Radare: Open-source reverse engineering framework
Radare is an open-source UNIX-like reverse engineering framework and command-line toolset. It can be scripted, modified, and used for batch analysis.
“I started the project in 2006 when I was working as a forensic analyst, and I wrote a simple command-line hexadecimal editor to scan a hard drive looking for keywords and dump the results to disk to recover some files. Over time, the project evolved to meet my diverse requirements, serving as a debugger, a disassembler, and a platform for exploring various architectures. It proved invaluable during CTF (Capture the Flag) competitions, at work, and for personal reverse engineering projects,” Sergi Àlvarez, the creator of Radare, told Help Net Security.
Radare’s free software nature, permissive license, and ease of extension and integration with other tools make it ideal for various environments and needs. The capability to pull data or extend other software with its features opens up numerous possibilities.
With everything being pluggable and a key focus on portability, Radare can be used across various operating systems and architectures. This makes it ideal for forensics, reverse engineering, debugging, report generation, and exploiting or diffing.
Supported plugins
Using the r2pm tool, you can install many plugins and tools:
- esilsolve: The symbolic execution plugin, based on esil and z3
- iaito: The official Qt graphical interface
- keystone: Assembler instructions using the Keystone library
- r2ai: Run a Language Model in localhost with Llama inside r2!
- r2dec: A decompiler based on r2 written in JS, accessed with the `pdd` command
- r2diaphora: Diaphora’s binary diffing engine on top of radare2
- r2frida: The frida io plugin. Start r2 with `r2 frida://0` to use it
- r2ghidra: The standalone native ghidra decompiler accessible with `pdg`
- r2papi: High level api on top of r2pipe
- r2pipe: Script radare2 from any programming language
- r2poke: Integration with GNU/Poke for extended binary parsing capabilities
- goresym: Import GoReSym symbol as flags
- r2yara: Run Yara from r2 or use r2 primitives from Yara
- radius2: A fast symbolic execution engine based on boolector and esil
- r2sarif: import/extend/export SARIF documents
Future plans and download
Radare’s roadmap is primarily driven by the needs and requests from the community as well as their contributions. One of the main goals is to reduce the maintenance costs as much as possible, allowing for a focus on cleaning code, reducing memory usage, and improving performance without sacrificing any of the existing features.
“On a personal level, my plans include adding support for the latest technologies used in mobile applications, enhancing scripting capabilities, improving analysis quality and ship a native decompiler and keep improving the portability across different platforms. Helping the community and documentation to grow and contribute is essential for the future of the project, so I strongly encourage everyone to join the Discord or Telegram chats, submit pull requests (PRs), or share their questions and proposals, which will help move the project forward,” Àlvarez concluded.
Radare is available for free download on GitHub.
Must read:
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time