Installing radare2 from docker hub:
https://hub.docker.com/r/radare/radare2/
docker pull radare/radare2
Next is to start the docker container:
docker run -it radare/radare2
And copy the "resident" binary from host into container (container id is 1288):
docker cp resident 1288:/tmp
And now analysing the "resident" binary inside the docker container:
Starting from main analysis (VV):
(Enter "q" after "VV", hexdump of binary):
(showing sections: iS)
(showing functions: afl)
(showing basic blocks: pdb)
(showing main entry point: ie)
(showing imports: ii)
Looking for other command:
https://www.g0jirasan.com/2017/08/radare2-cheat-sheet.html
https://twitter.com/binitamshah/status/535968768371859457
https://eforensicsmag.com/reverse_engi_cheatsheet/
And this:
https://gist.github.com/williballenthin/6857590dab3e2a6559d7
https://scoding.de/uploads/r2_cs.pdf
http://b404.xyz/sources/r2-cheatsheet.pdf
My steps for analysis:
load without any analysis (file header at offset 0x0): r2 -n /path/to/file
- analyze all:
aa
- show sections:
iS
- list functions:
afl
- list imports:
ii
- list entrypoints:
ie
- seek to function:
s sym.main
- show basic block disassembly:
pdb
- show function disassembly:
pdf
- show function arguments:
afa
- show function variables:
afv
- rename function variable:
afvn
- set function variable type:
afvt
- add/analyze function:
af
- enter graph modes:
VV
- cycle types of graphs:
- forward:
p
- backwards:
P
- forward:
You must be logged in to post a comment.