radare2/doc/fortunes.tips

88 lines
6.0 KiB
Plaintext
Raw Normal View History

2017-09-29 12:17:18 +00:00
Tweak the disassembly output with `e asm.`
Add custom Have you setup your ~/.radare2rc today?
In visual mode press 'c' to toggle the cursor mode. Use tab to navigate
You can mark an offset in visual mode with the cursor and the ',' key. Later press '.' to go back
You can debug a program from the graph view ('ag') using standard radare2 commands
Use the '[' and ']' keys in visual mode to adjust the screen width
2017-09-29 12:17:18 +00:00
Select your architecture with: 'e asm.arch=<arch>' or r2 -a from the shell
Move between your search hits in visual mode using the 'n' and 'N' keys
Save your projects with 'Ps <project-filename>' and restore then with 'Po <project-filename>'
Enable asm.trace to see the tracing information inside the disassembly
Change the registers of the child process in this way: 'dr eax=0x333'
Check your IO plugins with 'r2 -L'
Change the size of the file with the 'r' (resize) command
Calculate current basic block checksum with the ph command (ph md5, ph crc32, ..)
Use +,-,*,/ to change the size of the block
Change the block size with 'b <block-size>'. In visual mode you can also enter radare2 command pressing the ':' key (like vi does)
If you want to open the file in read-write mode, invoke r2 with '-w'
Print the contents of the current block with the 'p' command
Command layout is: <repeat><command><bytes>@<offset>. For example: 3x20@0x33 will show 3 hexdumps of 20 bytes at 0x33
Press 'c' in visual mode to toggle the cursor mode
Press 'C' in visual mode to toggle colors
You can 'copy/paste' bytes using the cursor in visual mode 'c' and using the 'y' and 'Y' keys
Move around the bytes with h,j,k,l! Arrow keys are neither portable nor efficient
Seek at relative offsets with 's +<offset>' or 's -<offset>'
Invert the block bytes using the 'I' key in visual mode
Switch between print modes using the 'p' and 'P' keys in visual mode
2015-06-15 02:19:29 +00:00
Add comments using the ';' key in visual mode or the 'CC' command from the radare2 shell
Assemble opcodes with the 'a' and 'A' keys in visual mode, which are bindings to the 'wa' and 'wA' commands
Find expanded AES keys in memory with '/ca'
Find wide-char strings with the '/w <string>' command
Enable ascii-art jump lines in disassembly by setting 'e asm.lines=true'. asm.lines.out and asm.linestyle may interest you as well
Control the signal handlers of the child process with the 'dk' command
Get a free shell with 'ragg2 -i exec -x'
Interpret radare2 scripts with '. <path-to-script>'. Similar to the bash source alias command.
Most of commands accept '?' as a suffix. Use it to understand how they work :)
Find hexpairs with '/x a0 cc 33'
Step through your seek history with the commands 'u' (undo) and 'U' (redo)
Use hasher to calculate hashes of portion blocks of a file
Use zoom.byte=entropy and press 'z' in visual mode to zoom out to see the entropy of the whole file
Use 'zoom.byte=printable' in zoom mode ('z' in Visual mode) to find strings
Add colors to your screen with 'e scr.color=X' where 1 is 16 colors, 2 is 256 colors and 3 is 16M colors
2018-02-22 16:59:08 +00:00
Move the comments to the right changing their margin with asm.cmt.margin
Execute a command on the visual prompt with cmd.vprompt
Reduce the delta where flag resolving by address is used with cfg.delta
Disable these messages with 'e cfg.fortunes = false' in your ~/.radare2rc
Change your fortune types with 'e cfg.fortunes.type = fun,tips,nsfw' in your ~/.radare2rc
Show offsets in graphs with 'e graph.offset = true'
Execute a command every time a breakpoint is hit with 'e cmd.bp = !my-program'
Disassemble in intel syntax with 'e asm.syntax = intel'.
Change the UID of the debugged process with child.uid (requires root)
2016-11-17 12:50:37 +00:00
Enhance your graphs by increasing the size of the block and graph.depth eval variable.
Control the height of the terminal on serial consoles with e scr.height
Emulate the base address of a file with e file.baddr.
2016-04-15 13:44:47 +00:00
Bindiff two files with '$ radiff2 /bin/true /bin/false'
Execute commands on a temporary offset by appending '@ offset' to your command.
Temporally drop the verbosity prefixing the commands with ':'
Change the graph block definition with graph.callblocks, graph.jmpblocks, graph.flagblocks
2017-03-26 16:15:46 +00:00
Use the 'id' command to see the source line related to the current seek
Analyze socket connections with the socket plugin: 'radare2 socket://www.foo.com:80'. Use 'w' to send data
To debug a program, you can call r2 with 'dbg://<path-to-program>' or '-d <path..>'
Use 'e' and 't' in Visual mode to edit configuration and track flags.
Use 'rabin2 -ris' to get the import/export symbols of any binary.
Remember to maintain your ~/.radare_history
Enable the PAGER with 'e scr.pager=less -R'
Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.
The '?' command can be used to evaluate math expressions. Like this: '? (0x34+22)*4'
Set 'e bin.dbginfo=true' to load debug information at startup.
Rename a function using the 'afn <newname> @ <offset>' command.
You can redefine descriptive commands in the hud file and using the 'V_' command.
Pass '-j' to rabin2 to get the information of the binary in JSON format.
Use rarun2 to launch your programs with a predefined environment.
You are probably using an old version of r2, go checkout the git!
Run your own r2 scripts in awk using the r2awk program.
Use '-e bin.strings=false' to disable automatic string search when loading the binary.
The unix-like reverse engineering framework.
This code was intentionally left blank, try 'e asm.arch = ws'
Thanks for using radare2!
2015-08-31 04:55:01 +00:00
give | and > a try piping and redirection
2015-10-19 13:03:42 +00:00
Run .dmm* to load the flags of the symbols of all modules loaded in the debugger
Fix wording and whitespacing ##doc (#18065) * Fix wording, whitespacing and other minor stuff * cmd.c: ellaborated yy syntax, improved descriptions - replace "srcoff" with "origin" * cmd.c(cmd_autocomplete): - refactor help into function: render autocomplete types with generic help subsystem; - "Types" heading now follow the "Usage" style by not being prefixed by a pipe character; * cmd_anal.c: fix whitespaces & help text * cmd_info.c: fix help text capitalization. * cmd_print.c: - fix `pf` cmd help; - TODO: what pz? is doing here? * cons.c: - refactor & better document r_cons_cmd_help(); - fix whitespaces; * visual & panels modes: - as of commit 46187fe4e14dc465dc6ac03fcc56a362f0b8e335, '!' no longer launches the r2048 game. The game itself it broken anyway, even when running from the Help menu in panels mode; - transitioning from panels to visual is not 'entering' but actually swapping/replacing visual panels with just panels, thus... - reword 'enter into the' to 'swap into' or even just 'enter', e.g.: "enter into the visual panels mode" -> "enter visual panels mode". - remove the "(dwm style)" words from a fortune tip, because I have no idea what it is, and it does not appear to be a valid command in any of the r2 modes. - update global help text. * [WIP 2] Fix wording, whitespacing and other minor stuff * visual.c: - r_core_visual_append_help(): first steps merging with r_cons_cmd_help from cons.c; use consistent colors for headers. * [WIP 3] Fix wording, whitespacing and other minor stuff * panels.c(__update_help): - shorten code and titles; - add comment to clarify that it is not a copy-paste error; * [WIP 4] Fix wording, whitespacing and other minor stuff panels.c, visual.c: tweak help text; * [WIP 5] Fix wording, whitespacing and other minor stuff * cmd_help.c: update global help text about visual mode -- it was outdated and overloaded. * vmenus.c: - rename stuff, shuffle around static consts to reflect an actual ordering when viewing as a help text; - slightly improve help text rendering; - fix whitespaces; * [WIP 6] Fix wording, whitespacing and other minor stuff * lots of help text changed. still working on proper commit message.
2020-12-21 00:12:08 +00:00
Use V or v to enter visual or visual panels modes respectively
2016-12-21 00:26:03 +00:00
Toggle between disasm and graph with the space key
The more 'a' you add after 'aa' the more analysis steps are executed.
Review all the subcommands of aa to see better ways to analyze your targets.
Use /m to carve for known magic headers. speedup with search.
You can use registers in math expressions. For example: 'wx 1234 @ esp - 2'
2023-01-15 15:08:49 +00:00
For HTTP authentication 'e http.auth = 1', 'e http.authfile = <path>'
2022-06-20 07:08:47 +00:00
Tip: do 'r2pm -i r2premium; echo "e cfg.fortunes.type = nsfw" >> ~/.radare2rc' for a premium r2 experience