radare2 commands
command Args
-d – start in debug mode
-A – Auto aaa
-a arm -m 0x0800C000 -b 16
-m [addr] – map file at given address (loadaddr)
-i load script
Radare2 – aldeid
Project Managment
P – list projects
Ps <filename> – Save to filename
shell commands
aaa – analyse all
afl – command (Analyze Functions List).
s <function> – seek to function or any memory address
axt @@ str.* – find usage of strings
ood – Open binary in debugger
?[??][expr] – Help or evaluate math expression
s..[addr] – seek to lower part of address
Set parameters
e var=? will list possible options
e asm.arch – ASM achitecture arm
e asm.bits – Processor bits 8.16.32.64 etc
Change Data Type
Cs [len] – set current address and length to string
Cd [len] – set current address and length to data
C- [len] – set current address and length to code
Cf [len] – set current address and length to struct
Comments
CC – Add comment at current location
CC- – Remove Comment
CCu <comments> @ <Address> – Add comments a specified address
change data type (Hint)
ahi s – set specific offset as string
ahi s @0x080485a3 set single address to string
ahi s @@=0x080485a3 0x080485ad 0x080485b7 – sets multiple memory addresses strings @@ is an integrator place holder
rename function
s fcn.00401510
afn better_nameOr by using
afn better_name fcn.00401510
afn better_name 0x00401510
afn better_name @fcn.00401510
afn better_name @0x00401510
variables
afvn [identifier] [new_name]
afvt [name] [new_type] change type for given argument/local
afvd print local variables (debug mode)
pdf – print disassemble function
ps – print string, EX: ps @ 0x02ee
@is a temporary seek
pdc– print C pseudo code
flags
fs – To list the flag spaces
fs <flagspace>; f – show specific flag space
searching
pd 0xdff ~0xc6
rabin2 – binary info
i? – Commands related to rabin2, information about the binary
iz – List strings in data sections
izz – Search for Strings in the whole binary
Visual mode
V – visual mode from r2 or switch to Graph in Visual Mode
j / k – move forward or back
p / P – switch between visual modes
<enter> – jump / call to go to location
:<r2 command> – run radare2 command in visual mode
;[-]comment – add or [-] remove comment
Visual Graph
VV – visual graph
:<r2 command> – run radare2 command in visual mode
v – visual code review
p / P – switch between visual graphs
R – change colors
;[-]comment – add or [-] remove comment
? – show commands
TAB – Jump to next function
t – Jump to true branch
f – Jump to false branch
Misc
/V4 0x40000000 0x4000f000 find perperal between those address ranges
~ – Grep
? – at end count of hits on search
$$ – current offeset
/v – find dwords
/r – find refs
radare2/intro.md at master · radare/radare2 · GitHub
A journey into Radare 2 – Part 1: Simple crackme – Megabeets
A journey into Radare 2 – Part 2: Exploitation – Megabeets
Reverse Engineering With Radare2 – Intro – Insinuator.net
Reverse Engineering With Radare2 – Part 2 – Insinuator.net
Reverse Engineering With Radare2 – Part 3 – Insinuator.net
Radare2 cheat Sheet – { Anas Aboureada }