Initial commit

1 files changed, 118 insertions, 0 deletions

diff --git a/source/radare2-tips.rst b/source/radare2-tips.rst
new file mode 100644
index 0000000..915e2b8
--- /dev/null
+++ b/source/radare2-tips.rst
@@ -0,0 +1,118 @@
+Radare2 tips
+============
+
+Data
+----
+
+``iz``, ``izz`` - list nil-terminated strings.
+
+``px <size> @<offset>`` - hexdump ``<size>`` bytes at ``<offset>``. If you want
+to use address from a register, you can refer to it as ``@reg``. [#px-for-registers]_
+
+Example usage:
+
+.. code-block::
+
+    :> px 4 @esp
+    - offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
+    0xffd5df4c  7860 5656                                x`VV
+    :> px 4 @esp+4
+    - offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
+    0xffd5df50  0a00 0000                                ....
+    :> px 4 @esp-4
+    - offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
+    0xffd5df48  0090 5656                                ..VV
+
+
+``wao <asm-instr>`` - Write Assembly Opcode, change the opcode of current instruction.
+
+``wao nocj`` - change opcode of conditional jump at the current offset to be nonconditional.
+
+``wai <instruction>`` - Write Assembly Instruction - literally write any full assembly instruction instead of current instruction, if it would fit, of course. If new instruction is shorter, then NOPs are added.
+
+``w 'string'``, ``w 'a'`` - overWrite inplace a string or a single letter.
+
+``wx FFAA00`` - overWrite sequence of heX tetrads. Spaces are ignored.
+
+``wx <hex-seq>`` - Overwrites high tetrad of byte to be ``F``, so, e.g. byte ``00`` becomes ``F0``.
+
+``wx FFF`` - Overwrites first byte and high tetrad of second byte to be ``F``, so, e.g. sequence ``12 34`` becomes ``FF F4``.
+
+``/ <string>`` - Search for a string. Note that space is mandatory.
+
+Functions
+---------
+
+``afl`` - list functions.
+
+``afx`` - show current function references.
+
+``afn`` - rename function.
+
+``axt`` - xrefs to.
+
+``axf`` - xrefs from.
+
+Press ``v`` in capital-V-mode to bring up the list of functions.
+
+``pdd`` - print decompiled code. Requires installing ``r2dec`` [#r2dec]_
+
+``afv-*``, ``afv-[name]`` - remove annoying variables and args aliases automatically declared at the beginning of the function.
+
+``afva`` - get variables and args aliases back.
+
+While reversing SMD (Sega MegaDrive ROM) there may be a crap ton of lables
+defined over first address (0x200) due to all addresses in IVT are set to 0x200.
+Here are some tips about this:
+
+- ``f sym.shit`` - define new shitty label (flag) you don't need. The ``sym.``
+  prefix is optional, it is just what r2 uses for creating the shit.
+
+- ``f- sym.*`` - remove all these shitty lables (flags) you don't need. These
+  without the ``sym.`` prefix are actually OK and are not irritating at all,
+  they are rather useful. Note: labels are removed globally, not only for
+  current address.
+
+While reversing ARM Cortex-M (thumb2) binaries, especially ELF binaries without
+symbols, the asm.bits is always 32 and running ``e asm.bits=16`` does not change
+anything. To fix this one must use ``ahb 16``:
+
+- ``ahb 16`` set bitness to 16 (useful for ARM thumb) [#asmbits16]_
+
+Project
+-------
+
+``Ps`` - save project.
+
+``$ r2 -p <projectname>`` - open a project from shell.
+
+Visual (capital-V-mode) and moving around
+-----------------------------------------
+
+Press ``C`` - rotate no color/terminal colorscheme/truecolor colorscheme.
+
+Press ``R`` - random truecolor coloscheme.
+
+Press ``v`` - bring up the list of functions.
+
+``ecd`` - set default truecolor coloscheme (reset colorscheme).
+
+Press ENTER to follow jump
+
+Press ``u``/``U`` - undo/redo seek or jump following.
+
+Confusing abbreviations and words
+-----------------------------------------
+
+``nbbs`` may stand for `number of basic blocks`. Found in ``aflj`` command
+output.
+
+``cc`` stands for `calling convention`. Found in ``aflj`` command output, may be
+set via ``e anal.cc``.
+
+Footnotes
+---------
+
+.. [#px-for-registers] `how to get value at an address with radare / stackoverflow.com <https://stackoverflow.com/a/54264998>`_
+.. [#r2dec] `How to install r2dec / stackoverflow.com <https://stackoverflow.com/a/51466052>`_
+.. [#asmbits16] `Cannot set asm.bits to 16 for arm arch #13019 / github.com <https://github.com/radareorg/radare2/issues/13019#issuecomment-461775283>`_