Radare project started as a forensics tool, a scriptable commandline hexadecimal editor able to open disk files but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers
功能:Radare is a portable reversing framework that can
Disassemble (and assemble for) many different architectures
Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
Perform forensics on filesystems and data carving
Be scripted in Python, Javascript, Go and more
Support collaborative analysis using the embedded webserver
Visualize data structures of several file types
Patch programs to uncover new features or fix vulnerabilities
Use powerful analysis capabilities to speed up reversing
Aid in software exploitation
特性
Batch, commandline, visual and panels interactive modes
Embedded webserver with js scripting and webui
Assemble and disassemble a large list of CPUs
Runs on Windows and any other UNIX flavour out there
Analyze and emulate code with ESIL
Native debugger and GDB, WINDBG, QNX and FRIDA
Navigate ascii-art control flow graphs
Ability to patch binaries, modify code or data
Search for patterns, magic headers, function signatures
Easy to extend and modify
Commandline, C API, script with r2pipe in any language
$ radare2 -h
Usage: r2 [-ACdfLMnNqStuvwzX][-P patch][-p prj][-a arch][-b bits][-i file][-s addr][-B baddr][-m maddr][-c cmd][-e k=v]file|pid|-|--|=
-- run radare2 without opening any file
- same as 'r2 malloc://512'=readfile from stdin (use -i and -c to run cmds)
-= perform !=!command to run all commands remotely
-0 print \x00 after init and every command-2 close stderr file descriptor (silent warning messages)-a[arch]set asm.arch
-A run 'aaa'command to analyze all referenced code
-b[bits]set asm.bits
-B[baddr]set base address for PIE binaries
-c'cmd..' execute radare command-Cfile is host:port (alias for -c+=http://%s/cmd/)-d debug the executable 'file' or running process 'pid'-D[backend]enable debug mode (e cfg.debug=true)-ek=v evaluate config var
-f block size =file size
-F[binplug] force to use that rbin plugin
-h, -hh show help message, -hhfor long
-H([var]) display variable
-i[file] run script file-I[file] run script file before the file is opened
-k[OS/kern]set asm.os (linux, macos, w32, netbsd, ...)-l[lib] load plugin file-L list supported IO plugins
-m[addr] map file at given address (loadaddr)-Mdo not demangle symbol names
-n, -nndo not load RBin info (-nn only load bin structures)-Ndo not load user settings and scripts
-q quiet mode (no prompt) and quit after -i-Q quiet mode (no prompt) and quit faster (quickLeak=true)-p[prj] use project, list if no arg, load if no file-P[file] apply rapatch file and quit
-r[rarun2] specify rarun2 profile to load (same as -edbg.profile=X)-R[rr2rule] specify custom rarun2 directive
-s[addr] initial seek
-S start r2 in sandbox mode
-t load rabin2 info in thread
-usetbin.filter=false to get raw sym/sec/cls names
-v, -V show radare2 version (-V show lib versions)-wopenfileinwrite mode
-xopen without exec-flag (asm.emu will not work), See io.exec
-X same as -ebin.usextr=false (useful for dyldcache)
-z, -zzdo not load strings or load them even in raw