radare2: Describe firmware image case

1 files changed, 26 insertions, 6 deletions

diff --git a/source/radare2-tips.rst b/source/radare2-tips.rst
index 1793ae1..2187403 100644
--- a/source/radare2-tips.rst
+++ b/source/radare2-tips.rst
@@ -74,12 +74,6 @@ Here are some tips about this:
   they are rather useful. Note: labels are removed globally, not only for
   current address.
 
-While reversing ARM Cortex-M (thumb2) binaries, especially ELF binaries without
-symbols, the asm.bits is always 32 and running ``e asm.bits=16`` does not change
-anything. To fix this one must use ``ahb 16``:
-
-- ``ahb 16`` set bitness to 16 (useful for ARM thumb) [#asmbits16]_
-
 Project
 -------
 
@@ -111,6 +105,32 @@ output.
 ``cc`` stands for `calling convention`. Found in ``aflj`` command output, may be
 set via ``e anal.cc``.
 
+Working with a firmware image binary blob
+-----------------------------------------
+
+Useful combination of flags to load a firmware image into r2::
+
+  r2 -m 0x08000000 -a arm -b 16 -A firmware.bin
+
+Options description:
+
+- ``-m 0x08000000`` - Map the file to the specified address. The
+  ``firmware.bin`` image will get mapped at the offset ``0x08000000`` in this
+  case.
+
+- ``-a arm`` - Architecture ``arm``, obviously.
+
+- ``-b 16`` - Set architecture bits to 16, equivalent to ``e asm.bits=16``
+  command inside the radare2 shell. Useful for ARM Cortex-M (thumb2) binaries.
+
+- ``-A`` - Analyze, Equivalent to ``aaa`` command inside the radare2 shell.
+
+While reversing ARM Cortex-M (thumb2) binaries, especially ELF binaries without
+symbols, the asm.bits is always 32 and running ``e asm.bits=16`` does not change
+anything. To fix this one must use ``ahb 16``:
+
+- ``ahb 16`` set bitness to 16 (useful for ARM thumb) [#asmbits16]_
+
 Footnotes
 ---------