./devel/radare2, Reverse engineering framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.10.3nb2, Package name: radare2-0.10.3nb2, Maintainer: pkgsrc-users

radare2 is an advanced commandline hexadecimal editor
with a set of tools for working with binary files.

Most of tools that come with radare2 have been designed
for reverse engineering file formats, firmwares, programs,
libraries, etc.

Radare2 project started as a forensics tool, a scriptable
commandline hexadecimal editor able to open disk files,
but later support for analyzing binaries, disassembling
code, debugging programs, attaching to remote gdb servers..

Required to run:
[archivers/libzip] [devel/capstone]

Package options: debug

Master sites:

SHA1: c8e0ac38725e4ace2c594f2ff5208fd8ad3a85ee
RMD160: 047bb1d183c8c10498d0fc3b586f46334d583903
Filesize: 4838.289 KB

Version history: (Expand)

CVS history: (Expand)

   2017-09-03 00:02:25 by Thomas Klausner | Files touched by this commit (13)
Log message:
Bump libzip ABI depends and PKGREVISIONs of its users for bzip2 dependency.
   2017-02-23 08:44:10 by Thomas Klausner | Files touched by this commit (13)
Log message:
Recursive bump for libzip shlib major bump.
   2016-09-16 16:46:26 by Jonathan Perkin | Files touched by this commit (9)
Log message:
Add support for SunOS.
   2016-06-13 14:26:11 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update radare2 packages to 0.10.3/0.10.0.

Changes for 0.10.3 not found.


    Add r2 -d and -R shortcuts to simplify loading rarun2 profiles and using \ 
remote debugging plugins
    Support for cryptography (blowfish, rc2, rc4, aes, xor, ror, rol)
        rabin2 -E
        Adding wo*y commands using clipboard instead of [val]
    Better PE and ELF parsers
    New easter-egg!
    dyldcache extractor is working again
    Support for BOCHS
    Coredump support for iOS and OSX
    New fileformats, namely Python bytecode and Flash files
    Improved analysis and emulation thanks to ESIL on x86, ARM and MIPS
    New make menu to choose plugins to build
    Add ?E clippy echo and use it in ????
    xrefs and types are now properly saved/restored from projects


    Variables and flags can now be renamed in cursor mode asciinema
    Optimized GDB connectivity, now its 10x faster!
    print signed base 10 hexdumps with pxd[1,2,4]
    radiff2 -C to compare checksums
    Lot of work towards the mach-ification of the OSX/iOS debugger by alvarofe
    more polished cursor movements in Visual mode
    Better ARM and Thumb code analysis and emulation
    Added disassembler support for Microblaze architecture
    Updated unicorn plugin to be in sync with git
    Various enhancements in the Visual mode
    backward disassembly uses RAnal info for better offset computations
    asm.bbline uses RAnal info to have precise results
    fix bug in env.sh when using more than 9 arguments
    Mingw compilation improvements
    preliminary support of XNU debugging
    ESIL support for v810
    radare2 does now compile in appveyor: no more excuses for broken commits on \ 
    Lanai (the secret CPU used by Google) support
    a new shiny xtensa CPU analysis backend
    change local variables/arguments format names (ebp-0x10, ebp+0x13 becomes, \ 
respectively, local_10h and arg_13h) and now it works too when asm.ucase is set.
    add Vdn option to rename a flag/function/local variable/local argument used \ 
in the current instruction
    refactoring of RFlag + better names for functions when there are symbols
    ahi now supports IPv4 and syscall
    various optimizations and bugfixes
    opcodes descriptions for v810, propeller, riscv, tms320, lm32, i4004, i8080, \ 
java, Malbolge, SH-4, M68K, ARC and LH5801 (that you can access with ?d or e \ 
    axg to get a graph of the function xrefs to reach a specific point.

Lanai CPU

Radare 0.10.0


Since it took us a very long time to do this release, he had the
time to implement a second one, using Material design, which turns
out to be the default one for the Android and FirefoxOS applications.


We spent a lot of time fuzzing radare2, collecting binaries and writing tests to \ 
improve radare2’s reliability. We even harvested similar projects \ 
bugtracker to see how well radare2 would deal with binary that broke them. \ 
Currently, we have something like 2000 tests dedicated to commands, and most of \ 
disassemblers have a 100% coverage.

About the testsuite, you may notice that it’s much more quick to run it \ 
now. We managed, on travis-ci, to go from 1h30 for only gcc on linux, to 20 \ 
minutes for clang on OSX, and gcc+clang on linux. No more excuses for not \ 
running the testsuite before a commit.

You might also be happy to know that radare2 now successfully compiles on tcc, \ 
the tiny C compiler. This might be useful if you’re compiling radare2 on \ 
weird platforms. Please be sure to use tcc from git too :) Moreover, radare2 \ 
tries as hard as it can to run on \ 
your-super-weird-platform-that-no-ones-has-ever-head-off, we implemented the cp \ 
and mv commands, since you might not find those everywhere.

Thanks to revskills for spending time fuzzing and reporting several parts of r2.
Better support for iOS

Radare2 comes with some new features that will make iOS reverse engineers happy:

    asm.emu will tell you which objc_msgSend apis and syscalls are called
    Better emulation of Thumb, aarch64 and arm32
    Supports r2pipe in Swift, known to work on tvOS, watchOS, iPhone and OSX.
    Native OBJC parser implementation, no need to use class-dump tool anymore!
    Some enhancements in process memory dumping
    Supports tfp0 to read/write kernel memory if kernel is patched properly
    Exploit an iOS<=8 vulnerability to read
    Code Signing is now done properly, updated instructions.
    Add support for nativelly running on Apple Watch (without jailbreak).
    Some random debugger bug fixes, still not fully working on iOS
    List memory modules, not just memory maps
    Unaligned instructions are different than the invalid ones
    MACH0 Crypto information is now accessible via SDB

ElCapitan users will get a bit pissed of because they are no longer able to \ 
debug /bin/ls, because Apple’s SIP will block debugging binaries found in \ 
system directories. The solution for this is to copy them into your home :P \ 
Also, default installation path has changed from /usr to /usr/local.

This release was supposed to focus on the debugger, fixing many issues, and \ 
adding some new bugs features, like:

    Support for memory-access hardware breakpoints
    Much better Windows 32 and 64bit debugger support
    List opened handles and Windows using dd
    Rarun2 supports pipe execves in std file descriptors
    Remote debugging via IO plugins work a bit better now
    3 different backtrace algorithms, configurable at runtime

Memory usage

It seems that no one ever took care of radare2 memory consumption before, \ 
because it was still lower than its competitors/alternatives. But for this \ 
release, radare2 went on a diet : it now consumes 3 to 5 times less memory !
Pretty graphs

Our beloved ret2libc spent a lot of time rewriting graphs engine from scratch, \ 
with overlaps handling and better colours ! See how cool this is:

New architectures support

We know a lot of people are using radare2 because it supports a lot of \ 
funky/exotic/awful/funny/scary architectures.

Remember when we added support for the famous 6502 cpu in the last release? This \ 
time, we added analysis support and opcode description (with ?d), because not \ 
everyone is fluent in 6502 assembly code. And even more, since we know some of \ 
you just care about the meaning of the code and not the beauty of the assembly \ 
listing, we added pseudo-decompiler support. Yes, we have a pseudo-decompiler \ 
for 6502.

Did you know that we have a contributor named condret that really likes the \ 
pokemon game on gameboy? This is why he’s pushing ESIL, implemented a fancy \ 
gameboy disassembler, and for this latest release, he wrote a gameboy assembler! \ 
You can now craft your own shellcodes, or, if you’re crazy, games, for \ 
gameboy, with radare2.

We also improved AVR support, with analysis (radare2 analysis is generic, so \ 
it’s pretty easy to add its support for an architecture), an assembler, \ 
ESIL so you can emulate it easily, and description. This led two people (namely \ 
Alexander Bolshev and Boris Ryutin) to do worksops at ZeroNights, t2.fi and \ 
S4x16 conferences, about reversing and exploiting this architecture with \ 

Also, we added support for assembling ARM and ARM64, ADN decoding (yes. \ 
It’s the BCL plugin in r2pm. You don’t know about r2pm? Keep reading \ 
then.), demangling for Rust binaries, Wii/Gamecube binaries, disassemblers for \ 
LM32, MCS96, analysis and ESIL for PPC, V810 and RISC-V, …

And since we have at least one Windows user, we also added support for Windows \ 
minidump format, aka mdmp, and \ 
windows-on-raspberry2-fileformat-it’s-almost-a-PE because apparently, \ 
it’s a real thing.
Game Consoles

We have been also working in adding support for more game console ROMs:

    NES (nintendo-entertainment-system)
    SMD (sega megadrive)
    SMS (mastersystem/gamegear)
    DOL (wii/gamecube)
    GB (initial support for assembling instructions)

Other new binary formats are now supported too:

    CGC executables
    MBN/SBL Android trustboot images
    Support for RPI2 PE Windows executables
    Windows Minidump (mdmp) files


Remember the bindings, and how much languages we supported? Remember when you \ 
had to read radare2’s source code to write a simple one-liner, and ended \ 
parsing a call to system with radare2, pipe, sed, pipe, tr, pipe, awk, pipe, sed \ 
? Yeah, us too. This is why we ditched (don’t worr, they are still there, \ 
but deprecated) the bindings, and created r2pipe. Since you like so much calling \ 
radare2 in system, this is exactly what is does: popping radare2, and piping \ 
commands to it.

This brings several advantages:

We don’t have to mainwe only have to implement a few commands per languages \ 
You don’t have to read radare2’s source code if you don’t want \ 
to: if you know how to use radare2, you know how to use r2pipe! Append j to \ 
almost every command to get native JSON output! No needd now in JSON:\n%s\n' % \ 
r2.cmdj('pij 5'))
print('architecture: %s' % r2.cmdj('ij')['bin']['machine'])

All r2pipe APIs has been updated to work on Windows, Linux and OSX. In addition, \ 
the new native:// URI allows to use r2pipe api using the native C API iipes or \ 
sockets. This allows to reuse the same code but speeding up things a lot.

Radare2 had an implementation of 2048, a port-scanner, and even a secret \ 
ascii-penis, but now, it also has a package manager!

No, this is not overkill, stop complaining and keep on reading. Radare2 supports \ 
a lot of useless things. This is why we put non-code things into separate \ 
packages, that can be browsed/searched/installed/removed/updated with the new \ 
tool called r2pm.

$ r2pm
Usage: r2pm [cmd] [...]
 -i,info                 r2pm -i # pkgs info
 -i,install <pkgname>    r2pm -i baleful
 -u,uninstall <pkgname>  r2pm -u baleful
 -l,list                 list installed pkgs
 -t,test FX,XX,BR BID    check in travis regressions
 -s,search [<keyword>]   search in database
 -v,version              show version
 -h,help                 show this message
 -c,clean                clear source cache
SUDO=sudo                use this tool as sudo
R2PM_PREFIX=/usr         prefix for syspkgs
R2PM_PLUGDIR=~/.config/radare2/plugins   # default value, home-install for plugins
R2PM_PLUGDIR=/usr/lib/radare2/last/      # for system-wide plugin installs

Note that r2pm -s will show you every available package.

We managed to remove the last bits of GPL licensed code in radare2! We’re \ 
not a complete LGPL project (some modules installable with r2pm have a different \ 
licenses, please pay attention to that). This means that you can use radare2 \ 
into your proprietary product, while betraying without giving the source to your \ 
users, but if you modify radare2, you need to publish the modifications. It \ 
might be easier for you to try to upstream them by the way ;)

As usual, we’re going to pretend that every command has now a fancy colored \ 
help displhout.

You might remember hearing a loud noise a couple of months ago. This was when \ 
jvoisin was told that to have something like the follow-fork-mode in GDB, he had \ 
to find the syscall number for his architecture, break on this breakpoint with \ 
the dcs cour Intermediary Language, used for emulation, analysis, \ 
transformations, trolling, … This is why we added several new commands \ 
under ae (*A*nalyse with *E*sil), like aeip to set the ESIL eip to the current \ 
eip, ‘aef’ to emulate an entire function, aation
| +=     A+=B => B,A,+=
| +      A=A+B => B,A,+,A,=
| *=     A*=B => B,A,*=
| /=     A/=B => B,A,/=
| &=     and ax, bx => bx,ax,&=
| |      or r0, r1, r2 => r2,r1,|,r0,=
| ^=     xor ax, bx => bx,ax,^=
| >>=    shr ax, bx => bx,ax,>>=  # shift rightwice, compare and \ 
update esil flags
| <      compare for smaller
| <=     compare for smaller or equal
| >      compare for bigger
| >=     compare bigger for or equal
| ?{     if popped value != 0 run the block until }
| POP    drops last element in thethe new asm.emuwrite, asm.emustr, and asm.emu \ 
options! If you set them to true, radare2 will do its very best to improves the \ 
analysis with ESIL, but be careful, setting those variables may give you an \ 
über-verbose output.

The radare2-extras repog additions are:

A lot of people are talking about unicorn, a CPU emulator. While we think that \ 
ESIL is way better for everything and that you totally should use it and \ 
contribute to radare2, we added support for it in radare2, it’s as simple \ 
aLinux kernel packet filtering is done by a custom virtual machine that emulates \ 
code. r2 is now able to assemble, disassemble, analyze, emulate this new \ 
architecture. Thanks mrmacete!
New bots

There are now new NodeJS bots for IRC and Telegram, ready to use in the \ 

    r2tgirc : telegram-to-irc bot that communicates the #radare freenode channel \ 
with the Telegram’s radare one.

    r2tg-bot : Radare2 bot for Telegram and connected to the cloud.

    r2irc-bot : IRC bot of r2 to use any binary in your system from the chat.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-16 02:36:06 by Pierre Pronchery | Files touched by this commit (1)
Log message:
Also mention devel/py-radare2
   2015-11-03 04:29:40 by Alistair G. Crooks | Files touched by this commit (1995)
Log message:
Add SHA512 digests for distfiles for devel category

Issues found with existing distfiles:
No changes made to these distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-08-30 10:27:37 by David A. Holland | Files touched by this commit (2)
Log message:
Add config entries for dragonfly and bitrig.