From 6bc56335677514a1f508f1d83bdafbcc2f66c9f0 Mon Sep 17 00:00:00 2001 From: Oxore Date: Fri, 5 Jan 2024 22:59:05 +0300 Subject: Initial commit --- source/radare2-tips.rst | 118 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 source/radare2-tips.rst (limited to 'source/radare2-tips.rst') diff --git a/source/radare2-tips.rst b/source/radare2-tips.rst new file mode 100644 index 0000000..915e2b8 --- /dev/null +++ b/source/radare2-tips.rst @@ -0,0 +1,118 @@ +Radare2 tips +============ + +Data +---- + +``iz``, ``izz`` - list nil-terminated strings. + +``px @`` - hexdump ```` bytes at ````. If you want +to use address from a register, you can refer to it as ``@reg``. [#px-for-registers]_ + +Example usage: + +.. code-block:: + + :> px 4 @esp + - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF + 0xffd5df4c 7860 5656 x`VV + :> px 4 @esp+4 + - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF + 0xffd5df50 0a00 0000 .... + :> px 4 @esp-4 + - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF + 0xffd5df48 0090 5656 ..VV + + +``wao `` - Write Assembly Opcode, change the opcode of current instruction. + +``wao nocj`` - change opcode of conditional jump at the current offset to be nonconditional. + +``wai `` - Write Assembly Instruction - literally write any full assembly instruction instead of current instruction, if it would fit, of course. If new instruction is shorter, then NOPs are added. + +``w 'string'``, ``w 'a'`` - overWrite inplace a string or a single letter. + +``wx FFAA00`` - overWrite sequence of heX tetrads. Spaces are ignored. + +``wx `` - Overwrites high tetrad of byte to be ``F``, so, e.g. byte ``00`` becomes ``F0``. + +``wx FFF`` - Overwrites first byte and high tetrad of second byte to be ``F``, so, e.g. sequence ``12 34`` becomes ``FF F4``. + +``/ `` - Search for a string. Note that space is mandatory. + +Functions +--------- + +``afl`` - list functions. + +``afx`` - show current function references. + +``afn`` - rename function. + +``axt`` - xrefs to. + +``axf`` - xrefs from. + +Press ``v`` in capital-V-mode to bring up the list of functions. + +``pdd`` - print decompiled code. Requires installing ``r2dec`` [#r2dec]_ + +``afv-*``, ``afv-[name]`` - remove annoying variables and args aliases automatically declared at the beginning of the function. + +``afva`` - get variables and args aliases back. + +While reversing SMD (Sega MegaDrive ROM) there may be a crap ton of lables +defined over first address (0x200) due to all addresses in IVT are set to 0x200. +Here are some tips about this: + +- ``f sym.shit`` - define new shitty label (flag) you don't need. The ``sym.`` + prefix is optional, it is just what r2 uses for creating the shit. + +- ``f- sym.*`` - remove all these shitty lables (flags) you don't need. These + without the ``sym.`` prefix are actually OK and are not irritating at all, + they are rather useful. Note: labels are removed globally, not only for + current address. + +While reversing ARM Cortex-M (thumb2) binaries, especially ELF binaries without +symbols, the asm.bits is always 32 and running ``e asm.bits=16`` does not change +anything. To fix this one must use ``ahb 16``: + +- ``ahb 16`` set bitness to 16 (useful for ARM thumb) [#asmbits16]_ + +Project +------- + +``Ps`` - save project. + +``$ r2 -p `` - open a project from shell. + +Visual (capital-V-mode) and moving around +----------------------------------------- + +Press ``C`` - rotate no color/terminal colorscheme/truecolor colorscheme. + +Press ``R`` - random truecolor coloscheme. + +Press ``v`` - bring up the list of functions. + +``ecd`` - set default truecolor coloscheme (reset colorscheme). + +Press ENTER to follow jump + +Press ``u``/``U`` - undo/redo seek or jump following. + +Confusing abbreviations and words +----------------------------------------- + +``nbbs`` may stand for `number of basic blocks`. Found in ``aflj`` command +output. + +``cc`` stands for `calling convention`. Found in ``aflj`` command output, may be +set via ``e anal.cc``. + +Footnotes +--------- + +.. [#px-for-registers] `how to get value at an address with radare / stackoverflow.com `_ +.. [#r2dec] `How to install r2dec / stackoverflow.com `_ +.. [#asmbits16] `Cannot set asm.bits to 16 for arm arch #13019 / github.com `_ -- cgit v1.2.3