Static Navigation Disassembly with Radare2 — PART-1
To delve into the static analysis of binaries using Radare2, follow these fundamental commands:
Radare2 Beginner Guide
I’ve outlined a 10-part plan to facilitate learning. Each part is accompanied by a dedicated folder containing a comprehensive README file for better understanding.
GitHub - Kamalesh-Seervi/radare2
Radare2 consists of an hexadecimal editor (radare) with a wrapped IO layer supporting multiple backends for local/remote files, debugger (OS X, BSD, Linux, W32), stream analyzer, assembler/disassembler (rasm) for various architectures, code analysis modules, and scripting facilities. Additional tools include radiff (bindiffer), rax (base converter), rasc (shellcode development helper), rabin (binary information extractor), and rahash (block-based hash utility).
Installation:
sudo apt install radare2
Running a Binary
- Check my github link above to get the binary files.
- To execute a binary file in Radare2, use the following command:
r2 ./letter_frequencies
After executing the command, the Seek commander will be activated.
Views and Disassembly
- Press V to access various views of the binary file.
- Type p to switch between different views like hex, disassembly, debugger, ASCII hex, diffuse, and color visual.
Hex View Example
- Enter to select the first line in the disassembler (similar to double-clicking a line).
Steps for Analysis
- Enter Seeker mode by typing Shift+:.
- In the Seeker mode, use Shift+: under the disassembly mode.
- Analyze the binary by typing aaa and pressing Enter.
- Display the functions in the binary with afl.
- To focus on the main code, type s main and press Enter twice.
Explore the main code of the disassembly.
When entering a printf or similar function during reverse engineering, press Enter to view the stub code.
Note
- To navigate back, press U.
Conclusion
By using Radare2 for static navigation and disassembly, you’ve gained a foundational understanding of binary analysis. This tool provides a robust set of commands for inspecting, analyzing, and navigating through binaries. As you continue your journey with Radare2, you’ll unlock its full potential in reverse engineering and binary analysis.
Experiment with different commands, explore various views, and deepen your comprehension of binary structures. The insights gained from static analysis will prove invaluable as you progress in your understanding of Radare2.
Stay tuned for the next part, where we’ll dive into advanced features and real-world examples. In Part 2, we’ll explore dynamic analysis, debugging, and more cool aspects of Radare2. Get ready for the next chapter in your Radare2 learning adventure!
Top comments (0)