blob: 7c30b896626b2ba981e882d789eab4a58c869177 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
r2 command cheatsheet
https://github.com/radareorg/radare2
https://book.rada.re
#Install
git clone https://github.com/radareorg/radare2.git
./sys/install.sh
#Uninstall
sudo make uninstall
sudo make purge
#Run Command From Shell Without Opening r2 Prompt
r2 -q -c "<r2 command>" <target>
#Generic
? <expr> expression evaluation/conversions
!<command> run shell command from inside r2
s <addr> seek to address
#Useful Operators
<command1>;<command2> do command2 after command1
"<command>" don't parse r2 operators in the command
<command> `<inner command>` run inner command and use its output in outer command
<command> ~<word> grep output of command for lines matching word
<command> @ <address> temporarily seek to address and run command
<command> @@ <flag>* run command on every flag matching flag*
<command> @@f run command on all functions
<command> @@f:<func> run command on all functions matching name
<command> @@s:<from> <to> <step> run command on each offset from->to incrementing by step
#Info and Analysis
i print file info (including binary info; e.g. rabin -I or checksec)
ia print binary info, imported symbols, and exported symbols
il print linked libraries
iS print sections (with permissions)
is print symbols
ic print classes
afl print functions
ie print entry points
iM print main's address
iz print strings in data section
izz print strings in whole binary
aaa analyze all
fs list flagspaces
fs <flagspace> set current flagspace
f print current flagspace
axt [<addr>] show references to this address
axf [<addr>] show references from this address
#Searching
/ <string> search for string
/i <string> case-insensitive search for string
/e /<string>/<options> regex search for string
/R <opcodes> search for opcodes
/R/ <opcodes> regex search for opcodes
/v <value> search for value
/V <min> <max> search for value in range
/x <hex> search for hex string
#Print Address Contents
pdf print function disassembled
pdc print function in c-like pseudo-code
pv print value
px print hexdump
ps print string
psz print zero-terminated string
#Tracking Things
afn <func> [<addr>] rename function at address
afvn <arg> [<old_name>] rename variable or function argument
#Visual Mode
V enter visual mode
VV enter visual graph mode
: open r2 cli
p next screen
P previous screen
g <address> seek to address
[tag next to call] seek to tag (in visual mode)
o[tag next to call] seek to tag (in visual graph mode)
x xrefs to
X xrefs from
m<key> mark offset (in visual mode)
'<key> seek to marked offset (in visual mode)
u undo seek
U redo seek
|