radare2 4.5 releases: unix-like reverse engineering framework and commandline tools

Introduction

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.

Radare project started as a forensics tool, a scriptable command line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, …

radare2 is portable.

The main tool of the whole framework. It uses the core of the hexadecimal editor and debugger. radare2 allows you to open a number of input/output sources as if they were simple, plain files, including disks, network connections, kernel drivers, processes under debugging, and so on.

It implements an advanced command line interface for moving around a file, analyzing data, disassembling, binary patching, data comparison, searching, replacing, and visualizing. It can be scripted with a variety of languages, including Python, Ruby, JavaScript, Lua, and Perl.

• Architectures:
  • 6502, 8051, CRIS, H8/300, LH5801, T8200, arc, arm, avr, bf, blackfin, xap, dalvik, dcpu16, gameboy, i386, i4004, i8080, m68k, malbolge, mips, msil, msp430, nios II, powerpc, rar, sh, snes, sparc, tms320 (c54x c55x c55+), V810, x86-64, zimg, risc-v.
• File Formats:
  • ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems.
• Operating Systems:
  • Windows (since XP), GNU/Linux, OS X, [Net|Free|Open]BSD, Android, iOS, OSX, QNX, Solaris, Haiku, FirefoxOS
• Bindings:
  • Vala/Genie, Python (2, 3), NodeJS, Lua, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCaml, …

radare2 v4.5 has been released.

Changelog

Highlights

anal

• Initial API for base type kinds (enum, struct, union)
• Rename PowerPC to PPC
• Improve RISC-V analysis for compressed instructions
• Add endbr64 as a function prelude for x86-64 binaries
• Improve BP vars/args detection
• Detect register args used only by callee
• Match args name/types from function definition
• Improve itanium RTTI parsing and vtable search
• Refactor Variables out of SDB
• Implement basic concept of signature bestmatch

asm

• Add support for WebAssembly SIMD extension
• Boolify r_asm_is_valid and r_asm_set_syntax API
• x86_64/x86_32: Implement assembler endbr32 and endbr64 instructions
• x86_64: Support mov r64, 0xffffffffffffffff
• x86_64: Fix mov r32, -imm32 encoding
• Move inferior GNU Hexagon plugin to extras

bin

• Apple Symbols file
  • Improve Xcode symbols parser
• COFF
  • Improve relocation support on COFF file format
• DEX
  • Fix several crashes when loading corrupted files
  • Performance improvements in DEX parsing
• DWARF
  • DWARF 4 and 5 line parsing additions
  • Several improvements/fixes in parsing
• ELF
  • Use Dynamic segment entries instead of sections to find relocations
  • Add support for BA2 ELF
  • Add support for relocation entries for AARCH64 and PPC
  • Print a warning when the entrypoint cannot be found and it is automatically set somewhere else
  • Make glibc heap commands faster by resolving main_arena symbol
  • Add support for glibc heap tcache pre/post glibc version 2.30
  • Add missing reloc definitions for C-SKY, RISCV and AARCH64
• kernelcache
  • Fix rebasing offset
• Mach-O
  • Fix symbol names truncation issue when dealing with overly long strings
  • Support arbitrary length identifiers
  • Fix relocations on ARM Thumb
  • Support Mach-O threaded binding for arm64e
  • Rebase and strip pointers on Mach-O arm64e
  • Fix parsing of objc class data pointer
  • Do not automatically set the entrypoint of libraries
• PDB
  • Add support for multiple PDB symbol servers
  • Add function for reading PDB from buffer
  • Fix command injection on PDB download
• Pyc
  • Move to radare2 core repository and improve/clean it
• PE
  • Fix crash when resolving corrupted ordinal exports
  • Speedup parsing PE exports

build

• Various fixes for Haiku
• Add support for binr/blob and fix android build in meson
• Add --without-dylink configure flag to disable libdl features
• Add Debian 8 Jessie to GitHub CI
• CentOS tree sitter fix using gnu99 when available
• Fix the static build by dynamically resolving libutil symbols
• Add release Github workflow to create all the release artifacts
• Introduce --without-r2r configure option to disable compilation of r2r

cons

• Add VT sequences input support for Windows

crypto

• Remove hardcoded supported encoders names (e.g. base64, base91, punycode)

debug

• Fixes for windows debugger
  • Improve exception logging
  • Fix inconsistencies in killing/restarting a process
  • Fix detaching without killing debuggee
  • Expose exception reason for di

io

• Add new fd:// (handle:// on windows) plugin
• Support self:// plugin for Solaris and Haiku OS
• Fix regression while loading large files (>2GB) on 32bit systems

lang

• Fix C/Cpipe when non standard library paths are used
• Implement RLang.spp for templated scripting
• Move #!v out of core (it’s now available via r2pm)
• Fix usage of #!python, #rust, and #cpipe
• Do not include C/cpipe RLangPlugins on windows

magic

• Add Android boot image signature

socket

• Fix socket connect with SSL

More…

Download

Tutorial

Copyright (C) 2013 radare 

Source: https://github.com/radare/