Radare2 tips ============ Data ---- ``iz``, ``izz`` - list nil-terminated strings. ``px @`` - hexdump ```` bytes at ````. If you want to use address from a register, you can refer to it as ``@reg``. [#px-for-registers]_ Example usage: .. code-block:: :> px 4 @esp - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0xffd5df4c 7860 5656 x`VV :> px 4 @esp+4 - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0xffd5df50 0a00 0000 .... :> px 4 @esp-4 - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0xffd5df48 0090 5656 ..VV ``wao `` - Write Assembly Opcode, change the opcode of current instruction. ``wao nocj`` - change opcode of conditional jump at the current offset to be nonconditional. ``wai `` - Write Assembly Instruction - literally write any full assembly instruction instead of current instruction, if it would fit, of course. If new instruction is shorter, then NOPs are added. ``w 'string'``, ``w 'a'`` - overWrite inplace a string or a single letter. ``wx FFAA00`` - overWrite sequence of heX tetrads. Spaces are ignored. ``wx `` - Overwrites high tetrad of byte to be ``F``, so, e.g. byte ``00`` becomes ``F0``. ``wx FFF`` - Overwrites first byte and high tetrad of second byte to be ``F``, so, e.g. sequence ``12 34`` becomes ``FF F4``. ``/ `` - Search for a string. Note that space is mandatory. Functions --------- ``afl`` - list functions. ``afx`` - show current function references. ``afn`` - rename function. ``axt`` - xrefs to. ``axf`` - xrefs from. Press ``v`` in capital-V-mode to bring up the list of functions. ``pdd`` - print decompiled code. Requires installing ``r2dec`` [#r2dec]_ ``afv-*``, ``afv-[name]`` - remove annoying variables and args aliases automatically declared at the beginning of the function. ``afva`` - get variables and args aliases back. While reversing SMD (Sega MegaDrive ROM) there may be a crap ton of lables defined over first address (0x200) due to all addresses in IVT are set to 0x200. Here are some tips about this: - ``f sym.shit`` - define new shitty label (flag) you don't need. The ``sym.`` prefix is optional, it is just what r2 uses for creating the shit. - ``f- sym.*`` - remove all these shitty lables (flags) you don't need. These without the ``sym.`` prefix are actually OK and are not irritating at all, they are rather useful. Note: labels are removed globally, not only for current address. While reversing ARM Cortex-M (thumb2) binaries, especially ELF binaries without symbols, the asm.bits is always 32 and running ``e asm.bits=16`` does not change anything. To fix this one must use ``ahb 16``: - ``ahb 16`` set bitness to 16 (useful for ARM thumb) [#asmbits16]_ Project ------- ``Ps`` - save project. ``$ r2 -p `` - open a project from shell. Visual (capital-V-mode) and moving around ----------------------------------------- Press ``C`` - rotate no color/terminal colorscheme/truecolor colorscheme. Press ``R`` - random truecolor coloscheme. Press ``v`` - bring up the list of functions. ``ecd`` - set default truecolor coloscheme (reset colorscheme). Press ENTER to follow jump Press ``u``/``U`` - undo/redo seek or jump following. Confusing abbreviations and words ----------------------------------------- ``nbbs`` may stand for `number of basic blocks`. Found in ``aflj`` command output. ``cc`` stands for `calling convention`. Found in ``aflj`` command output, may be set via ``e anal.cc``. Footnotes --------- .. [#px-for-registers] `how to get value at an address with radare / stackoverflow.com `_ .. [#r2dec] `How to install r2dec / stackoverflow.com `_ .. [#asmbits16] `Cannot set asm.bits to 16 for arm arch #13019 / github.com `_