mirror of
https://github.com/radareorg/radare2.git
synced 2024-12-15 01:10:01 +00:00
232 lines
11 KiB
Plaintext
232 lines
11 KiB
Plaintext
Disassembly not pretty enough? Try changing the values with 'e asm.'
|
|
Have you setup your ~/.radare2rc today?
|
|
You can mark an offset in visual mode with the cursor and the ',' key. Later press '.' to go back
|
|
You can debug a program from the graph view ('ag') using standard radare2 commands
|
|
Use the '[' and ']' keys in visual mode to adjust the screen width
|
|
Choose your architecture by typing: 'e asm.arch=<arch>'
|
|
Move between your search hits in visual mode using the 'f' and 'F' keys
|
|
Save your projects with 'Ps <project-filename>' and restore then with 'Po <project-filename>'
|
|
Everytime you run radare2, a random file is removed :)
|
|
RADARE CUMS WITH ABSOLUTELY NO WARRANTY
|
|
Enable asm.trace to see the tracing information inside the disassembly
|
|
Change the registers of the child process in this way: 'dr eax=0x333'
|
|
Deltify your life with radare2
|
|
Check your IO plugins with 'r2 -L'
|
|
Change the size of the file with the 'r' (resize) command
|
|
Calculate checksums for the current block with the commands starting with '#' (#md5, #crc32, #all, ..)
|
|
Use +,-,*,/ to change the size of the block
|
|
Change the block size with 'b <block-size>'. In visual mode you can also enter radare2 command pressing the ':' key (like vi does)
|
|
If you want to open the file in read-write mode, invoke r2 with '-w'
|
|
Print the contents of the current block with the 'p' command
|
|
Command layout is: <repeat><command><bytes>@<offset>. For example: 3x20@0x33 will show 3 hexdumps of 20 bytes at 0x33
|
|
Press 'c' in visual mode to toggle the cursor mode
|
|
Press 'C' in visual mode to toggle colors
|
|
You can 'copy/paste' bytes using the cursor in visual mode 'c' and using the 'y' and 'Y' keys
|
|
Move around the bytes with h,j,k,l! Arrow keys are neither portable nor efficient
|
|
Seek at relative offsets with 's +<offset>' or 's -<offset>'
|
|
Invert the block bytes using the 'I' key in visual mode
|
|
Switch between print modes using the 'p' and 'P' keys in visual mode
|
|
In soviet russia, radare2 debugs you!
|
|
Add comments using the ';' key in visual mode or the 'C' command from the radare2 shell
|
|
Assemble opcodes with the 'a' and 'A' keys in visual mode, which are bindings to the 'wa' and 'wA' commands
|
|
Find expanded AES keys in memory with '/Ca'
|
|
Find wide-char strings with the '/w <string>' command
|
|
Enable ascii-art jump lines in disassembly by setting 'e asm.lines=true'. asm.linesout and asm.linestyle may interest you as well
|
|
Control the signal handlers of the child process with the 'dk' command
|
|
Get a free shell with 'ragg2 -i exec -x'
|
|
Interpret radare2 scripts with '. <path-to-script>'. Similar to the bash source alias command.
|
|
Most of commands accept '?' as a suffix. Use it to understand how they work :)
|
|
Find hexpairs with '/x a0 cc 33'
|
|
Step through your seek history with the commands 'u' (undo) and 'U' (redo)
|
|
Use hasher to calculate hashes of portion blocks of a file
|
|
Use zoom.byte=entropy and press 'z' in visual mode to zoom out to see the entropy of the whole file
|
|
Use 'zoom.byte=printable' in zoom mode ('z' in Visual mode) to find strings
|
|
Set color to your screen with 'e scr.color=true'
|
|
Trace register changes while debugging with 'e trace.cmtregs=true'
|
|
Move the comments to the right changing their margin with asm.cmtmargin
|
|
Execute a command on the visual prompt with cmd.vprompt
|
|
Reduce the delta where flag resolving by address is used with cfg.delta
|
|
Disable these messages with 'e cfg.fortunes = false' in your ~/.radare2rc
|
|
Show offsets in graphs with 'e graph.offset = true'
|
|
Follow a flag in disassembly view (avoids to disasemble out of the visibility of the flag) with asm.follow
|
|
Execute a command every time a breakpoint is hit with 'e cmd.bp = !my-program'
|
|
Disassemble in intel syntax with 'e asm.syntax = intel'.
|
|
Change the UID of the debugged process with child.uid (requires root)
|
|
Enable full backtrace with dbg.fullbt
|
|
What do you want to debug today?
|
|
Find cp850 strings with 'e cfg.encoding=cp850' and '/s'
|
|
Enhace your graphs by increasing the size of the block and graph.depth eval variable.
|
|
Control the height of the terminal on serial consoles with e scr.height
|
|
Use e file.id=true and e file.flag=true in your ~/.radare2rc to get symbols, strings, .. when loading
|
|
Emulate the base address of a file with e file.baddr.
|
|
Bindiff two files with '$ bdiff /bin/true /bin/false'
|
|
Execute commands on a temporary offset by appending '@ offset' to your command.
|
|
Temporally drop the verbosity prefixing the commands with ':'
|
|
Change the graph block definition with graph.callblocks, graph.jmpblocks, graph.flagblocks
|
|
Use the '<' and '>' keys in visual cursor mode (V->c) to folder selected bytes.
|
|
Use scr.accel to browse the file faster!
|
|
I love the smell of bugs in the morning.
|
|
Use the 'pR' command to see the source line related to the current seek
|
|
Analyze socket connections with the socket plugin: 'radare2 socket://www.foo.com:80'. Use 'w' to send data
|
|
I like to suck nibbles and make hex.
|
|
I'm in your source securing your bits.
|
|
radare2 contributes to the One Byte Per Child fundation.
|
|
Setup dbg.fpregs to true to visualize the fpu registers in the debugger view.
|
|
To debug a program, you can call r2 with 'dbg://<path-to-program>' or '-d <path..>'
|
|
3nl4r9e y0\/r r4d4r3
|
|
I did it for the pwnz.
|
|
If you send the program you are debugging to 15 friends before 143 minutes and then step three times on the same opcode you will get the name of the person who loves you.
|
|
To remove this message, put `dbxenv suppress_startup_message 7.5' in your .dbxrc
|
|
Heisenbug: A bug that disappears or alters its behavior when one attempts to probe or isolate it.
|
|
radare2 is for lulzhats
|
|
Use 'e' and 't' in Visual mode to edit configuration and track flags.
|
|
Use 'rabin2 -rios' to get the import/export/other symbols of any binary.
|
|
Remember to maintain your ~/.radare_history
|
|
Microloft Visual Radare.NET 2008. Now OOXML Powered!
|
|
Enjoy the 'two girls one backup' viral video.
|
|
A C program is like a fast dance on a newly waxed dance floor by people carrying razors - Waldi Ravens
|
|
radare2 is like windows 7 but even better.
|
|
Enlarge your radare2.
|
|
Excellent; we can attack in any direction!
|
|
Better than an eel in the ass.
|
|
radare2 build farm beats the facebook one.
|
|
Thank you for using radare2. Have a nice night!
|
|
Your r2 was built 20h ago. TOO OLD!
|
|
Enable the PAGER with 'e scr.pager=less -R'
|
|
Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.
|
|
The '?' command can be used to evaluate math expressions. Like this: '? (0x34+22)*4'
|
|
Use radare2! lemons included!
|
|
Are you fucking coding me?
|
|
rax2 -s 20e296b20ae296b220e296b20a
|
|
Connection lost with the license server, your r2 session will terminate soon.
|
|
I swear i didn't knew she had only 8bits!
|
|
Set 'e bin.dwarf=true' to load dwarf information at startup.
|
|
Rename a function using the 'afr <newname> @ <offset>' command.
|
|
You can redefine descriptive commands in the hud file and using the 'V_' command.
|
|
Pass '-j' to rabin2 to get the information of the binary in JSON format.
|
|
This is amazing...
|
|
Use rarun2 to launch your programs with a predefined environment.
|
|
You are probably using an old version of r2, go checkout the git!
|
|
Run your own r2 scripts in awk using the r2awk program.
|
|
I love gradients.
|
|
Use '-e bin.strings=false' to disable automatic string search when loading the binary.
|
|
Wait a moment..
|
|
Don't do this.
|
|
No such file or directory.
|
|
Default scripting languages are NodeJS and Python.
|
|
-bash: r2: command not found
|
|
The unix-like reverse engineering framework.
|
|
To start the webserver type the following command: 'r2 -c=H /bin/ls'
|
|
To enter into the visual mode type 'V' in the prompt and hit enter.
|
|
Press any key to continue...
|
|
Ilo ni li pona li pali e lipu. mi wile e ni: sina kama jo e musi
|
|
radare2 for FideOS, now with extra potato
|
|
Your project name should contain an uppercase letter, 8 vowels, some numbers, and the first 5 numbers of your private bitcoin key.
|
|
This computer has gone to sleep.
|
|
Did you ever ordered a pizza using radare2?
|
|
I thought we were friends. :_
|
|
Welcome back, lazy human!
|
|
Yo dawg!
|
|
---8<--------------------8<------------------8<-----------------8<--- --
|
|
I accidentally the kernel with radare2.
|
|
I endians swap.
|
|
This page intentionally left blank.
|
|
Sick my duck!
|
|
Duck my sick!
|
|
Use 'ec' to choose the colors for your disassembly palette
|
|
Here be dragons.
|
|
Trust no one, nor a zero. Both lie.
|
|
EIP = 0x41414141
|
|
/dev/brain: No such file or directory.
|
|
Virtual machines are great, but you lose the ability to kick the hardware.
|
|
Charlie! We are here.
|
|
The door is everything..
|
|
The door controls time and space.
|
|
The door can see into your soul.
|
|
Undefined symbol 'r_anal_fisting'.
|
|
I am Pentium of Borg. Division is futile. You will be approximated.
|
|
Don't look at the code. Don't look.
|
|
Dissasemble? No dissasemble, no dissassemble!!!!!
|
|
Warning, your trial license is about to expire.
|
|
Please register your copy of r2 today! Only £29.90!
|
|
Welcome to IDA 10.0.
|
|
It's not you, it's me.
|
|
ASLR stands for Age/Sex/Location/Reverser.
|
|
This software comes with no brain included. Please use your own.
|
|
rm: /: Permission denied.
|
|
That's embarrassing.
|
|
Connection with license server failed.
|
|
In soviet Afghanistan, you debug radare2!
|
|
You should know that ptracing binaries younger than 18yo is illegal.
|
|
Wow, my cat knows radare2 hotkeys better than me!
|
|
Documentation is for weak people.
|
|
PEBCAK ERROR: Documentation not found.
|
|
License server overloaded (ETOOMANYCASH)
|
|
Error: cannot yank negative sleep
|
|
If you're not satisfied by our product, we'll be happy to refund you.
|
|
Already up-to-date.
|
|
How about a nice game of chess?
|
|
THE ONLY WINNING MOVE IS NOT TO PLAY.
|
|
SHALL WE PLAY A GAME?
|
|
Sudo make me a pancake.
|
|
Bitch
|
|
I nodejs so hard my exams.
|
|
What a nodejs!
|
|
Now featuring NoSQL!
|
|
Kentucky Fried Children
|
|
One does not simply write documentation.
|
|
We are bleeding edge here. Can't you feel the razors?
|
|
There's a branch for that.
|
|
Everything up-to-date.
|
|
Sharing your latest session in Facebook...
|
|
This should be documented, since it's not that obvious.
|
|
It's working! Look at the door!
|
|
This is an unacceptable milion year dungeon.
|
|
The Hard ROP Cafe
|
|
Please remove pregnant women, pregnant children, and pregnant pets from the monitor.
|
|
Fill the bug. Fill it with love. With the creamy and hot sauce of love.
|
|
If you need to escape from hell, 'e asm.arch = malbolge' might help you.
|
|
Wait a minute! I found a bug, self-fixing... OK
|
|
Hold on, this should never happen!
|
|
Well this is embarrasing...
|
|
THIS IS NOT FUNNY
|
|
This code was intentionally left blank, try 'e asm.arch = ws'
|
|
This is a compressed PDF. Why the hell are you opening this in r2 ? SIGSEGV
|
|
♥ --
|
|
Can you stand on your head?
|
|
I hope you segfault in hell.
|
|
May the segfault be with you.
|
|
I script in C, because fuck you.
|
|
EXPLICIT CONTENT
|
|
Bindings are mostly powered by tears.
|
|
In Soviet Russia, radare2 have documentation.
|
|
Initial frame selected; you cannot go up.
|
|
Unk, unk, unk, unk
|
|
Experts agree, security holes suck, and we fixed some of them!
|
|
r2 your penis
|
|
This is just an existentialist experiment.
|
|
Nothing to see here. Move along.
|
|
Select your character: RBin Wizard, Master Anal Paladin, or Assembly Wizard
|
|
I accidently radared my filesystem today.
|
|
No fix, no sleep
|
|
You see it, you fix it!
|
|
V is for Visual
|
|
r2-goverity: found corruption - please eliminate!
|
|
Stop debugging me!
|
|
THIS IS NOT A BUG
|
|
Fuck you, fuck you in the mouth, with a chair!
|
|
Polish reversers blame git
|
|
vm is like a small cow in ascii
|
|
Do you want to print 333.5K chars? (y/N)
|
|
Now with more better English!
|
|
:(){ :|:& };:
|
|
All your base are belong to r2
|
|
Ask not what r2 can do for you - ask what you can do for r2
|
|
Try with ASAN, and be amazed
|
|
bash: r3: command not found :D
|
|
R2 loves everyone, even Java coders, but less than others
|
|
It's not a bug, it's a work in progress
|
|
Stop swearing!
|
|
I didn't said that it was working, I said that it's implemented
|
|
Wrong argument
|