How-To: Radare2
Radare2 is one of the most powerful debuggers out there. It is a command-line tool with a rather unintuitive interface, but once you get used to it, it is very powerful. radare2
is a major step from gdb
because of the decompilation tools it offers.
radare2
is especially powerful on 64-bit binaries because it automatically resolves function signatures and strings. This makes it easy to understand the binary's underlying C code.
gdb
is far more straightforward, but the feature set of radare2 can make it worth your time. It's a fantastic tool for reverse engineering and binex if appropriately used.If you don't care to learn a new tool, spend the effort to become a master at gdb
.
Installation
Installation depends on the operating system you are running. The main two operating systems I expect are Kali and Ubuntu Linux. Here is how you install for each:
# Kali Linux sudo apt install radare2 # Ubuntu & Debian git clone https://github.com/radareorg/radare2 radare2/sys/install.sh
Usage
You can analyze and run the binary for debugging using the following command:
r2 -d -A <binary>
We use the -d
and -A
flags to speed our development process by preemptively analyzing the binary. You can open a binary without these flags (with radare2 <binary>
); however, you will need to run the analysis commands yourself.