radare2 4.4 releases: unix-like reverse engineering framework and commandline tools

Introduction

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.

Radare project started as a forensics tool, a scriptable command line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, …

radare2 is portable.

The main tool of the whole framework. It uses the core of the hexadecimal editor and debugger. radare2 allows you to open a number of input/output sources as if they were simple, plain files, including disks, network connections, kernel drivers, processes under debugging, and so on.

It implements an advanced command line interface for moving around a file, analyzing data, disassembling, binary patching, data comparison, searching, replacing, and visualizing. It can be scripted with a variety of languages, including Python, Ruby, JavaScript, Lua, and Perl.

• Architectures:
  • 6502, 8051, CRIS, H8/300, LH5801, T8200, arc, arm, avr, bf, blackfin, xap, dalvik, dcpu16, gameboy, i386, i4004, i8080, m68k, malbolge, mips, msil, msp430, nios II, powerpc, rar, sh, snes, sparc, tms320 (c54x c55x c55+), V810, x86-64, zimg, risc-v.
• File Formats:
  • ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems.
• Operating Systems:
  • Windows (since XP), GNU/Linux, OS X, [Net|Free|Open]BSD, Android, iOS, OSX, QNX, Solaris, Haiku, FirefoxOS
• Bindings:
  • Vala/Genie, Python (2, 3), NodeJS, Lua, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCaml, …

radare2 v4.4 has been released.

Changelog

Highlights

• Replace shellscript, nodejs and V testsuites with r2r.c which is shipped by default
• Added initial analysis plugins for super-h and tricore
• Fix build and some runtime issues on IBM s390x
• Updated rap:// cleaned up implementation inside RSocket for client and server
• Speedup type linking (300x faster)
• Fixed all the timeouts and crashes from bins/fuzz
• Add support for retpoline switch table analysis (spectre/meltdown)
  • Fix #16418 – Implement blind main detection on endbr+mov files
• Add commands to emulate a basic block or the whole path until reaching an address
• Fix support for the latest GLIBC for heap parsing
• Improved automatic function signature association for the imports
  • Fixed afs command to show proper footprint
  • Add support for typedef and added NSString type on darwin binaries
  • Fixed all the t subcommands to print all types as C
• Improved visual class browser and the visual bit editor
• ragg2 now allows to change the path of the shellcode to run
• Graph visualization is now faster
• Use RPVector for io->maps – speedup map traversal (overall speedup)
• Lots of code cleanup and refactorings reducing memory usage and performance
• DEX loading is now 2x faster
• Fix assembler: MOV for x86 and LDR for arm64
• Improved the bin loader to support iOS 13.4 dyldcache files
• Improved support for ObjC IVAR fields loading them as C structs
• Add improved icc subcommands to print as classes as C, ObjC or Java
• Automated Emscripten (JS/WASM) builds in CI
• Fixed static build by defining a new file naming policy
• Default installation path with sys/install.sh is now always /usr/local
  • Previous installations in /usr will be purged
• Only check for major and minor version numbers when loading plugins

Download

Tutorial

Copyright (C) 2013 radare 

Source: https://github.com/radare/