Reverse Engineering Using Radare2

Jacob Pimental
Dec 16, 2017 · 5 min read
$ git clone https://github.com/radare/radare2
$ cd radare2
$ sudo sys/install.sh
$
$ ./intro
$ Hello World
$
#include <stdio.h>
void main(){
printf("Hello World\n");
}
$ rabin2 -I intro 
arch x86
binsz 6485
bintype elf
bits 64
canary false
class ELF64
crypto false
endian little
havecode true
intrp /lib64/ld-linux-x86-64.so.2
lang c
linenum true
lsyms true
machine AMD x86-64 architecture
maxopsz 16
minopsz 1
nx true
os linux
pcalign 0
pic true
relocs true
relro partial
rpath NONE
static false
stripped false
subsys linux
va true
$
$ rabin2 -z intro 
vaddr=0x000006e4 paddr=0x000006e4 ordinal=000 sz=12 len=11 section=.rodata type=ascii string=Hello World
$
$ rabin2 -h
$ r2 intro
$ r2 intro 
-- Enhance your graphs by increasing the size of the block and graph.depth eval variable.
[0x00000540]> aa
[x] Analyze all flags starting with sym. and entry0 (aa)
[0x00000540]>
[0x00000540]> s main
[0x0000064a]>
[0x0000064a]> v
/ (fcn) sym.main 19                                                                                                                                                                           
| sym.main ();
| ; DATA XREF from 0x0000055d (entry0)
| 0x0000064a 55 push rbp
| 0x0000064b 4889e5 mov rbp, rsp
| 0x0000064e 488d3d8f0000. lea rdi, str.Hello_World ; 0x6e4 ; "Hello World"
| 0x00000655 e8d6feffff call sym.imp.puts ;[1] ; int puts(const char *s)
| 0x0000065a 90 nop
| 0x0000065b 5d pop rbp
\ 0x0000065c c3 ret

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade