.Dd Sep 30, 2014 .Dt RAGG2 1 .Sh NAME .Nm ragg2 .Nd radare2 frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm. .Sh SYNOPSIS .Nm ragg2 .Op Fl a Ar arch .Op Fl b Ar bits .Op Fl k Ar kernel .Op Fl f Ar format .Op Fl o Ar file .Op Fl i Ar shellcode .Op Fl I Ar path .Op Fl e Ar encoder .Op Fl B Ar hexpairs .Op Fl c Ar k=v .Op Fl C Ar file .Op Fl n Ar num32 .Op Fl N Ar num64 .Op Fl d Ar off:dword .Op Fl D Ar off:qword .Op Fl w Ar off:hexpair .Op Fl p Ar padding .Op Fl P Ar pattern .Op Fl q Ar fragment .Op Fl FOLsrxvhz .Sh DESCRIPTION ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm. .Pp This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and integrated with r_asm and r_bin. .Pp Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file. .Pp ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process. .Pp ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported. .Sh DIRECTIVES .Pp The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'. .Bl -tag -width Fl .It Fl a Ar arch set architecture x86, arm .It Fl b Ar bits 32 or 64 .It Fl k Ar kernel windows, linux or osx .It Fl f Ar format select binary format (pe, elf, mach0) .It Fl o Ar file output file to write result of compilation .It Fl i Ar shellcode specify shellcode name to be used (see \-L) .It Fl e Ar encoder specify encoder name to be used (see \-L) .It Fl B Ar hexpair specify shellcode as hexpairs .It Fl c Ar k=v set configure option for the shellcode encoder. The argument must be key=value. .It Fl C Ar file include contents of file .It Fl d Ar off:dword Patch final buffer with given dword at specified offset .It Fl D Ar off:qword Patch final buffer with given qword at specified offset .It Fl w Ar off:hexpairs Patch final buffer with given hexpairs at specified offset .It Fl n Ar num32 Append a 32bit number in little endian .It Fl N Ar num64 Append a 64bit number in little endian .It Fl p Ar padding Specify generic paddings with a format string. .It Fl P Ar size Prepend debruijn sequence of given length. .It Fl q Ar fragment Output offset of debruijn sequence fragment. .It Fl F autodetect native file format (osx=mach0, linux=elf, ..) .It Fl O use default output file (filename without extension or a.out) .It Fl I Ar path add include path .It Fl s show assembler code .It Fl r show raw bytes instead of hexpairs .It Fl x execute (just-in-time) .It Fl z output in C string syntax .El .Sh EXAMPLE .Pp $ cat hi.r /* hello world in r_egg */ write@syscall(4); //x64 write@syscall(1); exit@syscall(1); //x64 exit@syscall(60); .Pp main@global(128) { .var0 = "hi!\\n"; write(1,.var0, 4); exit(0); } $ ragg2 \-O \-F hi.r $ ./hi hi! .Pp .Pp $ cat hi.c main() { write(1, "Hello\n", 6); exit(0); } $ ragg2 hi.c $ ./hi.c.bin Hello .Sh SEE ALSO .Pp .Xr radare2(1) , .Xr rahash2(1) , .Xr rafind2(1) , .Xr rabin2(1) , .Xr rafind2(1) , .Xr radiff2(1) , .Xr rasm2(1) , .Sh AUTHORS .Pp Written by pancake .