2017-09-29 20:17:18 +08:00
|
|
|
Tweak the disassembly output with `e asm.`
|
|
|
|
Add custom Have you setup your ~/.radare2rc today?
|
|
|
|
In visual mode press 'c' to toggle the cursor mode. Use tab to navigate
|
2015-01-15 10:12:45 +08:00
|
|
|
You can mark an offset in visual mode with the cursor and the ',' key. Later press '.' to go back
|
|
|
|
You can debug a program from the graph view ('ag') using standard radare2 commands
|
|
|
|
Use the '[' and ']' keys in visual mode to adjust the screen width
|
2017-09-29 20:17:18 +08:00
|
|
|
Select your architecture with: 'e asm.arch=<arch>' or r2 -a from the shell
|
2015-01-15 10:12:45 +08:00
|
|
|
Move between your search hits in visual mode using the 'f' and 'F' keys
|
|
|
|
Save your projects with 'Ps <project-filename>' and restore then with 'Po <project-filename>'
|
|
|
|
Enable asm.trace to see the tracing information inside the disassembly
|
|
|
|
Change the registers of the child process in this way: 'dr eax=0x333'
|
|
|
|
Check your IO plugins with 'r2 -L'
|
|
|
|
Change the size of the file with the 'r' (resize) command
|
|
|
|
Calculate checksums for the current block with the commands starting with '#' (#md5, #crc32, #all, ..)
|
|
|
|
Use +,-,*,/ to change the size of the block
|
|
|
|
Change the block size with 'b <block-size>'. In visual mode you can also enter radare2 command pressing the ':' key (like vi does)
|
|
|
|
If you want to open the file in read-write mode, invoke r2 with '-w'
|
|
|
|
Print the contents of the current block with the 'p' command
|
|
|
|
Command layout is: <repeat><command><bytes>@<offset>. For example: 3x20@0x33 will show 3 hexdumps of 20 bytes at 0x33
|
|
|
|
Press 'c' in visual mode to toggle the cursor mode
|
|
|
|
Press 'C' in visual mode to toggle colors
|
|
|
|
You can 'copy/paste' bytes using the cursor in visual mode 'c' and using the 'y' and 'Y' keys
|
|
|
|
Move around the bytes with h,j,k,l! Arrow keys are neither portable nor efficient
|
|
|
|
Seek at relative offsets with 's +<offset>' or 's -<offset>'
|
|
|
|
Invert the block bytes using the 'I' key in visual mode
|
|
|
|
Switch between print modes using the 'p' and 'P' keys in visual mode
|
2015-06-15 10:19:29 +08:00
|
|
|
Add comments using the ';' key in visual mode or the 'CC' command from the radare2 shell
|
2015-01-15 10:12:45 +08:00
|
|
|
Assemble opcodes with the 'a' and 'A' keys in visual mode, which are bindings to the 'wa' and 'wA' commands
|
|
|
|
Find expanded AES keys in memory with '/Ca'
|
|
|
|
Find wide-char strings with the '/w <string>' command
|
2018-05-18 16:29:00 +08:00
|
|
|
Enable ascii-art jump lines in disassembly by setting 'e asm.lines=true'. asm.lines.out and asm.linestyle may interest you as well
|
2015-01-15 10:12:45 +08:00
|
|
|
Control the signal handlers of the child process with the 'dk' command
|
|
|
|
Get a free shell with 'ragg2 -i exec -x'
|
|
|
|
Interpret radare2 scripts with '. <path-to-script>'. Similar to the bash source alias command.
|
|
|
|
Most of commands accept '?' as a suffix. Use it to understand how they work :)
|
|
|
|
Find hexpairs with '/x a0 cc 33'
|
|
|
|
Step through your seek history with the commands 'u' (undo) and 'U' (redo)
|
|
|
|
Use hasher to calculate hashes of portion blocks of a file
|
|
|
|
Use zoom.byte=entropy and press 'z' in visual mode to zoom out to see the entropy of the whole file
|
|
|
|
Use 'zoom.byte=printable' in zoom mode ('z' in Visual mode) to find strings
|
2018-02-24 18:47:38 +08:00
|
|
|
Add colors to your screen with 'e scr.color=X' where 1 is 16 colors, 2 is 256 colors and 3 is 16M colors
|
2015-01-15 10:12:45 +08:00
|
|
|
Trace register changes while debugging with 'e trace.cmtregs=true'
|
2018-02-23 00:59:08 +08:00
|
|
|
Move the comments to the right changing their margin with asm.cmt.margin
|
2015-01-15 10:12:45 +08:00
|
|
|
Execute a command on the visual prompt with cmd.vprompt
|
|
|
|
Reduce the delta where flag resolving by address is used with cfg.delta
|
|
|
|
Disable these messages with 'e cfg.fortunes = false' in your ~/.radare2rc
|
2016-12-21 08:46:19 +08:00
|
|
|
Change your fortune types with 'e cfg.fortunes.type = fun,tips,nsfw' in your ~/.radare2rc
|
2015-01-15 10:12:45 +08:00
|
|
|
Show offsets in graphs with 'e graph.offset = true'
|
|
|
|
Execute a command every time a breakpoint is hit with 'e cmd.bp = !my-program'
|
|
|
|
Disassemble in intel syntax with 'e asm.syntax = intel'.
|
|
|
|
Change the UID of the debugged process with child.uid (requires root)
|
2016-11-17 20:50:37 +08:00
|
|
|
Enhance your graphs by increasing the size of the block and graph.depth eval variable.
|
2015-01-15 10:12:45 +08:00
|
|
|
Control the height of the terminal on serial consoles with e scr.height
|
|
|
|
Emulate the base address of a file with e file.baddr.
|
2016-04-15 21:44:47 +08:00
|
|
|
Bindiff two files with '$ radiff2 /bin/true /bin/false'
|
2015-01-15 10:12:45 +08:00
|
|
|
Execute commands on a temporary offset by appending '@ offset' to your command.
|
|
|
|
Temporally drop the verbosity prefixing the commands with ':'
|
|
|
|
Change the graph block definition with graph.callblocks, graph.jmpblocks, graph.flagblocks
|
|
|
|
Use scr.accel to browse the file faster!
|
2017-03-27 00:15:46 +08:00
|
|
|
Use the 'id' command to see the source line related to the current seek
|
2015-01-15 10:12:45 +08:00
|
|
|
Analyze socket connections with the socket plugin: 'radare2 socket://www.foo.com:80'. Use 'w' to send data
|
|
|
|
Setup dbg.fpregs to true to visualize the fpu registers in the debugger view.
|
|
|
|
To debug a program, you can call r2 with 'dbg://<path-to-program>' or '-d <path..>'
|
|
|
|
Use 'e' and 't' in Visual mode to edit configuration and track flags.
|
2015-09-22 21:25:56 +08:00
|
|
|
Use 'rabin2 -ris' to get the import/export symbols of any binary.
|
2015-01-15 10:12:45 +08:00
|
|
|
Remember to maintain your ~/.radare_history
|
|
|
|
Enable the PAGER with 'e scr.pager=less -R'
|
|
|
|
Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.
|
|
|
|
The '?' command can be used to evaluate math expressions. Like this: '? (0x34+22)*4'
|
2016-04-25 21:07:18 +08:00
|
|
|
Set 'e bin.dbginfo=true' to load debug information at startup.
|
2015-01-15 10:12:45 +08:00
|
|
|
Rename a function using the 'afr <newname> @ <offset>' command.
|
|
|
|
You can redefine descriptive commands in the hud file and using the 'V_' command.
|
|
|
|
Pass '-j' to rabin2 to get the information of the binary in JSON format.
|
|
|
|
Use rarun2 to launch your programs with a predefined environment.
|
|
|
|
You are probably using an old version of r2, go checkout the git!
|
|
|
|
Run your own r2 scripts in awk using the r2awk program.
|
|
|
|
Use '-e bin.strings=false' to disable automatic string search when loading the binary.
|
|
|
|
The unix-like reverse engineering framework.
|
|
|
|
This code was intentionally left blank, try 'e asm.arch = ws'
|
2015-04-23 06:46:42 +08:00
|
|
|
For a full list of commands see `strings /dev/urandom`
|
2015-05-28 06:59:37 +08:00
|
|
|
Thanks for using radare2!
|
2015-08-31 12:55:01 +08:00
|
|
|
give | and > a try piping and redirection
|
2015-10-19 21:03:42 +08:00
|
|
|
Run .dmm* to load the flags of the symbols of all modules loaded in the debugger
|
2016-12-21 08:26:03 +08:00
|
|
|
Use V! to enter into the visual panels mode (dwm style)
|
|
|
|
Toggle between disasm and graph with the space key
|
|
|
|
The more 'a' you add after 'aa' the more analysis steps are executed.
|
|
|
|
Review all the subcommands of aa to see better ways to analyze your targets.
|
|
|
|
Use /m to carve for known magic headers. speedup with search.
|
2018-02-04 16:43:25 +08:00
|
|
|
You can use registers in math expressions. For example: 'wx 1234 @ esp - 2'
|