Installing radare2 from docker hub:
https://hub.docker.com/r/radare/radare2/
docker pull radare/radare2
Next is to start the docker container:
docker run -it radare/radare2
And copy the "resident" binary from host into container (container id is 1288):
docker cp resident 1288:/tmp
And now analysing the "resident" binary inside the docker container:
Starting from main analysis (VV):
-
- image12
-
- image16
(Enter "q" after "VV", hexdump of binary):
(showing sections: iS)
(showing functions: afl)
(showing basic blocks: pdb)
(showing main entry point: ie)
(showing imports: ii)
Looking for other command:
https://www.g0jirasan.com/2017/08/radare2-cheat-sheet.html
https://twitter.com/binitamshah/status/535968768371859457
https://eforensicsmag.com/reverse_engi_cheatsheet/
And this:
https://gist.github.com/williballenthin/6857590dab3e2a6559d7
https://scoding.de/uploads/r2_cs.pdf
http://b404.xyz/sources/r2-cheatsheet.pdf
My steps for analysis:
load without any analysis (file header at offset 0x0): r2 -n /path/to/file
- analyze all:
aa - show sections:
iS - list functions:
afl - list imports:
ii - list entrypoints:
ie - seek to function:
s sym.main - show basic block disassembly:
pdb - show function disassembly:
pdf - show function arguments:
afa - show function variables:
afv - rename function variable:
afvn - set function variable type:
afvt - add/analyze function:
af
- enter graph modes:
VV - cycle types of graphs:
- forward:
p - backwards:
P
- forward:
My Technical Blog 
You must be logged in to post a comment.