Radare2 - An Introduction by Anto Joseph
-
Upload
anto-joseph -
Category
Software
-
view
611 -
download
0
Transcript of Radare2 - An Introduction by Anto Joseph
![Page 1: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/1.jpg)
radare2 @antojosep007
![Page 2: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/2.jpg)
@whoami
Ê Anto Joseph C J
Ê Security Engineer @ Citrix
Ê Speaker / Trainer @ NullCon , GroundZero,C0C0n , X0rConf…
Ê Primary Interests in Android / IOS , IOT and a little bit of everything
Ê Twitter : @antojosep007
![Page 3: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/3.jpg)
![Page 4: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/4.jpg)
Ê radare is a reverse engineering framework
Ê Lots of cli tools to work with binary files and understand the way they work.
Ê supports analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers and so on.
source (http://radare.org/r/)
radare2
![Page 5: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/5.jpg)
Use Cases
Ê Disassemble (and assemble for) many different architectures
Ê Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
Ê Perform forensics on file systems and data carving
Ê Be scripted in Python, Javascript, Go and more
Ê Support collaborative analysis using the embedded webserver
Ê Visualize data structures of several file types
Ê Patch programs to uncover new features or fix vulnerabilities
Ê Use powerful analysis capabilities to speed up reversing
Ê Aid in software exploitation ( source : http://radare.org/r/ )
![Page 6: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/6.jpg)
Support
Ê radare2 supports:
Ê Architectures 6502, 8051, arm, arc, avr, bf, tms320 (c54x, c55x, c55+), gameboy csr, dcpu16, dalvik, i8080, mips, m68k, mips, msil, snes, nios II, sh, sparc, rar, powerpc, i386, x86-‐64, H8/300, malbolge, T8200, LH5801
Ê File formats bios, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-‐64, MZ, PE, PE+, TE, COFF, plan9, bios, dyldcache, Gameboy and Nintendo DS ROMs
Ê Operating systems Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS
Ê Bindings Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAML and more
![Page 7: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/7.jpg)
Installation
Ê $ git clone https://github.com/radare/radare2.git
Ê $ cd radare2
Ê $ sudo sys/install.sh
![Page 8: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/8.jpg)
Basic Usage : rabin2 – I ELF_NAME
![Page 9: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/9.jpg)
SECTIONS : Rabin2 –S ELF_NAME
![Page 10: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/10.jpg)
Basic Analysis
Ê “? “ is your friend , useful for understanding commands
Ê Radare2 ELF_NAME
Ê AAA : Full Analysis
Ê V : Enter Graphical Mode
Ê n : Seek b/w Sections
Ê Get to Main and Use V again to see the data flow
![Page 11: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/11.jpg)
Basic Commands
Ê pdf @ main : prints the dis-‐assembled function, which is the main function in this case
Ê x 10 : prints the first 10 bytes of memory from the current offset
Ê s ( 0x0ffset) : seeks to the specified offset
Ê ? 0x34 ^ 0x34 : does xor within radare2 and prints output in different formats
Ê 117 ^ 0x34 : does base conversion and then does xor
![Page 12: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/12.jpg)
Demo Time : 3 little crackme
Ê First 2 crackme’s from ripsec ( http://security.cs.rpi.edu/courses/binexp-‐spring2015/ )
Ê 3rd challenge : EasyELF from (http://reversing.kr/download.php?n=11)
Ê Start from strings or Main Function
Ê Analyze where the input goes to
Ê Locate the FLAG in memory
Ê Identify the Logic
Ê Enter your FLAG J
![Page 13: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/13.jpg)
DEMO TIME
![Page 14: Radare2 - An Introduction by Anto Joseph](https://reader030.fdocuments.net/reader030/viewer/2022020410/58887bb81a28ab34788b654d/html5/thumbnails/14.jpg)
Thanks !
Ê References :
Ê Radare2 Book
Ê Radare2 Website has some documentation and Videos linked