Radare2 Cheatsheet

radare2 commands

command Args

-d - start in debug mode
-A - Auto aaa
-a arm -m 0x0800C000 -b 16
-m [addr] - map file at given address (loadaddr)
-i load script
Radare2 - aldeid

Project Managment

P - list projects
Ps <filename> - Save to filename

shell commands

aaa - analyse all
afl - command (Analyze Functions List).
s <function> - seek to function or any memory address
axt @@ str.* - find usage of strings
ood - Open binary in debugger
?[??][expr] - Help or evaluate math expression
s..[addr] - seek to lower part of address

Set parameters

e var=? will list possible options
e asm.arch - ASM achitecture arm
e asm.bits - Processor bits 8.16.32.64 etc

Change Data Type

Cs [len] - set current address and length to string
Cd [len] - set current address and length to data
C- [len] - set current address and length to code
Cf [len] - set current address and length to struct

Comments

CC - Add comment at current location
CC- - Remove Comment
CCu <comments> @ <Address> - Add comments a specified address

change data type (Hint)

ahi s - set specific offset as string
ahi s @0x080485a3 set single address to string
ahi s @@=0x080485a3 0x080485ad 0x080485b7 - sets multiple memory addresses strings @@ is an integrator place holder

rename function

s fcn.00401510
afn better_name

Or by using
afn better_name fcn.00401510
afn better_name 0x00401510
afn better_name @fcn.00401510
afn better_name @0x00401510

variables

afvn [identifier] [new_name]
afvt [name] [new_type] change type for given argument/local
afvd print local variables (debug mode)

Print

pdf - print disassemble function
ps - print string, EX: ps @ 0x02ee

  • @ is a temporary seek
    pdc - print C pseudo code

flags

fs - To list the flag spaces
fs <flagspace>; f - show specific flag space

searching

pd 0xdff ~0xc6

rabin2 - binary info

i? - Commands related to rabin2, information about the binary
iz – List strings in data sections
izz – Search for Strings in the whole binary

Visual mode

V - visual mode from r2 or switch to Graph in Visual Mode
j / k - move forward or back
p / P - switch between visual modes
<enter> - jump / call to go to location
:<r2 command> - run radare2 command in visual mode
;[-]comment - add or [-] remove comment

Visual Graph

VV - visual graph
:<r2 command> - run radare2 command in visual mode
v - visual code review
p / P - switch between visual graphs
R - change colors
;[-]comment - add or [-] remove comment
? - show commands
TAB - Jump to next function
t - Jump to true branch
f - Jump to false branch

Misc

/V4 0x40000000 0x4000f000 find perperal between those address ranges
~ - Grep
? - at end count of hits on search
$$ - current offeset
/v - find dwords
/r - find refs

radare2/intro.md at master · radare/radare2 · GitHub

A journey into Radare 2 – Part 1: Simple crackme – Megabeets
A journey into Radare 2 – Part 2: Exploitation – Megabeets

Reverse Engineering With Radare2 – Intro – Insinuator.net
Reverse Engineering With Radare2 – Part 2 – Insinuator.net
Reverse Engineering With Radare2 – Part 3 – Insinuator.net
Radare2 cheat Sheet - { Anas Aboureada }