0064-2019 - Linux/AirDropBot
• Dynamic Instrumentation: Frida And r2frida For Noobs

CTF Writeups

• Reversing MalwareTech challenge with Radare2 and inline assembly
• Solving avatao's "R3v3rs3 4" - by @sghctoma
• Solving ‘heap’ from defcon 2014 qualifier with r2 - by @alvaro_fe
• Exploiting ezhp (pwn200) from PlaidCTF 2014 with radare2
• Write-ups from RHME3 pre-qualifications at RADARE2 conference
• Hackover CTF 2016 - tiny_backdoor writeup
• Baleful was a challenge relased in picoctf
• At Gunpoint Hacklu 2014 With Radare2 - by @crowell
• Solving game2 from the badge of Black Alps 2017 with radare2
• ROPEmporium: Pivot 64-bit CTF Walkthrough With Radare2
• ROPEmporium: Pivot 32-bit CTF Walkthrough With Radare2
• Gynvael - Mission 22 - Solution
• Xiomara CTF 2018 - Slammer
• mrmcd ctf 2017 - once_upon_a_time
• Pinky's Palace siege
• Introduction to Reverse Engineering with radare2 Cutter - Part I
• Introduction to Reverse Engineering with radare2 Cutter - Part II
• Introduction to Reverse Engineering with radare2 Cutter - Part III
• Android OWASP crackmes: Write-up UnCrackable Level 2

Tools

• Docker image encapsulates the reverse-engineering framework
• Malfunction - Malware Analysis Tool using Function Level Fuzzy Hashing
• rarop - graphical ROP chain builder using radare2 and r2pipe
• Radare2 and Frida better together
• r2frida wiki
• Android APK analyzer based on radare2
• Cutter - A Qt and C++ GUI for radare2
• Fuzzing tool (TFuzz): a fuzzing tool based on program transformation
• Radare2 VMI IO and debugger plugins
• Radare2 module for Yara
• predator - genetic Algorithm in C++ to evolve assembly opcodes to harm the linux system in order to identify red flags or vulnerabilities
• radare2 + miasm2
• Use angr inside the radare2 debugger. Create an angr state from the current debugger state.
• Bootloader research tools (very much a work in progress)
• ICSREF: ICS Reverse Engineering Framework
• Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database. Supporting radare2
• Deep ghidra decompiler integration for radare2

Scripts

• r2kit - a set of scripts for a radare-based malware code analysis workflow - by @cmatthewbrooks
• Malware analysis toolbox
• helper radare2 script to analyze UEFI firmware modules
• ThinkPwn Scanner - by @d_olex and @trufae
• radare2-lldb integration
• create a YARA signature for the bytes of the current function
• A radare2 Plugin to perform symbolic execution with a simple macro call (r2 + angr)
• Just a simple radare2 Jupyter kernel
• r2scapy - a radare2 plugin that decodes packets with Scapy
• A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
• radare2 plugin - converts asm to pseudo-C code (experimental)
• A python script using radare2 for decrypt and patch the strings of GootKit malware
• Collection of scripts for radare2 for MIPS arch
• Extract functions and opcodes with radare2 - by @andrewaeva
• r2-ropstats - a set of tools based on radare2 for analysis of ROP gadgets and payloads
• Patch kextd using radare2
• Python-r2pipe script that draws ascii and graphviz graphs of library dependencies
• Simple XOR DDOS strings deobfuscator - by @NighterMan
• Decode multiple shellcodes encoded with msfencode - by @NighterMan
• Baleful CTF task plugins
• Integration of pwntools and radare2
• r2scapy - a radare2 plugin that decodes packets with Scapy - by @guedou
• Deobfuscation of API calls in Bitpaymer (v2)
• Prints agx (cross reference graph) with 2 caller levels
• radare2 script to autoname functions by taking it from the assert calls
• r2 plugin to read/write memory using the checkm8 exploit

Contributing

Please refer the guidelines at contributing.md for details.