CODENAME "SANDYCREAM"

http://www.radare.org/

date: 2013-11-11

In numbers!

• 1 man
• 8 months
• 18 contributors
• 215 tests
• 603 commits
• 33272 more lines of code

Looks better!

• r2 now supports UTF-8, RGB and TrueColor ansi codes
• Color palettes and themes
• Use ^x^e to edit the current prompt line using $EDITOR
• Configuration files follow XDG Freedesktop paths
• Tweaked disasm to make it more readable

See e??scr. for more information about the screen options.

More platforms!

• ARM aarch64
• TI c55x+
• 8051
• Javascript (emscripten)
• ARCcompact

Several enhacements to ARM, ARC, X86, Dalvik, Java (including v7) and Brainfuck assembler/disassemblers. Also, the embedded udis86/GNU based disassemblers have been updated from git.

You can now compile r2 for Haiku and Emscripten!

Binaries

ASLR is now supported by using the -B flag which specifies the hardcoded base address when loading a PIE binary.

• MACH0 XNU kernels are now properly loaded
• Added support for TE binaries
• Identify some PC BIOS and UEFI ROMs
• Java Class file parser has been rewritten to support Java7
• Reloc information is now fully parsed and import addresses are stored in symbol listing to keep coherence.

Import PLT addresses are no longer listed with rabin2 -i. For consistence: imports are ordinals and PLT entries are listed as symbols.

Define structs and enums using plain C

A reduced fork of libtcc is now included to parse C include files. At the moment only structs and enums are handled, but it is planned to support function signatures and conditional struct definitions in the future. Nested structures are supported.

[0x8048000]> "td struct Foo { int a; int b; }"

See 't?' for more help. But in short, you will be able to load .h files into sdb databases to define metadata for the disassembler.

Bindings

Following the release of Valabind 0.7.4, we are now able to provide the following changelog:

• Python ctypes support
• Test and install Java JNI bindings
• Untested D language bindings

I have added more scripting examples like a simple debugger.

UNIX shell right there

Commands like 'clear', 'ls', 'cat', cd', 'pwd' are now supported. No need to escape to the shell with '!' for them. Bear in mind that cfg.sandbox can be enabled to restrict access to filesystem, execution or sockets.

Those commands can be piped to system programs using the '|' like in a posix shell. The command line prompt is now better by supporting utf8 and handled new keybindings.

If in visual mode you place the cursor on top of a 'call' instruction that refers to an import and press '?' key you will read the associated manpage. Like 'K' key in vim.

Debugger

You don't need to specify the path to the debugged program any more. It walks the $PATH or takes ./ if found. This is a way to make windows and unix process launching consistent.

You can run the visual debugger by using the following flags:

$ r2 -cVpp -d ls

Signals can now be captured, and passed to the target process.

Now you can properly debug 32bit binaries on Linux x86-64.

SDB Everywhere

SDB is a simple key-value database that supports on-disk hashtable, arrays, json, CAS and easy string serialization for data structures.

From now on we are going to use SDB more and more inside r2 in order to speed up queries, simplify code maintainance and unify data as text with easy serialization methods.

This is the first release that comes with sdb.

Web UI

An embedded webserver have been included, and you can invoke it using the =h' or '=H' commands. To make it public just-e http.public=true`.

$ r2 -c=H /bin/ls

Improved JSON output for many commands. Just append 'j' to the command and it will use that format. From bindings you can call r_core_cmd_str() to retrieve the resulting string and parse it.

AJAX.get ("/cmd/isj", function (data) {
   var symbols = JSON.parse (data);
   ...
}

The r2agent is a new program that acts as a remote web interface for launching r2 sessions and interact with them using the webui.

Test everything!

This is the first release of r2 that makes an extensive use of the test suite in order to ensure no regressions appear while developing new features or fixing bugs. This is an important point from now on, so we will be able to cover r2 features, supported instruction set, etc. as much as possible.

We encourage all users to write test cases for every bug they report. Type 'make tests' to retrieve the testsuite from git, but this is only suposed to be used when developing. Stable versions are only for packagers. If you want to report a bug, first test it against the code in git.

The build farm runs the whole testsuite after every commit on the r2 or r2-regressions repos, this allows us to identify when and how every check was broken.

Thanks to a0rtega for his fuzzed binaries.

Annotated hexdumps

A new command 'pxa' have been added in order to provide support for annotated hexdumps.

Those hexdumps allows visual interaction and permits you to select range of bytes using the cursor mode, colorizing zones, adding comments, defining structs, etc.

This is still under development and we are open to new ideas and proposals to enhace this new interactive print mode.

More stable

Lot of bugs has been fixed, overflows, memory leaks, and many handcrafted binaries can now be loaded without the butthurt of segfaults, crashes or lack of info.

The farm allows us to get automatic builds for several platforms on every commit. And identify development issues earlier.

New contributors

I'm pretty impressed by the raise of interest on contributing to radare2 lately, This release would not be possible without the help of the following people:

• a0rtega
• capi_x
• chous
• cosarara
• dx
• earada
• eddyb
• jvoisin
• jjdredd
• Sirmy
• xtraeme
• xvilka

Author

• pancake

radare2 0.9.2

After about 10 months of development I'm proud to announce a new release of radare2. It has been delayed many times and I'm not happy about that, but stability requires some time. I'm happy to see new contributors and users interested on the project.

This document describes a compacted list of all the changes done from the previous release (0.9) and this one (0.9.2).

As always, if you want to use the r2 api from python, nodejs or others you need to install the r2-bindings package which depends on valabind and swig.

Big news for this release are an official Android package maintained by Pau Oliva (pof) and an embedded http-1.0 webserver which provides a simple way to implement an user interface.

Lot of bugs has been fixed and new CPUs are supported while code analysis gets better and is focused on x86-16,32,64, arm and mips.

Enjoy!

--pancake

Commit Authors

git log 0.9..HEAD | grep Author| sort -u

Main Developer

pancake [email protected]

Contributors

• Anton Kochkov - xvilka - build system
• earada [email protected] - bug fixes
• Eduard Burtescu - eddyb - nodejs bindings
• Pau Oliva [email protected] - android installer and apk
• Rodrigo Chiossi [email protected] - fix rasm2 -D infinite loop
• Roi Martin (@nibble_ds) [email protected] - code analysis x86 and arm
• Simon Ruderich - cfg.pager and random bugfixes
• rudi_s - test write cache, improve seek/undo, fix segfault in r_cons
• flux - add arm assembler patches to support barrel shift and fix bitwise ops
• Anton Bolotinksy - use absolute path for libraries in OSX linker
• vext01 - test suite and openbsd bug reporting
• l0gic - reporting bugs
• thuxnder - dalvik payload opcodes
• nics - requested support for dumping huge files with 'wt'
• w_levin patch fixing memory leaks
• ac1d3 - fixes in the build system

License

LGPLv3

Numbers

More than 300 commits

Time range

Date: Mon Oct 1 17:48:10 2012 +0200
Date: Tue Dec 6 03:03:50 2011 +0100

Web Server

• Added an embedded webserver that listens on 9090 port
  • r2 -c=H /bin/ls
• Use http. env vars to configure
• Implemented a basic web UI
• Autodetect osx, win, linux and android browsers

Binaries

• mach0
  • section perms are properly handled now
  • support mach0 files with multiple sections using the same name
  • Fix delta bug with fat mach-o
• Find main symbol on new platforms
• Fixed lot of bugs and vulnerabilities in the ELF parser
• Fix string parsing in rabin2 -z and more random fixes
• Add support for wide string dump in r_bin
• RBinSize implemented for elf, mach0 and plan9
• Dwarf info with null filenames are now supported
• Initial implementation of r_bin_size (rabin2 -Z)
• Initial support for Classes in RBin (java, dalvik, objc, c++..)
• Add 'id' command to show debug info
• Add r_bin/mz plugin (old EXE binaries)
• Add support for Java debug line information
• Fix parsing of ELF binaries generated by TCC

Debugger

• Add 'dbs' command to swap/toggle breakpoints
• r2 -b 32|64 selects sub-binary and debugger mode for osx and linux
• Assume -w when running r2 with -d
• dbt - backtrace accepts an argument to redefine ebp
• Fix backtrace for osx-x86-32
• regdiff colorizer fixes (dro works again)
• Fix dcr (continue until ret)

Assembler/Disassembler

• New CPUs supported:
  z80 : assembler + disassembler + basic code analysis
  m68k : disassembler + basic branch analysis
  dcpu16 : assembler + disassembler
  arc : disassembler and analysis of few branch instructions

Changes in current supported platforms

mips : rewritten code analysis and added pseudodisasm and debugger
arm : import and use arm.winedbg (arm and thumb) and disassembler
x86 : enhace x86olly disasm, add more instructions to the x86.nz assembler
dalvik : add android4.x new opcodes and payload ones. added pseudo disasm
avr : use standard disassembly syntax

• Fix rasm2 infinite loop for -D option.
• QNX/arm port (this is bb10 and playbook devices) (no debugger yet)
• Implemented 'pdr' recursive disassembler
• Add coprocessor move operators to arm.winedbg
• Added iOS/arm register profile for the native debugger
• Fixes in r_core_disassemble() Honor delta and r_asm_set_pc()
• Show breakpoints in disassembly

Print commands

• Compacted many commands like pw -> pxw
• Added yx command to show yank buffer in hexadecimal
• Fix pZ-pz help message and stuff
• Add python print buffer (pcp)
• Added 'pa' command to print assembled instructions
• Add 'pz' (print ascii until zero) command
• p6[de] Fix and use the base64 encoder/decoder
• Add 'pif' command. as in 'pdf' one resizes the blocksize
• Entropy bars with 'p='
• Add pf c for signed bytes

Commands

• Add ?ip to take input from ?I and select path to file
  • ?i stores the input into the yank buffer now
  • ?I accepts a file name as argument which is loaded as hud
  • ?k used as key=value temporal storage
• Add support for temporary block contents (from file, string or data)
• Renamed ?z to ?l
• Added dummy 7bit<->8bit char encoding
• Quoted strings can now be temporary seeked "x"@239
• Fix quoted commands parser
• Fix nested command repeaters
• Better parser of commands, macros, pipes and quotes
• Better error reporting when using unexisting flags or wrong syntax
• r2 -q flag now quits after processing -c or -i
• Add b+ and b- commands
• Grep
  • Implement RCons grep ~foo? as an alias for ~?foo

• pd|!grep eax~ebx now works

  • Add ^ and $ in cons grep expressions
  • Implement ~& attribute to match all words
  • Add ~?? to show help of grep
• Implement support for >- (pipe to editor)
• Allow to load multiple files with -i
• Support for quoted strings and backspaced spaces in macro arguments
• Added support for anonymous macros
• Add support for !! command to use r_cons
• Obey q! in scripts
• Use (* to list macros

Search

• e search.show = true # by default
• Implemented support for visual search and search.in=block
• Add visual search and enhace search output
• Added support for binmask searches
  • /x 123456 ffc0e3
• Add /x key:msk (':' separator)
• Fix search counter
• Add search.in=block
• Add support for nibble-level search keywords

Visual mode

• Added Visual diff mode (press 'D' in visual) (tab to swap columns)
  • Added 'cc' command to compare bytes with column hexdiff
  • Added diff.from and diff.to eval configuration variables
• Chop RLine buffer when > console columns
• Mark cursor in visual for pw and pq
• Do not prompt or clear screen when using V in batch mode
• New HUD input method for the visual mode ('_' key)
• Toggle breakpoints with 'b' in visual
• Visual keystrokes for dcu and dcr with cursor mode and sS
• Refactor some visual keybindings
  • fF in visual is now nN
  • nN in visual has been deprecated. Use > and <
• Rename Vw to Vi (write->insert)

IO

• Handle zip:// and apk:// uri in r_io
• Add 16bit x86 segment IO addressing mode XXXX:YYYY
• Add support for local networking in RSocket
• Added 'om' command to create, destroy and list IO maps
• Fix invalid write in r_io_cache_read().
• 'om' now works without size (file size)
• Add r2 -m to specify the load map address
• max blocksize is now configurable via io.maxblk
• Fix bug in r_core_read when io.va and sections used
• Fix o- segfault where r_io_desc_free called twice
• Lot of fixes and regressions tests for the io api
• Create file if not exist when -w is used
• Fix bugs in r_io_maps and io.va
• Fix 'ao N' command

Bindings

• Requires valabind 0.7.2
• Vala, Python and NodeJS are the official bindings
• LUA, Perl, ... are also supported with valabind->swig
• Updated all vapi bindings
• Added nodejs bindings
• Add r2irc.js example (nodejs r2 irc bot)
• Fix segfault in xtr_fatmach0 on small files

New features

• Added yesno dialog input method "?iy"
• Initial support for dwarf and java debug information
  • id command will show debug information of loaded binary
• Added new command ?y to get and set yank buffer contents to stdout
• Add --with-rpath to fix build on linux with !/usr
• Add support for multiple cons grep attributes
• rax2 -f -> floating point support

Fixes

• Fix ragg2 -d for one byte writes
• Fix memleaks, nullref and undef (clang-analyzer)
• Fix infinite loop in rasm2 -D

Updates

• Update sdb to 0.5, sdb is now public api
• use acr 0.9.1
• valabind 0.7.2

Enhacements

• r_num_math reimplemented with r_num_calc for proper parenthesis support
• added support for floating point calculations in r_num
• Handle ^Z in dietline
• Drop interactive mode when '>' is used
• r2 - is an alias for r2 malloc://512
• Improve startup times by using r_file_mmap instead of malloc+read
• rarun2 now supports connect/listen with r_socket
• Added BLOCK and BYTES in r_core_sysenv_begin()
• Fix parsing of commands with nested quotes
• r2 -e now evaluates before and after loading file
• ?p print error if VA is not
• ?k (keyvalue) command is now more usable. supports ``..` strings

Removed

• The gear bindings, they're obsolete.
• armthumb moved to radare2-extras. Replaced by arm.winedbg.
• Remove tests/ and use r2-regressions from vext01 github
• ranal2 is not installed anymore

Code Analysis

• Fix the ff25 x86-64 opcode analysis
• Add file.analyze eval config variable from radare1
• Fix analysis of 16 bit word opcodes on x86
• Better support for 16bit x86 code analysis
• Guess base arch anal.plugin when asm.arch is set
• Resolve address of jmp [(rip+)0xoffset] and call [(rip+)0xoffset] in r_anal
• Properly detect end of functions in visual
• Traps and unknown jumps are now end-of-block opcodes
• Show strings referenced by relative LEAs
• Fix code analysis blocksize issue
• afr and VtR to rename functions
• Removing a function now deletes all sub-functions-locs
• afl will list functions

Graphs

• Add 'agv' command to view graphs with cmd.graph
• Add demo graph view for www, add pad command remove a8
• Added htmlgraph.sh as a cmd.graph html5 graph backend
• Affected by scr.html (useful fo...

radare2 0.9.0

hg tag -r      1974 0.9
codename:      furoner
last commit:   Tue Dec 06 01:41:17 2011 +0100
oldest commit: Tue Nov 01 12:59:07 2011 +0100
commits:       115

Author and main developer:

email: pancake<nopcode.org>
twitter: http://twitter.com/trufae
github: http://github.com/radare

Thanks to:

• @santitox for the XOR shellcode encoder and big-gmp implemention
• Glyn Kennington's patch for the build system
• sre the Debian guy and betatester
• earada for discusing, testing, reporting and bugfixing lot of stuff
• vext01 for the OpenBSD bug reportz and packaging
• l0gic for the archlinux package and bugreporting
• Ender for bokken packaging and r2 feedback
• ash for bokken, bug reports and beers
• Nicolai Stange for the SPARCv9 (64bit) support
• Instruments, Dtrace, Valgrind, llvm-analyzer, OpenBSD
  • fixed memory leaks
  • reduced memory usage in 40%
  • optimized code analysis
  • null pointers and double frees
  • do not use alloca() anymore
  • change io.va only when needed
  • Fix two format string portability issues

Portability:

• Tested support for iOS, Windows, GNU/Hurd and GNU/kFreeBSD
• Use O_BINARY in all open() calls on Windows fixes IO
• Fix dup2 for w32

Binaries

• Various symbol resolution fixes in ELF
• Honor -o in rabin2 for dump section operation
• Add initial native support for fat binaries in r2
  • Select arch/bits with r2 -a and -b (old -b is now -B)
  • Kinda hacky, but works for osx-x86/32/64
  • Export offset information of fat bins
• add initial support for creating p9 binaries
• Add initial support for plan9 binaries
  • supports x86, arm, ppc, sparc, mips
• RBin suport new section_end flags

Filesystems

• Autodetect filesystem when mounting
• Fix signature of r_fs_name()

Bindings

• Updated bindings
• Fail build of bindings if somethings goes wrong
• Depends on valabind 0.6.4 that fixes some bugs on Python
• Added bindings for NodeJS
• Add accessors for RAnalFcn.{refs,xrefs,vars,bbs}

Visual mode

• Enhaced speed visual mode
  • Dot clear unless necessary (fix flickering)
  • Cursor is now hidden
• Add 'T' menu at visual mode to show comments and anal info
• Use x1, x2, x3... to seek between xrefs in visual mode
• S= now fits in 80 columns
• Fix P visual print rotation
• Show flag+delta on title

Assembler/disassembler

• Added assembly description API (ported from r1's rsc adict)
  • r_asm_describe(): Added api to get opcode descriptions using sdb
• Add support for SPARCv9 (64bits)
  • Disassembler and Code analysis (binutils-2.21.1)
• Use asm.size config variable to show size of opcodes
• Add new assembler directives
  • .int8 (alias of .byte)
  • .int16 (alias of .short)
  • .int32 and .int64
• Add -D flag to rasm2 (show hex and asm)

Debugger

• Execution traces are now stored as a graph
• Warn if file size != region size in dml
  • dmd and dml commands to dump/load debugger memory regions
  • Sd and Sl to dump/load debugger memory region from/to file
• Initial implementation of r_debug_map_protect()
  • Bind to dmp command
  • Only w32 + osx, needs more work

New commands

• Added dtc and dtg to draw execution call graphs
• Add /z command to search for strings
• Add /v2 /v4 /v8 and remove /q
• added 'afi' to show info of functions
• Add 'fl' command to get length of flag
• Use ?d to get description of opcode (uses asm.arch)
• Added 'pdi' command
  • Like 'pi', but showing offset and bytes
• Added 'pda' new commands
  • Disassemble code byte-per byte
  • Disobey instruction length
• afl is now less verbose
• Make 'fd' accept arguments
• Use "f name 1 off" instead of "f name @ off" in dr*
• Added 'g' command to use r_egg api from RCore

API changes

• Added r_core_file_reopen() // work in progress
• Added r_flag_get_at () to handle deltas
• New APIs in r_util
  • r_sys_run() for JIT execution
  • r_file_size()
  • r_cons_clear_line()
  • Add has_va in RBinInfo class for bindings
  • Added new api r_graph
• Added R_MEM_ALIGN()
• r_core_bin_info shows bin data from core
• rabin2 now depends on RCore as long as r_bin_info()

rasc2 deprecated

• rasc2 has been deprecated and reimplemented inside r_egg
  $ ragg2 -i x86.osx.binsh -b 64 -k osx -f mach064 -o a.out
• Added ragg2 and ragg2-cc
  • Shellcode compiler for linux-x86-32/64 and OSX-32 based on ${CC}
  • XOR encoder
• Padding data is now defined like a format string

New stuff:

• rax2 now supports hexpair <-> binary conversions (-s, -S)
• Added eval var descriptions (see e?? command)
• Add graph.font=Courier eval var to configure dot graph output
• Add support for byte patching in ragg2 (-d, -D, -w)

Search engine

• remove search.asmstr and use /a and /c
• Show progress info in search
• Rename /a to /r
• Fix search when io.va=true
  • Add search.in = file, section, raw

Changes:

• Add support for continuations in rapatch2 '+' char
• Add r2 -a arch -b bits
  • -b flag to specify blocksize is now -B
• rasc2 has been deprecated. ragg2 is the replacement
• Colorize trap instructions in bright red
• Handle int3 on x86 as a trap instruction instead of SWI

Build framework

• Magic files are distributed on Windows too
• Simplified makefiles to use absolute paths
• Add sys/static.sh
• Add install-rev.sh script to build old versions of r2

Bug fixes:

• 'oo' reopen command will
• Update file size information when requested
• Fix bug when redefining io sections
• Fix warning in R_MEM_ALIGN() macro
• Fix rabin2 -B baddr
• Fix overflow in r_cons
• Fix loading strings on a object file without io.va
• Fix for .ko and .o elf parsing
• Use UT64FMTx instead of %llx in various places (fix for w32)
• Fix AT&T x86 disassembler
• Fix negative blocksize and printidx issues in visual
• Many ugly hacks to enhace w32 console
• Various fixes in sys/
• Added dist-bin.sh and python-bindist.sh
  • Fixes paths and pkgnames
• Implement dtg (debug trace graph)
• Fix RIO seek undo with io.va