radare2/doc/fortunes.tips

83 lines
5.7 KiB
Plaintext
Raw Normal View History

Disassembly not pretty enough? Try changing the values with 'e asm.'
Have you setup your ~/.radare2rc today?
You can mark an offset in visual mode with the cursor and the ',' key. Later press '.' to go back
You can debug a program from the graph view ('ag') using standard radare2 commands
Use the '[' and ']' keys in visual mode to adjust the screen width
Choose your architecture by typing: 'e asm.arch=<arch>'
Move between your search hits in visual mode using the 'f' and 'F' keys
Save your projects with 'Ps <project-filename>' and restore then with 'Po <project-filename>'
Enable asm.trace to see the tracing information inside the disassembly
Change the registers of the child process in this way: 'dr eax=0x333'
Check your IO plugins with 'r2 -L'
Change the size of the file with the 'r' (resize) command
Calculate checksums for the current block with the commands starting with '#' (#md5, #crc32, #all, ..)
Use +,-,*,/ to change the size of the block
Change the block size with 'b <block-size>'. In visual mode you can also enter radare2 command pressing the ':' key (like vi does)
If you want to open the file in read-write mode, invoke r2 with '-w'
Print the contents of the current block with the 'p' command
Command layout is: <repeat><command><bytes>@<offset>. For example: 3x20@0x33 will show 3 hexdumps of 20 bytes at 0x33
Press 'c' in visual mode to toggle the cursor mode
Press 'C' in visual mode to toggle colors
You can 'copy/paste' bytes using the cursor in visual mode 'c' and using the 'y' and 'Y' keys
Move around the bytes with h,j,k,l! Arrow keys are neither portable nor efficient
Seek at relative offsets with 's +<offset>' or 's -<offset>'
Invert the block bytes using the 'I' key in visual mode
Switch between print modes using the 'p' and 'P' keys in visual mode
Add comments using the ';' key in visual mode or the 'C' command from the radare2 shell
Assemble opcodes with the 'a' and 'A' keys in visual mode, which are bindings to the 'wa' and 'wA' commands
Find expanded AES keys in memory with '/Ca'
Find wide-char strings with the '/w <string>' command
Enable ascii-art jump lines in disassembly by setting 'e asm.lines=true'. asm.linesout and asm.linestyle may interest you as well
Control the signal handlers of the child process with the 'dk' command
Get a free shell with 'ragg2 -i exec -x'
Interpret radare2 scripts with '. <path-to-script>'. Similar to the bash source alias command.
Most of commands accept '?' as a suffix. Use it to understand how they work :)
Find hexpairs with '/x a0 cc 33'
Step through your seek history with the commands 'u' (undo) and 'U' (redo)
Use hasher to calculate hashes of portion blocks of a file
Use zoom.byte=entropy and press 'z' in visual mode to zoom out to see the entropy of the whole file
Use 'zoom.byte=printable' in zoom mode ('z' in Visual mode) to find strings
Set color to your screen with 'e scr.color=true'
Trace register changes while debugging with 'e trace.cmtregs=true'
Move the comments to the right changing their margin with asm.cmtmargin
Execute a command on the visual prompt with cmd.vprompt
Reduce the delta where flag resolving by address is used with cfg.delta
Disable these messages with 'e cfg.fortunes = false' in your ~/.radare2rc
Change your fortune types with 'e cfg.fortunetype = fun,tips,nsfw' in your ~/.radare2rc
Show offsets in graphs with 'e graph.offset = true'
Follow a flag in disassembly view (avoids to disasemble out of the visibility of the flag) with asm.follow
Execute a command every time a breakpoint is hit with 'e cmd.bp = !my-program'
Disassemble in intel syntax with 'e asm.syntax = intel'.
Change the UID of the debugged process with child.uid (requires root)
Enable full backtrace with dbg.fullbt
Find cp850 strings with 'e cfg.encoding=cp850' and '/s'
Enhace your graphs by increasing the size of the block and graph.depth eval variable.
Control the height of the terminal on serial consoles with e scr.height
Emulate the base address of a file with e file.baddr.
Bindiff two files with '$ bdiff /bin/true /bin/false'
Execute commands on a temporary offset by appending '@ offset' to your command.
Temporally drop the verbosity prefixing the commands with ':'
Change the graph block definition with graph.callblocks, graph.jmpblocks, graph.flagblocks
Use the '<' and '>' keys in visual cursor mode (V->c) to folder selected bytes.
Use scr.accel to browse the file faster!
Use the 'pR' command to see the source line related to the current seek
Analyze socket connections with the socket plugin: 'radare2 socket://www.foo.com:80'. Use 'w' to send data
Setup dbg.fpregs to true to visualize the fpu registers in the debugger view.
To debug a program, you can call r2 with 'dbg://<path-to-program>' or '-d <path..>'
Use 'e' and 't' in Visual mode to edit configuration and track flags.
Use 'rabin2 -rios' to get the import/export/other symbols of any binary.
Remember to maintain your ~/.radare_history
Enable the PAGER with 'e scr.pager=less -R'
Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.
The '?' command can be used to evaluate math expressions. Like this: '? (0x34+22)*4'
Set 'e bin.dwarf=true' to load dwarf information at startup.
Rename a function using the 'afr <newname> @ <offset>' command.
You can redefine descriptive commands in the hud file and using the 'V_' command.
Pass '-j' to rabin2 to get the information of the binary in JSON format.
Use rarun2 to launch your programs with a predefined environment.
You are probably using an old version of r2, go checkout the git!
Run your own r2 scripts in awk using the r2awk program.
Use '-e bin.strings=false' to disable automatic string search when loading the binary.
The unix-like reverse engineering framework.
This code was intentionally left blank, try 'e asm.arch = ws'
For a full list of commands see `strings /dev/urandom`