r2 command cheatsheet https://github.com/radareorg/radare2 https://book.rada.re #Install git clone https://github.com/radareorg/radare2.git sudo ./sys/install.sh #Uninstall sudo make uninstall sudo make purge #Run Command From Shell Without Opening r2 Prompt r2 -q -c "" #Generic ? expression evaluation/conversions ! run shell command from inside r2 s seek to address #Useful Operators ; do command2 after command1 "" don't parse r2 operators in the command `` run inner command and use its output in outer command ~ grep output of command for lines matching word @
temporarily seek to address and run command @@ * run command on every flag matching flag* @@f run command on all functions @@f: run command on all functions matching name @@s: run command on each offset from->to incrementing by step #Info and Analysis i print file info (including binary info; e.g. rabin -I or checksec) ia print binary info, imported symbols, and exported symbols il print linked libraries iS print sections (with permissions) is print symbols ic print classes afl print functions ie print entry points iM print main's address iz print strings in data section izz print strings in whole binary aaa analyze all fs list flagspaces fs set current flagspace f print current flagspace axt [] show references to this address axf [] show references from this address #Searching / search for string /i case-insensitive search for string /e // regex search for string /R search for opcodes /R/ regex search for opcodes /v search for value /V search for value in range /x search for hex string #Print Address Contents pdf print function disassembled pdc print function in c-like pseudo-code pv print value px print hexdump ps print string psz print zero-terminated string #Tracking Things afn [] rename function at address afvn [] rename variable or function argument #Visual Mode V enter visual mode VV enter visual graph mode : open r2 cli p next screen P previous screen g
seek to address [tag next to call] seek to tag (in visual mode) o[tag next to call] seek to tag (in visual graph mode) x xrefs to X xrefs from m mark offset (in visual mode) ' seek to marked offset (in visual mode) u undo seek U redo seek