11

Radare2 is a framework for reverse-engineering gathering several tools (see this Phrack article about radare1 to know a bit more about the framework).

I would like to know if someone could point out the main useful features of the framework for reverse engineering ? And, particularly what makes radare2 different from other tools or frameworks ?

perror
  • 19,083
  • 29
  • 87
  • 150

1 Answers1

15

from its feature page:

  • Multi-architecture and multi-platform
    • GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
    • x86{16,32,64}, dalvik, avr, arm, java, powerpc, sparc, mips, bf, csr, m86k, msil, sh
    • pe{32,64}, [fat]mach0{32,64}, elf{32,64}, te, dex and java classes
  • Highly scriptable
    • Vala, Go, Python, Guile, Ruby, Perl, Lua, Java, JavaScript, sh, ..
    • batch mode and native plugins with full internal API access
    • native scripting based in mnemonic commands and macros
  • Hexadecimal editor
    • 64bit offset support with virtual addressing and section maps
    • Assemble and disassemble from/to many architectures
    • colorizes opcodes, bytes and debug register changes
    • print data in various formats (int, float, disasm, timestamp, ..)
    • search multiple patterns or keywords with binary mask support
    • checksumming and data analysis of byte blocks
  • IO is wrapped
    • support Files, disks, processes and streams
    • virtual addressing with sections and multiple file mapping
    • handles gdb:// and rap:// remote protocols
  • Filesystems support
    • allows to mount ext2, vfat, ntfs, and many others
    • support partition types (gpt, msdos, ..)
  • Debugger support
    • gdb remote and brainfuck debugger support
    • software and hardware breakpoints
    • tracing and logging facilities
  • Diffing between two functions or binaries
    • graphviz friendly code analysis graphs
    • colorize nodes and edges
  • Code analysis at opcode, basicblock, function levels
    • embedded simple virtual machine to emulate code
    • keep track of code and data references
    • function calls and syscall decompilation
    • function description, comments and library signatures
Anton Kochkov
  • 696
  • 4
  • 10
Ange
  • 6,694
  • 3
  • 28
  • 62