Opensource reverse engineering framework to disassemble, debug, analyze, manipulate binary files and more.
radare2 is an open source framework for reverse engineering which implements a rich command line interface for disassembling, analyzing data, patching binaries, comparing data, searching, replacing, visualizing and more. It has great scripting capabilities, it runs on all major platforms (GNU/Linux, Windows, *BSD, iOS, OSX, Solaris…) and it supports tons of architectures and file formats.
features
- Multi-architecture and multi-platform
- GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
- x86{16,32,64}, dalvik, avr, arm, java, powerpc, sparc, mips, bf
- pe{32,64}, [fat]mach0{32,64}, elf{32,64}, dex and java classes
- Highly scriptable
- Vala, Go, Python, Guile, Ruby, Perl, lua, Java, JavaScript, sh, ..
- batch mode and native plugins with full internal API access
- native scripting based in mnemonic commands and macros
- Hexadecimal editor
- 64bit offset support with virtual addressing and section maps
- Assemble and disassemble from/to many architectures
- colorizes opcodes, bytes and debug register changes
- print data in various formats (int, float, disasm, timestamp, ..)
- search multiple patterns or keywords with binary mask support
- checksumming and data analysis of byte blocks
- IO is wrapped
- support Files, disks, processes and streams
- virtual addressing with sections and multiple file mapping
- handles gdb:// and rap:// remote protocols
- Filesystems support
- allows to mount ext2, vfat, ntfs, and many others
- support partition types (gpt, msdos, ..)
- Debugger support
- gdb remote and brainfuck debugger support
- software and hardware breakpoints
- tracing and logging facilities
- Diffing between two functions or binaries
- graphviz friendly code analysis graphs
- colorize nodes and edges
- Code analysis at opcode, basicblock, function levels
- embedded simple virtual machine to emulate code
- keep track of code and data references
- function calls and syscall decompilation
- function description, comments and library signatures
