radare2 commands
command Args
-d - start in debug mode
-A - Auto aaa
-a arm -m 0x0800C000 -b 16
-m [addr] - map file at given address (loadaddr)
-i load script
Radare2 - aldeid
Project Managment
P - list projects
Ps <filename> - Save to filename
shell commands
aaa - analyse all
afl - command (Analyze Functions List).
s <function> - seek to function or any memory address
axt @@ str.* - find usage of strings
ood - Open binary in debugger
?[??][expr] - Help or evaluate math expression
s..[addr] - seek to lower part of address
Set parameters
e var=? will list possible options
e asm.arch - ASM achitecture arm
e asm.bits - Processor bits 8.16.32.64 etc
Change Data Type
Cs [len] - set current address and length to string
Cd [len] - set current address and length to data
C- [len] - set current address and length to code
Cf [len] - set current address and length to struct
Comments
CC - Add comment at current location
CC- - Remove Comment
CCu <comments> @ <Address> - Add comments a specified address
change data type (Hint)
ahi s - set specific offset as string
ahi s @0x080485a3 set single address to string
ahi s @@=0x080485a3 0x080485ad 0x080485b7 - sets multiple memory addresses strings @@ is an integrator place holder
rename function
s fcn.00401510
afn better_nameOr by using
afn better_name fcn.00401510
afn better_name 0x00401510
afn better_name @fcn.00401510
afn better_name @0x00401510
variables
afvn [identifier] [new_name]
afvt [name] [new_type] change type for given argument/local
afvd print local variables (debug mode)
pdf - print disassemble function
ps - print string, EX: ps @ 0x02ee
@is a temporary seek
pdc- print C pseudo code
flags
fs - To list the flag spaces
fs <flagspace>; f - show specific flag space
searching
pd 0xdff ~0xc6
rabin2 - binary info
i? - Commands related to rabin2, information about the binary
iz – List strings in data sections
izz – Search for Strings in the whole binary
Visual mode
V - visual mode from r2 or switch to Graph in Visual Mode
j / k - move forward or back
p / P - switch between visual modes
<enter> - jump / call to go to location
:<r2 command> - run radare2 command in visual mode
;[-]comment - add or [-] remove comment
Visual Graph
VV - visual graph
:<r2 command> - run radare2 command in visual mode
v - visual code review
p / P - switch between visual graphs
R - change colors
;[-]comment - add or [-] remove comment
? - show commands
TAB - Jump to next function
t - Jump to true branch
f - Jump to false branch
Misc
/V4 0x40000000 0x4000f000 find perperal between those address ranges
~ - Grep
? - at end count of hits on search
$$ - current offeset
/v - find dwords
/r - find refs
radare2/intro.md at master · radare/radare2 · GitHub
A journey into Radare 2 – Part 1: Simple crackme – Megabeets
A journey into Radare 2 – Part 2: Exploitation – Megabeets
Reverse Engineering With Radare2 – Intro – Insinuator.net
Reverse Engineering With Radare2 – Part 2 – Insinuator.net
Reverse Engineering With Radare2 – Part 3 – Insinuator.net
Radare2 cheat Sheet - { Anas Aboureada }