Release Notes

Version: 5.4.0
Previous: 5.3.1
Commits: 258
Contributors: 20

Highlights

• Add the vector35 arm64 for analysis, esil and disasm and r2 can be built without capstone
• Improved integration to use r2ghidra analysis and disassemble mainly tested for avr, v850 and arm64
• Fix emulation of several x86 and arm64 instructions, including an scripted way to import official arm64 instruction descriptions
• Bring back the cmd.pin to instrument the esil emulation when a specific address is hit
• Small steps towards Projects with improved management for version control
• Improved visual and panels with better interactions and fixed glitches

Shell

• 500 more commands are now listed in the recursive help command: ?*
• Backslash is now completely gone. Please use ':' or the original '=!' instead.
• Implement @@== foreach word iterator operator
• Add mwf command to write local files into remote targets
• wv1,2,4,8 accept many space-separated numbers now

Search

• New /c subcommands are now available for searching crypto stuff
• To find references to the UDS CAN table use /ru
• Find PGP and RSA encrypted keys in memory with /cg
• Search for common hashing and crypto constant tables in /ck
• Add /ab to find backward jumps (mostly loops) and handle ^C
• Initial implementation of spp, snp, /bp and /pp to find next/prev preludes

Analysis

• Improved VAX analysis, disassembly and analysis
• Esil function emulation is performed properly spotting many more xrefs and reduces falses positives.
• Default aa, aaa and aaaa analysis commands are now faster and produce better results
• Analysis plugins can be now used as a replacement for the asm ones only for disassembling. Next release will start removing unnecessary asm plugins, reducing compile times and build size.
• The new 'wan' command nops the partial instructions left, making binary patching much simpler
• Faster exit times for ^D, making interactions more fluent and reducing CI times
• Initial implementatil of ESIL macros and start reducing the instruction set
• Better x86.pseudo and varsub for strings

Debugger

• Signal handling is now displayed in human form and C with better stop reasons
• Use DRX APIs to handle breakpoint recoils only on x86-64

Signatures

• Support FLIRT v5 file format compression
• Fix bug in zaf creating zignspace
• Expand r_sign API and major refactor

New platforms:

The build system and CI packaging has been improved quite a lot, simplifying the release process and testing.

• serenityOS: unix based OS that looks like w95, with its own kernel, libraries and userland. Debugger support in r2 is not yet available for SerenityOS, but APIs are there, so it's just a matter of getting it
• Vinix: Kernel completely written in V, able to run bash, gcc or python, is now able to run r2!
• Vax/netbsd: after discovering SIMH, a Vax emulator, took me few minutes to run NetBSD and run r2 in there, no debugger support yet.
• WebAssembly is now build and published in the CI
• Tic80: For now it's just identifying and parsing the headers and placing the flags

Windows

• Building on windows is as easy as running: preconfigure, configure and make
• That will detect VS, Python, Git and setup the PATH and install Meson and Ninja for you.
• Resolve Windows APIs at runtime to fix build with mingw and improve backward compat

Authors

Alex Bender Apkunpacker Azox Davide Pizzolotto Dennis Goodlett Enshin Andrey Ilya Trukhanov László Vaskó Maijin Murphy Paul I RHL120 Royos90 Sylvain Pelissier aemmitt-ns gogo hot3eed lasek0 pancake pancake

Changes

anal

• Properly stringify the RAnalOP.type field
• Implement aaff command and improve aaf? help message
• • Extend afj command to handle all jump table parameter options
• Implement 'afs*' command to export function signature info in r2 commands
• Fix afsj, taking signature args instead of fcnargs in json
• Initial import of the arm64v35 disassembler and analysis plugins
• Optimize infinite loop on non-quantum computers
• Avoid assert on avr's null cmpreg test
• Finish the tolowering of anal.noNULL
• Fix aef and aaef to actually find xrefs at least

asm

• Fix #18813 - Cannot assemble cmp w26, 0 in arm64
• Fix #18876 - Check imm bounds for some instructions in the x86.nz assembler
• Add pushf/popf instructions to x86.nz
• Use RAnalBind in RAsm to reuse RAnalPlugins to disassemble
• Update ARM64 arm.sdb.txt opcode descriptions from documentation
• Update the VAX disassembler from binutils

assembler

• Fix #18872 - New command 'wan' to write and nop affected instructions

bin

• Fix #18783 - Support ELFs with phnum > 0xFFFF
• Allow RBinPlugins to use RBinFile at check()
• Initial support for the TIC-80 Fantasy Computer cartridges
• Replace SDB with HtPU in RBin.filter_name()
• Put archinfo.{minopsz,maxopsz,align} in the output of i
• Implement ELF relocs for VAX

build

• Add portability support for Vinix
• Add meson support for the anal.arm.v35 plugin
• Add preconfigure/configure/make batch scripts for Windows
• Initial import of ./preconfigure for packaging purposes
• Improve the macOS packaging scripts
• Import radare2-win-installer files into dist/windows
• Fix meson build and proper use of cgen
• Fix system() on arm64 macOS targets (#18877)
• Initial support for capstone-less compilations
• Build and publish the ZIP with the WASI bins
• Add initial support for building r2 on WASI

ci

• Version the artifacts

cons

• Dont check out of bounds last chars
• Honor faster ^D on interactive execution path
• Fix arrow handling after fixing mouse clicking glitches

core

• Honor bool in io.va, scr.interactive, scr.prompt and cfg.fortunes
• Optimize and improve r_name_filter calls
• Add &w command to wait and run for queued commands
• Implement &: for queue commands
• Implement @@== foreach word iterator operator

debug

• Fix the windows debugger and make it more stable
• Add tests for the improved signal handling messages
• Change the way wait events are handled in the unix-debug backend
• Add 'sigstr' to the 'di' output for verboser stop reasons
• Add RSignal.toHuman() and improve RDebugReason.toString()
• Use DRX APIs to handle breakpoint recoils only on x86-64

disasm

• Support arch.* namings for the parse plugins
• Better x86.pseudo and varsub for strings
• Fix r_str_ansi_len() causing unaligned 'unaligned' words
• Improve invalid address and string parameter issues in emu.str and pd comments
• Improve x86.parse for asm.pseudo

esil

• Fix emulation for AARCH64 ldr,str,stp,ldp instructions
• Fix #18860 - mul and imul for *dx operands and 64 bit widths
• Bring back pins to esil land
• Fix POPF POPFD POPFQ not increasing stack pointer
• Add wide and math instr esil for dalvik, pac esil for arm64
• Initial implementatil of ESIL macros

fs

• Add mwf command to write local files into remote targets

io

• io.plugin.lseek -> .seek for portability (wasi related) (#18840)

panels

• Add xX key descriptions in the help message

print

• Improve the pdc output to allow recompilation
• Initial implementation of the pdo esil2c output

projects

• Dont save projects when no project is used
• Exclude files of nested rvc repos from repo_files()
• Use r_sys_whoami as the author name for r_vc_commit
• rvc add r_vc_find_rp
• Rework r_vc_checkout and fix some mem leaks
• Rework the rvc_commit functions
• Take advantage of prj.vc.type and merge rvc & git
• Fix r_vc_commit and other functions
• Major rvc api refactor to use sdb

rvc

• Fix memory leak and infinite loop in r_vc_find_rp

search

• Implement /ck command to search for crypto constant tables
• Rename /cu UDS CAN table search to /ru command
• Add PGP search for signature and RSA encrypted private keys (#18961)
• Add /cg command to search for GPG artifacts
• Update tests and add /a[?]q for quiet-legacy mode
• Use pdi in /ad output
• Initial implementation of spp, snp, /bp and /pp to find next/prev preludes
• Add /ab to find backward jumps (mostly loops) and handle ^C

shell

• Autocomplete :. command
• wv1,2,4,8 accept many space-separated numbers now
• Remove other useless and incomplete treesitter leftovers and get +400 new commands in the recursive help
• Remove colons in "?" number conversion output
• Honor < and > comparison operators in RNumMath
• Use RNum.math in "?b" to make '?b 1<<1' work
• Add scr.hist.filter to toggle the filtered history up/down search
• Improved reverse-search in command history
• Faster ^D (leave r2 without freeing the core)
• Completely eliminate the deprecated backslash command
• Add some help and better parsing for the anal hints

signatures

• Add r_sign_metric_search to r_sign.h
• Fix bug in zaf creating zignspace
• Expand r_sign API
• • Use r_sign in rasign2
• Support FLIRT v5 file format compression

tools

• Rename rvc2 to ravc2 to follow the ra*2 pattern
• Add rasm2 -LL to list anal plugins loaded

vc

• Integrate rvc in projects and add a default commit message

visual

• Add context in visual xrefs
• Fix #18843 - Implement Vx[+-] to add/delete xrefs
• Fix glitches when clicking in the hud
• Fix asm.hint.imm keystrokes ignored
• Fix #18292 - Clarify the use of Vdn/Vdr and rename VdR to VdX
• Handle 'o' key for options in panels
• Initial implementation of ~.... for hudline prompt
• Add Vi+ Vi- keys for visual insert byte inc/dec
• Add Vi: keystroke to run commands on insert mode

windows

• Use dynamic api resolution on windows builds for better portability

• Assembling invalid arm64 instructions dont result in invalid representations
• Add http.basepath to support sub directory handling for proxying purposes
• Support instruction descriptions when using the r2ghidra disassembler plugin
• Fix issues and enable the garbage collector when running @vlang scripts
• Fix arm16 ldr post indexing esil expression
• Fix r2pipe regression caused by a change in RCons buffering when chaining multpile commands
• Support user defined REgg plugins
• CI: Fix macOS builds and build debian packages on ubuntu18 instead of ubuntu20
• Fix prj.vc issue on Windows
• Add support for armhf/armv7 musl builds as well
• Enable build on less capable systems disabling threads, pty and other platform functionalities separately
• Fix sorting issues on RList and foreach_prev

This release comes with a large list of bug fixes contained in 246 commits from the last 6 weeks thanks to 19 contributors. Kudos to everyone hanging out in the chats, testing, discussing, asking, helping and building up this community that makes r2 what it is. Hope all the users appreciate and enjoy this update as much as we did coding for it.

Greetings to: Alex Bender Anthoine Bourgeois condret David CARLIER Dennis Goodlett Giovanni Di Santi gogo2464 Jing Liu meme Michal Ambroz murphy pancake Rene Laemmert RHL120 Shadorain Siguza Simon Vareille StefanBruens Sylvain Pelissier

I could shout: aaaa is no longer breaking the debugged process! or Go scripting support!, but the list of changes and security bug fixes is quite large to summarize in just one line.

Some important bugs has been fixed in the build system, not just reflected in the README and the CI but also for both meson and acr, previous old installations of r2 no longer breaks the build. The rpath builds are now fixed for both acr and meson, this is required for r2env! also, and most important one, all the sdb databases are now precompiled in C and loaded at compile time instead of having to map disk files. This fixes the need to depend on side files installed in the system to make your static binary builds of r2 to work. This feature is now enabled by default and tested in the CI, but it can be also optionally disabled if you prefer the old behaviour which is more flexible. musl static builds are now officially supported and tested in the CI.

Friendly reminder that license documentation has been updated in doc/license.md and you can check at runtime all the licenses of the core and plugins used in your builds of r2 in case you need to care of such things.

Support for the S390 architecture and the z/OS architecture has been improved from RBin, RCharset and RAsm by adding support to extract ebcdic37 strings with rabin2 honoring cfg.charset and loading MVS OFF S/390 module objects, in addition, the latest S390 disassembler from GNU Binutils has been imported, which works side by side with the Capstone one.

Some important bugs has been fixed in the debugger. From infinite loops, fixed reg profile for arm64 debuggers, reseting the heap analysis on restart and other undefined behaviours that happened randomly on Linux and macOS. We greatly recommend you to update!

Multiline comments are better displayed on hexdumps and disasm, the order of flags and xrefs is now sorted to be more meaningful to the reader. The variable asm.sub.jmp is now working again. Other improvements with asm.meta=false for displaying data in the middle of code and better displaying of switch table comments. A new variable asm.hint.imm is now accessible from visual mode to pick immediates from instructions using hot keys. All those additions make visual and panels look even better!

The commandline have received some bold updates. The newshell parser has been removed from the codebase, which resulted in the following changes: improved commandline parser to fix all the tests working in newshell with the good-old-C-based parser, deprecate the backslash and single quote aliases for =! and promote the use of :. This is an important change for r2frida users!. The autocompletion tab is working again and has been extended to support more config var types. The whole refactoring end up with 30s less in CI builds and 512KB less sources.

New commands!

• afxm : x/y map of function xrefs
• wcf : write file contents + cache patches into given file
• aev : the visual esil debugger (same as VbE)
• aeis: initialize stack for given argc, argv, envp
• x/w : long standing issue improves gdb-like examine commands in r2
• ===stderr : allows to redirect r2's stderr thru the new r2pipe.side api
• px-- context hexdump command (like pd--)
• : this always-undefined command is now replacing \ and ' aliases

Command changes:

• px now honors cfg.charset in the ascii column
• pr : supports printing raw null bytes
• Mark ' and \ commands as deprecated. use :
• Implement @@@e and @@@E to iterate over entries and exports

The RBin library ships with some important security bug fixes, covering some public CVEs for corrupted PE, Python and MACHO files. Additionally a cache has been added to greatly speedup the loading of DWARF files and adding support for two new file formats (OFF for zOS/S390 and WAD (the DOOM map files).

From the analysis perspective this release comes with some important changes: capstone5 is now the default disassembler and analysis library for most common architectures. The anal.calls variable is now honored in aa, which results in better code coverage when performing automatic analysis. Running aaaa no longer breaks the debugged process! There's some little improvements in the type propagation analysis and the missing char** type is now included, which works in sync with the new aeis command to redefine the stack contents for a specific argc, argv, envp.

ESIL has deprecated the REPEAT keyword and extended the Thumb emulation by supporting the ldrd instruction, The arm64 assembler has been also improved a little bit warming engines for the r2wars. Non-intel users will also enjoy a more native experience along all the tools because.

A new IO plugin is available in default builds, the socket://, this plugin was implemented in r1.. but it never really reached r2 codebase until now! This plugin connects or listens to a tcp host:port and records a flag for every read operation that happens, writes are sent to the endpoint, this enables r2 to be used for protocol debugging, which can be easily scriptable with r2pipe for fuzzing or testing purposes. The old tcp plugin is now named tcp-slurp:// to avoid confussions.

Signature search, matching, storing and management has been improved, handling collisions of multiple metrics to better decide which match pick, bytes are now available as a metric for signature matching, diffing and comparison. This makes z/ run quiet faster and generate better results than before.

Better error messaging has been added in visual, panels as well in many commands like the infamous pf which use to spit confusing messages, now supports writing enums and bitfield values in mapped structs. Same goes for the pa command which now suggests pd in case the user mistypes it (as it seems to be from the feedback from users).

Summarized Highlights

• removed newshell improved oldshell
• switch to capstone5 and honor anal.calls for better code coverage and type propagation
• initial support for analyzing s390/zOS module objects
• \ and ' aliases are now deprecated. Use =! or : from now on.
• Improved ESIL with visual word level esil debugger for Thumb, arm64 and x86-64
• Import socket:// from r1 for tcp network protocol debugging
• Type information from the binary is now loaded by default
• Improved stability of analysis and debugger on linux-arm64
• Musl static bins with compiletime databases for better portability
• Custom charset supported to find strings and hexdump ascii column
• Disassembly listing improved for multiline comments and multiflag offsets

Changes

anal

• Improve aaaa log messages and avoid aaef to run in debugger mode
• Fix many zero cases in some jump table analysis
• Fix disasm alignment of data words in s390x disassembler plugins
• Fix s390.gnu disassembly and add test for 6 byte instructions
• • Better debug messages instead of r_warn in jmptbl analysis
• Better debug messages instead of r_warn in jmptbl analysis
• Use gperf on anal/d and improve build and checks
• Implement afxm command to show an call refs map
• Apply fix in sixref plugin to be in sync with the latest xref
• Type added: "char**" to SDB, ref #18633 (#18636)
• Fix boundary check in aao to parse more refs
• Fix 'Cannot find return type for' calling convention issues when saving a project (#18638)
• Fix 13482 - Remove anal.jmp.after variable (#18629)
• Improved type propagation analysis
• Fix #18323 - honor anal.calls in aa

asm

• Fix #18619 - Wrong assembly generated for: "add x0, x0, 1, lsl #12" (ARM64)
• Fix rasm2 -w in termux (honor R_SYS_ARCH)
• Fix rasm2 -w in termux (honor R_SYS_ARCH)
• Handle je and jne as aliases for jz and jnz in wao
• Rename sysz to s390 and add the s390.gnu plugin from binutils 2.36
• Update sdb and use of SdbGperf in asm.d
• Switch to Capstone5 as default

bin

• Dont trust the unaligned rich PEs
• Add initial toy IBM S390 Object File Format parser
• Fix #18724 - Use RCharset in rabin2 -z
• Always load bin types as pf. format strings
• Add WAD file parsing (#18659)
• Fix #18679 - UAF when parsing corrupted pyc files
• Fix #18667 - division by zero in the macho parser
• Speedup dwarf loading when no files are found in disk

build

• Fix #12335 - ignore system-installed r2 includes
• Add use_cgen meson option
• Add support for acr/musl-gcc static builds
• Improve the xxhash system library detection
• Make meson compatible with older versions (RHEL8 meson 0.49) (#18684)
• Fix --with-rpath and add CI tests (#18668)
• Collapse all opcode_*.c files into opcode_all.c

charset

• Implement IBM EBCDIC 0037 character encoding

cons

• Fix grep cmd with neg (#18763)

debug

• Add missing =SN and zf for the darwin-arm64 native debugger reg profile
• Fix infinite loop in r2 -c 'ood;ood' -
• Fix dmha output after ood (#18710)
• Fix cast issue in ptrace call, waitpid fix
• Show string version of the stop reason in di

diff

• Add byte signature diff zd

disasm

• Fix #18427 - Sort flags by [sections,formats][other][regs]
• Fix multiline comments in 'pd' with asm.cmt.right=0 and 1
• Avoid the use of sscanf, better parsing and error checking, handling negative switch cases
• Fix #16677 - Honor asm.sub.jmp in pd
• Fix #13200 - Honor anal hints in asm.meta=0
• Swap xref and flag comments as suggested in #18427
• Implement asm.hint.imm and integrate it in visual

emu

• Add arm16 ldrd esil tests
• Implement aeis to initialize argc, argv and envp for emulation

esil

• Fix emulation for ARM's ldrd
• Add 'aev' as an alias for VbE and improve esil debugger
• Fix #18736 - Eliminate REPEAT ESIL command, fix BSF/BSR x64 expressions

hash

• Fix #18727 - Support more hashes in ph

io

• Implement socket:// plugin, inspired by radare1
• Rename tcp:// to tcp-slurp:// and improve help message
• Add io.cache.nodup to not write the same bytes in the cache

lang

• Add GO rlang plugin (#18646)

p…

• Properly report error when trying to use an invalid pd subcommand

print

• Fix empty lines in hexdump with multiple comments in one line
• Support multiline comments in px
• Fix #18309 - Better error messages for the pf command
• Fix #18308 - Fix pf parsing issues and support write on enums and bitfields
• Add help messages for pde pdr pdp
• Implement 'px--' context hexdump command
• Remove assertion in pFA
• Fix #4903 - Handle 'w' in x/
• Improve error message in pa command
• Honor cfg.charset in px and support escaped encoding
• Support null bytes in r_print_raw
• Fix oob crash in 'pri' command

projects

• Fix #18641 prevent overwriting projects with Ps

r2pipe

• Add ===errmsg to support the new r2pipe side

search

• Fix rafind2 issue with small or negative blocksize
• Reset certificate search properly (#18664)

shell

• Fix autocompletion for 'e ' and handle cfg.charset=
• Fix #16674 - Kill ' and \ commands, use ':' for the only alias of =!
• Implement @@@e and @@@E to iterate over entries and exports
• Handle aliased files in wff and wtf commands
• Remove tree-sitter and the r2-shell-parser

signatures

• Consider collision
• Fix bug in graph matching
• Create function when z/ finds byte
• Add R_SIGN_BYTES to metric search (#18703)
• Support zignature collisions with the new zac command
• Fix bugs in mergeItem zignatures
• Refactor output and serialization of signatures
• Make z/ search sigs seen in z*
• Refactor signature matching
• Add byte signature diff zd

tools

• Add rafind2 -L to list IO plugins (same as r2 -L)

types

• Fix #16687 - Handle multiple colon separated paths in dir.types

util

• Add r_rbtree_cont_node_{first/last} (siol_eternal)
• Add size parameter to r_magic_load_buffer

visual

• Fix v;! in sync with V;!
• Check if target is writeable in Vc+-
• Add scr.optimize with experimental optimization ansi routine
• Better v!!!!!!! behaviour
• Add noflush guards to fix visual debugger mode

write

• Implement wcf command to patch file with cache changes into a new file

See 5.2.0 release notes for changes since 5.1.x

Bug Fixes:

• Fix all the high impact issues from coverity (non null terminated strings, oobreads, ub and uaf mainly)
• Fix loading symbols from nested elfs
• Fix i*j output on different environments
• Improved bindiffing and signature matching results
• Fix empty R2_GITTAP version string issue
• pdcj (json output of the internal decompiler) is now ready for consumtpion
• Fix build --with-openssl
• Fix regexp search issues

Performance:

• Optimize RCodeMeta API (about 10x faster decompilation in iaito)
• Linux debugger is now 35 times faster (aaaa now takes 6s instead of 4 minutes)
• Set anal.in=dbg.map on cfg.debug, speedups analysis

Improvements:

• Load binary header structs before generating the ih json output
• Extended ESIL support for more MMX instructions
• Rafind2 output similar to grep by default, better for scripting
• New color theme named bluy
• Updated to the last GNU disassembler with support for all the last MIPS asm.cpu
• oss-fuzz has been fixed and radare2-fuzz project created

Debugger improvements on Linux:

• Fixed debugger step on ubuntu-arm64
• Fix REGREAD errors on Linux debugger (not all kernels support that)
• Fix Alpine linux debugger attach issue

Release Notes

Version: 5.2.0
Previous: 5.1.1
Commits: 316
Contributors: 35

Alexandr Alexandr Alexis Ehret Alucowie Basstorm Dennis Goodlett Florian M"arkl Francesco Tamagni Khairul Azhar Kasmiran Lars Wrenger Murphy Pamplemousse Paul I RHL120 Reviakin Evgeny Roman Valls Guimera Sylvain Pelissier Taggggy condret el-goe gogo gogo2464 intruder-kat ivan tkachenko meme mio mrglm murphy pancake ramikg soroosh-chabi temp1337 valdaarhun wargio

• Use =RS 8 for avr
• Add =RS directive in reg profiles to define default value
• Fix jump table analysis issue for r2ghidra.v850 (#18550)
• Test for pcdelta ARM ldr fix
• Fix pcdelta for ARM esil LDR
• V850 jmptable fix, cmpval is almost always -1 and slows anal to a crawl (#18498)
• Add missing v850 calling convention definition file
• Remove unused type FcnTreeIter
• Fix oobread ppc plugin
• handleMidFlags: Reset ds->midflags on entry
• asm.flags.middle: Don't split bb instruction
• aae: Realign on fcn start if not in bb
• Fix duplicate vtable entries after 'aaa'
• af-*: Remove function flags too
• Fix cX command and minor cleanup
• Fix PSW register bits definition for v850
• Add support for jump tables on v850
• Fix #18284 (json command returning empty string)
• Cd1 Cd2, Cd4, Cd8 are aliases for Cd[1248]
• Fix SN register value for linux-arm64
• Improve reg profile parsing and error handling
• Detect shift for the first switch case
• • Fix gcc 9.2.0 kind of x86_64 jumptables
• New command: aaw, flag all words pointing to known flags

android

• Add r_file_binsh() and avoid hardcoding /bin/sh for Termux

api

• Remove some exit() calls in libr
• Rename r_cons_memcat to r_cons_write
• ABI/API break. RAnnotationCode->RCodeMeta
• Use more r_str_ncpy and improve it to not alloc beyond nullbyte
• Add r_vector_flush()
• Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
• Add r_anal_esil_{syscall/interrupt}_{get/del}

bin

• Parse the symbols from the ELF .gnu_debugdata section
• Support x86_64 and macOS dyld caches (#18570)
• Fix wrong demangling of tiff swab16 bit data
• Use r_bin_import_free() as cb for imports list (#893)
• Improve python disassembler and binary parser
• Fix large loading times when parsing encrypted/fuzzed macho
• Do not consider ELFs with .gnu_debugdata section as stripped
• Fix Mach-O related coverity issues
• Fix coverity issues in xnu kernelcache
• Fix ASAN crash when allocating more relocs than the filesize
• Fix long time analyzing oob objc data
• • Fix long time analyzing oob objc data
• Fix asan crash found in r2_hoobr_dex_loadcode
• Fix oobread bug in r_str_(ndup|nlen) APIs spotted by ASAN in SMD parser
• Fix UAF in rz_bin_reset_strings()
• Fix assert in iSj for invalid size sections
• Minor ELF cleanup, using more size_t and ut64.max instead of 0
• Add Support for new CoreSymbolication element format
• Unset io.cache when not needed after bin.cache
• Fix warning message when loading files with relocs

build

• Move shlr/tcc into libr/parse/c
• Fix meson build issues related to grub (#18554)
• Fix the failure in finding the executing user's ID during install (#18508)
• Add the nogpl meson option
• Fix version not being updated after running sys/termux.sh
• Update doc/license for more clarifications
• Add plugins=nogrub option for meson
• Improve sys/termux.sh checks
• Do not run sys/ldconfig on Android
• Add missing use_fork and use_dylink to meson
• Fix #18397 - Be less strict when running sys/install.sh as root
• Fix debian32 in CI
• Allow custom CFLAGS for Debian packaging
• Add meson -Dplugins=a,b,c to build only the specified plugins
• Fixes to make the r2blob shine again
• Add 32bit Debian packaging and bonus CI fixes
• Add use_ssl meson option to be in sync with acr behaviour

charset

• Implement ps, psz, psj and psj with charset support
• Support multi-byte input in charset
• Add more runes to pokered

ci

• Fix linux-static pub action

cmd

• Sync om and omj output

cons

• Fix Ctrl-J issue and remove redundant code in 'Ctrl-J' block
• Implement RConsPixel and RBraile APIs
• Fix #16254 - grep expression parse improvement
• Fix null derefs on RCons when no context is provided

core

• Fix #18412 - Add R2_IGNVER variable to load plugins ignoring the version
• Remove asm.bb (asm.bb.line -> asm.lines.bb, asm.bb.middle -> asm.bbmiddle)

crypto

• Update to use keys that can be programmed onto a CPS2

debug

• Implement drcq and show it in visual debug/emu
• Fix #18502 - dangling pointers issues in dbm
• Revert "dmi commands handle symbols, exports, main, entries too
• dmi commands handle symbols, exports, main, entries too
• Implement dmis command as an alias for .dmi*
• Workaround the dmi issue by using rabin2 in macOS for now
• Add dbg.maxsnapsize to avoid snapping huge maps

debug"

• Revert "dmi commands handle symbols, exports, main, entries too

decompiler

• Detect retdec decompiler (pdz) in cmd.pdc

diff

• Add abstract Levenshtein dist
• Abstract r_diff_levenshtein_path
• Add Levenshtiend path API to

disasm

• Honor asm.cpu for asm.arch=ppc.gnu
• Fix #18511 - Add dwarf info in pdj
• Add the m68k.gnu disassembler plugin
• Show overlapped flags if requested and show them differently (#706)
• Honor cfg.debug in asm.section using dmi.
• Improve asm.meta=false for 16, 32 and 64 words
• Fix #17761 - Do not trim the "ptr " when asm.syntax=masm
• Add pi+ and pi- commands as aliases for 'pi +' and 'pi -'
• Fix asm.lines.bb with asm.sections set

dwarf

• Implement CLj command and improve CL output

emu

• Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
• Add dummy interrupt and syscall handlers

esil

• Add r_anal_esil_{syscall/interrupt}_{get/del}
• Boolify all the ESIL callbacks
• Fix some asserts and nullderef spotted on arm64
• Esil plugin management APIs
• • Add r_anal_esil_{get/del}_op
• • Fix deactivating plugins on r_anal_esil_free
• • Add local getter for active esil plugins

fs

• Fix absolute paths and add r_return guards
• Fix fs.posix.cat and use r_sys_dir instead of reimplement (-48LOC)

graph

• Add support for highlighted edges in graphviz
• Add ageh command to let users define which node links should be highlighted

hash

• Implement ssdeep fuzzy hashing algorithm
• Fix name collision for SHA functions

io

• Close #18257 / Remove RIODescData
• Enable io-plugins to set bin.baddr on launch
• Fix comment
• Implement custom bit size cyclic memory layout and wrap flags in
• Rename r_io_map_get_for_fd to r_io_map_get_by_fd
• Rename r_io_map_resolve to r_io_map_get
• Rename r_io_map_get to r_io_map_get_at
• Implement slurp:// uri handler plugin
• Implement omd command, as a simplified version of om
• Fix infinite loop in r_io_map_next_available
• Fix #17049 - oa whithout filename specify, add oa test
• Add help message for winkd://? and improve desc

json

• iVj must print valid json, not empty output (#18571)
• Add json version output to r2 -vj
• rasm2 -L now shows an array of objects
• Fix #18284 (json command returning empty string)

lang

• Add #!*? command to show rlang plugin examples
• Add support to the V programming language for scripting

print

• Implement pFX command exemplifying the use of r_sys_unxz()
• Android Binary XML support (#18545)
• Improved pdc, added pdco and pdcj, print orphan nodes
• Fix alignment issues in RTable with utf8 fields

reg

• Fix null printf issue in arpi command

search

• Import @siguza's arm64 xref finder
• Show results after pressing ^C in /ad
• Fix /ad of multiple consecutive instructions

shell

• Fix proper hash comments & quotes mix (#18551)
• Implement whoami and uid commands
• rasm2 -Lj works the same way as -jL
• Add variable autocompletion class in !!!
• Add scr.loopnl to add a newline on all the @@ loops

test

• Add R2R_SKIP_ASM env var handling in r2r

tools

• Fix #18391 - Show help in r2pm even before initializing the db

util

• Add r_file_find to recursive list files and subdirectories into a list
• Rename dep in rbtree.c to depth
• Rename d, d2, d3 in rbtree.c to direction ...
• Optimize r_rbtree_cont_{first/last} #18485
• Implement r_rbtree_cont_node_prev (siol eternal)
• Implement r_rbtree_cont_last
• Fix endless loop in r_rbtree_cont_node_next
• Add unit test for r_rbtree_cont_node_next
• Fix segfaults in rbtree.c (parent backlink)
• Add r_rb_cont_tree_node_next (SIOL Eternal)
• Add backlink to parent in RBNode (SIOL Eternal)
• Add r_rb_cont_tree_find_node (SIOL Eternal)

visual

• Add agfb for braile graphs
• Revert "Fix memleaks in agraph by keeping a separated list of dummy nodes
• Fix memleaks in agraph by keeping a separated list of dummy nodes
• Initial implementation of graph edge highlighting

visual"

• Revert "Fix memleaks in agraph by keeping a separated list of dummy nodes

Associated releases:

• r2ghidra (decompiler plugin)
• iaito (Qt UI)
• radare2-extras (bonus plugins)
• radare2-bindings (python, node, ...)

See below for the changelogs:

Improved V850 Support

This release comes with several improvements for the V850 (in concret e2) cpu. The default disassembler is not really supporting many of the instructions of this architecture, but you can use r2ghidra as disassembler and analyzer which comes with a bunch of improvements for this architecture. Here's a list of the most relevant changes:

• Add support for cyclic memory layouts, this memory model is only supported in some rare architectures like s390, VAX, old ARMs and some V850. And this is not supported by any other static analysis tool (only by some closed source emulators from what @trufae could find).
• Implemented jump table analysis and pointer table size prediction, requires latest r2ghidra to work
• Add /cu command to find UDS dispatch tables and pointers for CAN BUS handling firmwares
• The new omd command makes creating memory layouts for embedded firmwares much easier, but at the end it's just a simplified version of om.
• Add slurp:// uri handler which does the same as oom to reload the given disk file into a malloc:// which is ideal for loading firmware dumps with ram contents for proper emulation.
• Fix PSW register bits definition for v850
• Added default calling convention for v850e2-gcc

ARM64/Apple support

• Android binary XML decoder available in the new pFa command (thanks @meme)
• Added support for the new CoreSymbolication file format (thanks @mrmacete )
• Support the latest dyldcaches from macOS/arm64 (thanks @meme)
• Add core plugin using @Siguza 's arm64xref search code which is 200x faster than /r with capstone
• Fixed large loading times and segfaults when loading some corrupted mach0 binaries
• Improved ARM32 LDR esil emulation which may fix some missing xrefs

Analysis

• New command: aaw, flag all words pointing to known flags
• Float/Double/LongDouble types supported in pf [fFG] and wv[fFG]
• Better handling errors when parsing invalid register profiles
• Add =RS directive to define the default register size.
• Assign pdc, pdd, pdg, pdz to their respective decompilers
• Honor all asm.cpu values for the powerpc GNU disassembler
• Added levenstein binary diffing path APIs
• Improve pdc pseudo-decompiler output (show orphaned bbs) + pdcj support
• Add support for new crypto keys on CPS2

Search

• Add brand new implementation of ssdeep (by @trufae) under the MIT license.
• Fix /ad command results are now correct and tested.
• New sixref command (see siguza's plugin in the arm64 section)

Shell

• Add lsr, whoami and uid commands
• Move the Vlang rlang plugin from -extras to core. it's now stable and ready to use.
• Add scr.loopnl to add a newline on all the @@ loops
• Improved dmi commands to load more symbols in debugger mode
• Fix #16254 - grep expression parse improvement ##cons
• Add freebsd-x86-32 support for sflib based shellcodes with ragg2

Binaries

• Added bin.cache as a high level value for io.cache
• Add support for loading symbols from .gnu_debugdata sections on ELF binaries
• Support latest dyldcache and coresymbolication files for macos-arm64 and ios
• Fixed segfaults and large loading times on 6502, PYC, DEX, MACHO, ELF, DWARF formats
• Dwarf information is now listed in the output of pdj and other CL listings

Visual

• Add support for highlighting edges in graphviz and ascii graphs
• Honor cfg.charset in w, ps, psz and psj (thanks @gogo2464 )
• Add minigraph support in visual (check graph.mini)
• Support multibyte input conversions in custom charset encodings
• Improved glob expression text filtering (thanks @as0ler )
• Implemented braile-art graph rendering (afbg)
• Show status register bits in visual debugger mode

Build

• Clarify license usage in target build for core modules and installed plugins (
• Fix static builds with meson
• Handle use_ssl, use_fork, use_dylib, nogrub, nogpl and custom plugin builds with meson
• Cleaned up slow tests and make CI run in GHA in 8min
• Import patches from Termux

This is a minor bug fix release after 5.1.0 was out. But as usual it comes with some new features! Contents are mainly bug fixes and behaviour and abi compat should be fine 5.0.0, this is, all the built packages for 5.1.x will work. Highlights:

New Stuff

UDS Search

The new /cu command search for UDS tables useful for reverse engineering ECU firmwares. The code has been taken from binbloom and integrated as all the other search commands in r2, so you can have json, quiet, and r2 commands outputs for it.

• Add /cu[qj*] and r_search_find_uds API

Color2g graph nodes

This feature has been there for more than 10 years, but barely tested or used, after a user request and some testing the afbc command to improve to support specifying the color by name or following the CSS syntax like its supported in the color themes.

In addition the @ key have been handled in the graph view to toggle graph.layout variable, so you can easily rotate between portrait and landscape modes.

Visual Gameboy 2bpp Pixmaps

You can now use the visual mode to search for 2bpp bitmaps usually embedded in Gameboy roms. This is part of the retro-r2 project which aims to improve the support for old game consoles

Encoding charsets

The custom charset encoding support have been extended over the w command to be able to encode an ascii string into pokered charset encoding and write it directly. The decoding support was already added in ps, and the integration and improvement of this feature will slowly come in next releases, as it fits into the retro-r2 plan and has been a long awaited feature by the rom hacking scene. Kudos @gogo2464 for that stuff!

Reverse Shell

Do you need to get access to a shell on a machine under nat or firewall? Try out the new =r command! it will take the host:port as argument and try to connect there to expose an r2 shell. This was implemented to get a shell in the GHA CI to debug an issue, but I guess this feature could have more uses :)

Other Improvements

Analysis

• Allow to analyze bigger functions by reducing the stackframe usage and using anal.depth better
• Reclassify some AVR instructions away from SWI

Assembler

With the aim in mind to cook gameboy roms with just rasm2, the assembler directives have been documented in the help message and manpage, the .fill one now works with only 1 parameter.

• Improve .fill and rasm2 -hh with documented directives
• Refactor and cleanup the z80 assembler

bin

• Faster mach0 and dyldcache parsers
• Fix iCj for mach0

build

• Fix a credentials downgrade problem in Install.sh
• Introduce w32 and w64 in the CI
• Add Windows ZIP in the CI (#18310)
• Assign radare2 binr target
• Support statically linking system OpenSSL
• Define PYC_ROOT and WASM_ROOT (#18290)

shell

• Add print, println, and placeholder for printf and printfln

Release Notes

• Version: 5.1.0 (2021-01-26)
• Previous: 5.0.0 (2020-12-21)
• Commits: 291
• CommitsFromRizin: 35
• TotalContributors: 45

I will try to be more verbose with the release notes this time, it could help everyone to understand better the changes that happen, project directions and new features, as well as be more entertaining, even readable by Siri.

As I'm writing these lines I know I will be missing something, so please, if you think this summary is missing any important details let us know and our apologize in advance!

This is the second release after the fork, we are still putting things in place and optimizing the development for what we had in mind. Probably many people expected a public statement about the events, but this post end up being used as a therapy and focused on spending the time for what it matters: have fun, move fast and code for what matters most for the users and contributors without losing time and nerves in personal conflicts or strict roadmaps, just fixing, improving and keep vibing the amazing community in r2land.

There are frequent back and forth pulls of changes from both projects (see sys/derizin.sh for more details), and future directions of both projects will probably differ enough to lower that pace. If you are curious about other side projects:

About r2ghidra, it was rebranded (previously named r2ghidra-dec), and has been updated with all the changes in rz-ghidra, but adds ACR build support (which works on FreeBSD), removes the need for bison and flex, See https://github.com/radareorg/r2ghidra for more details about the 5.1.0 release.

On r2cutter, the repository, project and icon has been renamed from Cutter to r2Cutter as well as updated the r2 dependency to the latest 5.1.0, but the CI hasnt been massaged yet
to do the release builds, so no release of r2cutter is planned until this issue gets fixed.

r2dec is still available and working, just remember to update your package database with r2pm update.

Alexander von Gluck IV Alexis Ehret Allen McIntosh Anton Kochkov Aswin C Briand Djoko Carson McManus ChD1 Dennis Goodlett Eduard Eduard MURESAN Fangrui Song Florian Maerkl Francesco Tamagni Fredrik Fornwall Giovanni GustavoLCR Kamil Rytarowski Khairul Azhar Kasmiran Liumeo Murphy Paul I Qijia Liu RHL120 Riccardo Schirone Riccardo Schirone Sahil Siddiq Sylvain Pelissier aemmitt-ns aemmitt-ns condret eagleoflqj gogo gogo2464 ivan tkachenko laohuai liumeo mrglm pancake pancake pancake ratijas wargio yossizap yossizap

Highlights

This release comes with a large list of bug fixes, many of them you may probably not even noticed, but some of them are important for users and packagers, it has been
tested on a large list of platforms, not just in the CI, but also in sparc, mips, powerpc and other funky hardware (Thanks @unixfreaxjp !). We are not forgetting the new Macs, and
this release comes with few fixes for fat binaries, kernel caches and arm64 floating point emulation (kudos to @mrmacete and @aemmitt-ns for them!).

Projects: One of the most awaited feature is now finally available for testing, the git
support has been enabled by default and some options and backward compatibility transitional
code have been removed. Please test this out and let us know if you spot any issue! thanks @trufae for this!

The CI have been rewritten for simplicity and it's now building and publishing Android, iOS, macOS, Linux and Windows artifacts on every commit, ASAN, LGTM and COVERITY are still there, but all jobs run in github actions.

Lots of improvements in the support for JSON have been added by @liumeo also, several memory leaks have been cutted down, which are always welcome.

Support for streaming large files over mg, and added support in r2frida is now available thanks to @as0ler!

r2wars

The r2wars game runs on top of r2, but it needs some tweaks for the esil vm to work,
this version optimizes this by checking configuration options outside hot loops.

• Cache cfg.r2wars value outside the eval loop

Those 'hacks' will be eventually removed when r2wars gets able to emulate syscalls,
traps and low level stepping for context switching at esil-expression level.

• Support sbfm/ubfm in arm64
• Initial support for arm64 asm extendtype
• Add test and update arm.winedbg (#18117)

The arm64 assembler has been extended support more instructions and be more formal and correct.

• Implement i4004 assembler

It's always great to welcome a new supported architecture for assembling code (disassembler for i4004 was already available). Kudos to Liumeo for this nice addition!

bin

• COFF: handle empty sections (#447)

• Dont demangle with libs unless requested

• Add bin.cache evar to use io.cache when bins need to patch relocs

• Fix Mach-O rebase on fat slices

• Add additional ELF header fields to rz-bin output

• Fix PE Delay Imports for multiple delayed DLLs (rizin)

• Lowercase DEX method attributes and move r_num_bit_count()

• Initial implementation of the DEX annotation parser

The DEX annotation metadata is now parsed in the DEX plugin, this means, that parsing is actually a bit slower (it's parsing more information) but provides more context and information of the application classes and methods. Use bin.verbose=true to get that information.

This metadata must be imported into r2 somehow, but this interface hasnt been defined yet, so only plaintext representation is supported at load time. Probably finding a good tree representation for an Sdb instance could work.

radiff2

• Add more checks on the passed files and fail early.
• Honor graph.font in diffing graphs too
• Remove buggy Levenshtein diff algorithm and rename the original code

Some confusing usage and documentation have been updated and the default diffing algorithm is now faster. (Thanks MaskRay for spotting it and Liumeo for massaging it)

ci

The whole CI scripts have been rewritten to run everything in GithubActions, and adjust the test of PRs to 20min, ASAN is only running in master (takes 1h), and every commit is compiled for linux, macos, windows, ios and android. No breaking commits can be merged. And all artifacts are available to download for every single commit and architecture.

As long as the Sanitized build takes 1h to run the testsuite we decided to make it run only in the master branch, if any regression happens there it's easy to fix with the crash logs in GHA.

This is the setup of jobs in the current CI:

• Add android-arm64 target to build release artifacts
• Add TCC ci task which is able to build and run the testuite
• Added cydia builds for arm64
• Add job to test build and install with spaces in builddir and installdir
• Add job to test install, uninstall, symstall for proper purgation and avoid disasters
• Fix the badge in the README
• Add asan ci job to run all fuzzed bins with a sanitized build (takes 1h)
• linux-test builds with acr and takes about 20min to run all tests
• CoverityScan service find vulnerabilities with advanced source code analysis.
• LGTM service spots static source analysis good practices
• Initial attempt to switch to Capstone 5, needs more

RTable

• Dashes in RTable with X format
• Implement RTable:sql and add RTable.name

You may not know about RTable yet, but it's an api and command modifier that will be used more and more over time. In short, RTable provides an API to create tables with columns with types and rows with data and an api and query syntax to operate over those tables in the same way as you would do in an SQL database but using the cryptic syntax of commands we like in r2land.

This release introduces a new output for SQL. This means that any information stored in r2 can be exported in SQL statements and processed in your favourite SQL database. This is an example usage:

$ r2 -AA /bin/ls
> afl,:sql > functions.sql
> !sqlite3
sqlite> .read functions.sql
sqlite> .tables
fcns
sqlite> select count(name) from fcns;
128

RISCV

• Fix #18212 - Detect RISCV gdb servers
• Add riscv in RSysArch and make it an enum, not a bitmask
• Update RISC-V ESIL with sign extention operator (#18109)

Native support for Linux/RISC-V is now available as well as remote debugging via GDB,
the ESIL emulation have been improved a little bit.

disasm

• Fix HUGE bottleneck in the WebAssembly pseudo disassembler and analyzer
• pd, is an alias for pdt (pdt will be removed soon)
• Honor meta size in asm.meta=false and add tests
• Fix #18202 - Large Cd truncates and crashes in pd
• Implement print disasm until optype

ESIL

• Fix x86_cs cmpbs esil
• fix x86-cs rep/repe/repne esil expressions

@condret find out (and fixed) a bug in the way rep instructions were constructed in ESIL in x86.

• Support arm32 esil stmib/ldmib
• Add sign extension assignment operator (#18092)
• Add floating point operations for emulation

Thanks to @aemmitt-ns (Austin Emmitt) for implementing support for floating point arithmetics in ESIL as well as adding support for most FPU instructions for ARM64. That's an important move forward in order to improve the language to handle more instructions and architectures.

A work in progress support for RIOBanks is not yet included in this release.
But hopefully in the next release @condret and @trufae will be manage to finish the new API and commands and integrate them into the ESIL to support memory banks in GameBoy emulation for example (as well as add support later for other archs).

• Add support for RAnal.ESIL plugins

Those new types of plugins are right now just a place holder to call init/fini and do whatever you want from there. But in the next release ESIL plugins will provide the ability to expose some functionalities to the ESIL VM, syscall implementations in userland, libc emulation functions, custom esil operations, hardware devices, etc. Join the Discord, Telegram or IRC channels to raise the topic if you are interested on more details.

fs

• Add support to stream files using mg (#18253)

This feature has been added pair to pair with the r2frida implementation, this
way enables r2 to download all the files and its contents without any file size
limitation from the remote device to your host. All the RFS plugins API has been
changed to if you are using custom RFS plugins you may take care of that.

Support for uploading is not yet implemented, but it is planned in the near future.

Thanks Murphy for that great contrib!

io

• Accept rwx argument in onn command
• Add onn command to fix custom map assignments

Those changes and new command are required for the projects to be able to save and
restore the status of files, binfile and iomaps in proper order and reference.

• Fix and refactor the ar:// plugin

The refactoring of the io.ar plugin spotted a regression in open_many() which is not yet
fixed, brave volunteers are welcome!

Projects

The most requested feature for r2 has been reworked to actually
make it work and improved several use cases that weren't handled
before:

• prj.git is now enabled by default if git is in path

this means that everytime you run Ps after saving the changes
in will prompt you for a commit message. The ability to rollback
to any previous state of the project by just calling git reset
and Po becomes very handy when bad things happen or you just
want to track your progress.

As long as projects are in plain text they are readable in git diff.

Improved support to ease the workflow to support multiple users sharing
the same project via git will be implemented in future releases.

• Handle io.maps and bin.segments in o* to handle custom maps in projects
• Add map name information in o* output
• Honor mapaddr for malloc in o*
• Save the write cache in projects

As long as the user can create custom maps on specific files, the projects
need to determine if there's any binobject associated with a specific
file for processing a map. This puzzle is solved by the o* command which
now prints the right commands to reconstruct the same IO environment starting
from a clean session.

• Reworked P command with RProject and prj.name integration
• dir.projects becomes abspath when set
• Fix projects by removing code and honoring prj.name
• Save the write cache in projects

The P command is now much more stable and all the subcommands work as expected, some tests have been added and project renaming can be done via command or via evar prj.name. The magic behind this evar-project-action is done by using the RConfig.getter APIs that have been there for a while but barely used, the value is updated at get time from the project instance details. This way it's possible to rename a project like this:

> e prj.name
test
> e prj.name=case1

• Tell the user that debugging projects don't work

Projects are working, but they are far from perfect, one of these missing corners is the
debugging support, the main reason for that is the lack of integration of aslr rebasing in projects, this will be eventually implemented, but for now it's better to avoid the user to mess the thing.

In any case, it's always recommended to have your own manually writen scripts to do setup some flags, memory patches or breakpoints, so you are more in control of what you run in a living process.

• Fix calling convention save/restore
• Print call convention once in afi
• Warn once about the missing anal.cc
• Use RConfigNode.getter callback in anal.cc to be in sync with k anal/cc/default.cc

Some improvements in the way calling conventions are handled inside r2 enabled the use of anal.cc like it's done in prj.name, with a 'live' evar. default calling convention is
defined by the architecture but can be redefined by the rbin plugin or the analysis information. In addition the user can also specify a custom CC for each function, all those details are preserved with the anal.cc evar and the tc and afc commands.

• Remove transitional projects code
• Remove file.path and file.lastpath and add RProject
• Remove the prj.simple option
• dir.projects becomes abspath when set
• Use UID instead of PID to identify the user to avoid changing projects everytime

Refactor

• Refactor tcc and afcl commands, improve help and JSON
• 25 commits refactoring the code to use the formal PJ api to generate JSON

This includes honoring the settings defined by the user in the cfg.json evars,
this nice feature was introduced by @hexploitable in the previous 5.0 release.

[0x00000000]> e cfg.json.num =?
none
string
hex

Rizin

• Added support for regex in test output and stderr
• Massage RRegex to fix codingstyle and a null deref.
• This resulted in a cleanup and refactoring of RRegex

One of the changes introduced in Rizin is the ability to use regexps to check the output of an r2r test, but after doing some cleanup in the regex code some issues were spotted in the logic, so it's not encouraged to write tests using regexps yet. Unit tests has been added, but it still requires to be fixed.

The bugs are logic bugs, not exploitable, but some match expressions won't work. But at least the feature is in sync.

Other commits taken from RZ grouped by author are:

Paul I

• COFF empty sections
• memleaks in ophandlers
• rtable X dashes

xvilka

• part of the improvements for indentation

wargio

• avr anal warning due unpopulated mnemonic and further refactoring
• fix ao rjmp issue

ret2libc

• Fix misusess of r2 commands inside r2
• Use r_core_flag_get_by_spaces() in getFunctionName()

kazarmi

• Fixed AVR anal plugin warning due unpopulated mnemonic
• Fixing clang flow warnings (#321)
• Fix #rizin302 - Fix function modification detection false
• Remove all dead assignment detect by clang sa (#310)

yossizap

• Fix trace crash
• Add regex support in r2r

Florian

• Fix null deref in rbtree
• Implement delay imports in PE parser

shell

• Implement rax2 -I to convert from/to LONG and IP Address

Sometimes a shellcode or a piece of program is doing some operations with IP addresses and it stores the IP address on a 32 bit register value. rax2 now provides a handy commandline option to ease this conversion. This feature was already available as a hint for the disassembly to convert instruction arguments to ip addresses.

$ rax2 -I 192.168.1.32
0x2001a8c0
$ rax2 -I 0x2001a8c0
192.168.1.32
$

• Implement $i and $I numvars

Those two variables have been added in order to ease writing some scripts that navigate thru
the code moving forward and backward honoring the instruction boundaries of the current analysis information.

So $i is the address of the next instruction and $I of the previous. Things get more interesting when the braces join the game: Using $i{3} gives you the address of 3 instructions forward. and the same goes for $I{3} to go backward.

• Fix #18171 - Support RNum for syscall-name in asl command

The asl command has been modified to use RNum when parsing the argument, so its possible to

API

• Add RFile.new and RFile.move APIs
• RFSPlugin API has changed

Plugin delegates return int instead of RFSFile to avoid leaks and uafs, needed for streaming largs files over mg.

• New RAnal.ESIL plugins

Add esil.dummy in your plugins.cfg if the build fail with missing R_ESIL_PLUGINS error.

Visual

• Fix ecn (and VR) when no custom theme was set in .rc

In human words: rotating color themes is working again!

• Implement history filtering for dietline
• Initial implementation of r_cons_eprintf

This new API is wrapping eprintf() but its also able to buffer the
results and flush them after r_cons_flush().

FUTURE: The need for this API is to improve the r2pipe API and handle
a 3rd communication pipe to handle asyncronous error messages. This is
a long term plan and should be backward compatible, so no r2pipe scripts may break.

• Fix help rendering: avoid printing trailing whitespaces (#18115)
• Improve str.wrap, add cons.line and fix cons.printat glitch
• Fix #17940 - Show ConfigNode options when selected in Ve
• Box borders in graph and panels are now in yellow
• Update www/t from radare2-webui
• Fix cascading solitaire issue in panels menus
• Fix the 'c' cursor behaviour in disasm

Those commits improve the experience in panels, fixing an anoying
bug in the menus, improving the cursor mode. The default color
theme for the frames makes it easier the eye.

The heavy webuis were removed in 5.0, but we are still shipping
t/iled and p/anel ones, it's known that the webui repo needs some
attention

bindings

The bindings have been also updated with some more valadoc documentation
that can be read in here:

https://radare.org/vdoc

This documentation and API can be used for any bindings generated by
valabind, this is: python, nodejs, ruby, go, v, ... the work to stabilize
the apis in this module focused in RConfig, some fixes have been done in
this module.

security

As usual, every release of r2 comes with a large list of security vulnerabilities, bugs and crash fixes. The list below sumarizes the most relevant ones:

• Fix #18274 - Fix crash in r2 *.wasm
• Fix crash in XNU kernel parsing (no cache)
• Fix code injection vuln in .ic* with ObjC classes
• Fix trace crash caused by a mismatch between the register profile and op anal
• AVR: Fixed profile, (null) instruction and anal
• Fix potential null-deref in r_rbtree_cont_foreach()
• Fix crash when wasm file contains symbols with large names
• Handle ^C and fix ASAN crash in aeA command

build

• Disable AVR plugin from all static builds because of the duplicated symbols issue introduced in recent refactoring.
• Add r2.1 when installing with symstall
• Fix debugger build problem in android-x86_64
• Remove --without-r2r configure option
• Create dist/ to hold all the distribution build files

Merged some patches coming from Termux to improve the debugger support on android-x86. The r2r testsuite executable is always built and should be available to all the user installations.

Also, some issues has been fixed in sys/install as well as new CI jobs to verify no regressions happen on install/uninstall/spacesinpaths, etc.

config

• Fix some returns to fix initialization issues in evars
• Remove unused cmd.xterm and use * instead of strcmp for ?
• Support evar filtering in eq and check for bool type in RConfig.toggle
• Expose RConfigNode.options APIs to avoid messing with internals
• Count lines is a prefix operator
• Add a progress bar for when scripts are running
• Honor R2_CFG_NEWSHELL=0 to disable it
• Seek command ignores the tmpseek
• Add missing vars from ?$? in ?$ and sort them alphabetically

r2-5.0

Commits: 510
Contributors: 65

Interface

• Added the Comma API
• Added r_str_wrap() and r_cons_printat() APIs
• Fix adding comments in panels
• Improved help messages
• Removed problematic fortunes
• Add ?et command to change terminal title
• Fix double-click issue in vte terminals
• Formalize the flag names and its filtering APIs
• Fix return code when using q!. Fixes r2pipe.go
• Add experimental asm.flags.real to get strings from bin.str.real
• Removed unmaintained enyo and panels webuis (-2MB)
• Set realname on all bin strings for better asm.flags.real when bin.str.real is set
• Fix ansi colors embedded inside json output formatting
• Improve socket and http server APIs
• Add opn/opr/opp commands to rotate between opened files
• Initial implementation of scr.cursor for keyboard accessibility in visual and panels
• Add asm.hint.call.indirect to make indirect calls follow the target address (#17968)

Performance

• Use sdb_set instead of sdb_querys (aaaa is 7x faster)
• Optimize IO.cache (makes bins with relocs much faster)

Signatures

Debugger

• Sync anal and debug tracing information
• Fix a crash in dts+ command with empty register arenas
• Attach to target pid/tid on remote lldb connect
• Add a warning when a breakpoint is placed in an invalid map
• Add commands to parse mangling pointers glibc heap

Analysis

• Improve signature matching, threshold, refactor and optimize related code

• Directly apply Callee Args in Type Matching

• Takeover variables when splitting functions

• Always register the derived CC from the reg profile

• Add bbhash to detect modifications in functions (and reanalize if patched)

• Implement basic block listing commands (abl*)

• Implement tcc-* commmand to unload all calling conventions

• X86

  • Add amd64syscall and anal.cc evar
  • Fix esil for cmp/sub instructions
  • Add amd64syscall calling convention
  • Fix ELF R_X86_64_PLT32 relocation entries patching (#17587)
  • Fix x86 CMC instruction

• MIPS

  • Improves mips.gnu esil
  • Add JALR JR when the address can be computed
  • Fix GP calculation when there are multiple entries
  • Fix MIPS C-TYPE instruction check
  • Set asm.cpu for mips.gnu derived from the ISA defined in the ELF

• ARM

  • arm mte addg/subg decoding
  • fix arm it block analysis
  • BLR arm64 is type=RCALL (before it was UCALL)
  • ARM64 assembler can now assemble AND and BIC instructions (Thanks @mrmacete!)
  • Add initial support for arm and arm64 ELF relocs
  • Handle RELATIVE (todo) and IRELATIVE relocs in ARM64 ELFs
  • COFF: add ARMNT and ARM64 support
  • All testsuite run on arm32 and arm64

• v850

  • Improve invalid instruction detection
  • Implement the pseudo disassembler plugin
  • Fallback to anal=v850 when using asm=v850.gnu
  • Add ep, sp, gp lp register aliases for v850
  • Added function preludes (aap finds much more functions)
  • Fix calling convention argument register usage for v850
  • Add all instruction descriptions
  • Set v850 disassembler when opening v800 ELF files

• TMS320

  • Implement pseudo disassembler plugin

• PowerPC

  • Initial assembler support
  • Improve reg profile to support calling conventions

• RISC-V

  • Add all instruction descriptions
  • Add Fix shift instruction analysis
  • Fix ESIL for JALR and AUIPC instruction

• SPC700 plugins moved to extras

ESIL

• Add sign-extension operations
• Implement aof to filter expressions using the dfg api
• Fix unexpected FPU exception in ESIL emulation bug
• Enlarge ESIL VM stack from 32 to 256

BSD

• Support pkgconf (BSD alternative to pkg-config)
• Fix build with tinycc, unfortunely the final binary segfaults
• Fix debugger support in FreeBSD
• Implements r_sys_aslr for NetBSD
• Fixing r_sys_pid_to_path for DragonFlyBSD
• Setting ASLR support for DragonFlyBSD

Windows

• Fix r_core_editor() on Windows (#17887)
• Fix MSVC template demangling symbols
• Expose TEB address as a flag on Windows
• Add network support to WinDbg/KD (KDNET)

Apple

• Support ObjC small method lists
• Support iOS 14.x dyld shared cache
• Add support for new macOS kernelcache

Changes

• Rename asm.filter to asm.sub.names
• Rename asm.var.sub to asm.sub.var
• Deprecate the afc= command.
• Removed all globals from main functions
• afc= -> e anal.cc
• Fix big endian DWARF parsing
• labels no longer stored in sdb
• Refactor Variable Constraints out of SDB
• Fix r_anal_block_automerge incorrectly merging blocks

Thanks to

Authors

• Alexis Ehret [email protected]
• Anisse Astier [email protected]
• Anton Kochkov [email protected]
• Aswin C [email protected]
• Azox [email protected]
• Damien Zammit [email protected]
• David CARLIER [email protected]
• Dennis Goodlett [email protected]
• Emi1305 [email protected]
• FXTi [email protected]
• Fabian Freyer [email protected]
• Filipe Lans [email protected]
• Florian Maerkl [email protected]
• Florian Mrkl [email protected]
• Francesco Tamagni [email protected]
• GustavoLCR [email protected]
• Heersin [email protected]
• Hex [email protected]
• HoundThe [email protected]
• Jeroen Domburg [email protected]
• Jing Xia [email protected]
• Keegan S [email protected]
• Khairul Azhar Kasmiran [email protected]
• Khairul Kasmiran [email protected]
• K<81>rlis Se<86>ko [email protected]
• Lazula [email protected]
• Liumeo [email protected]
• Lowly Worm [email protected]
• Ole Andr Vadla Ravns [email protected]
• Paul I [email protected]
• Rafid Aslam [email protected]
• Rene Laemmert [email protected]
• Riccardo Schirone [email protected]
• Roman Hargrave [email protected]
• Sylvain Pelissier [email protected]
• VVS [email protected]
• Vasilij Schneidermann [email protected]
• Zi Fan [email protected]
• abcSup [email protected]
• aemmitt-ns [email protected]
• alimansfield2016 [email protected]
• bazuchan [email protected]
• condret [email protected]
• eagleoflqj [email protected]
• gogo [email protected]
• gogo2464 [email protected]
• junchao-loongson [email protected]
• karliss [email protected]
• laydervus [email protected]
• meowmeowxw [email protected]
• mscherer [email protected]
• officialcjunior [email protected]
• pancake [email protected]
• phakeobj [email protected]
• plaets [email protected]
• ratijas [email protected]
• tantei3 [email protected]
• x1nixmzeng [email protected]
• yossizap [email protected]

Release Notes

Version: 4.5.1
Previous: 4.5.0
Commits: 20
Contributors: 9

Highlights

bin

• PE
  • Fix null dereference in Pe64_bin_pe_compute_authentihash
• ELF
  • Avoid buffer overflow while identifying imports

build

• Fix Cydia/iOS packaging and compilation issues
• Enable LTO in sys/static.sh
• Install ldid2 as well, to sign packages for cydia
• Use meson install instead of manual installation in meson.py

core

• Add Function Name, Constants, Globals and Local Variables to RAnnotatedCode

port

• Backtrace support for haiku

util

• Add r_sys_now_mono() and use in r2r
• Fix NULL dereference in r_pkcs7_parse_spcinfo()

Authors

• David CARLIER [email protected]
• Florian Märkl [email protected]
• Khairul Azhar Kasmiran [email protected]
• NIRMAL MANOJ C [email protected]
• pancake [email protected]
• phakeobj [email protected]
• Riccardo Schirone [email protected]
• yossizap [email protected]

Release Notes

Version: 4.5.0
Previous: 4.4.0
Commits: 426
Contributors: 58

Highlights

Analysis

• Initial API for base type kinds (enum, struct, union)
• Rename PowerPC to PPC
• Improve RISC-V analysis for compressed instructions
• Add endbr64 as a function prelude for x86-64 binaries
• Improve BP vars/args detection
• Detect register args used only by callee
• Match args name/types from function definition
• Improve itanium RTTI parsing and vtable search
• Refactor Variables out of SDB
• Implement basic concept of signature bestmatch

asm

• Add support for WebAssembly SIMD extension
• Boolify r_asm_is_valid and r_asm_set_syntax API
• x86_64/x86_32: Implement assembler endbr32 and endbr64 instructions
• x86_64: Support mov r64, 0xffffffffffffffff
• x86_64: Fix mov r32, -imm32 encoding
• Move inferior GNU Hexagon plugin to extras

bin

• Apple Symbols file
  • Improve Xcode symbols parser
• COFF
  • Improve relocation support on COFF file format
• DEX
  • Fix several crashes when loading corrupted files
  • Performance improvements in DEX parsing
• DWARF
  • DWARF 4 and 5 line parsing additions
  • Several improvements/fixes in parsing
• ELF
  • Use Dynamic segment entries instead of sections to find relocations
  • Add support for BA2 ELF
  • Add support for relocation entries for AARCH64 and PPC
  • Print a warning when the entrypoint cannot be found and it is automatically set somewhere else
  • Make glibc heap commands faster by resolving main_arena symbol
  • Add support for glibc heap tcache pre/post glibc version 2.30
  • Add missing reloc definitions for C-SKY, RISCV and AARCH64
• kernelcache
  • Fix rebasing offset
• Mach-O
  • Fix symbol names truncation issue when dealing with overly long strings
  • Support arbitrary length identifiers
  • Fix relocations on ARM Thumb
  • Support Mach-O threaded binding for arm64e
  • Rebase and strip pointers on Mach-O arm64e
  • Fix parsing of objc class data pointer
  • Do not automatically set the entrypoint of libraries
• PDB
  • Add support for multiple PDB symbol servers
  • Add function for reading PDB from buffer
  • Fix command injection on PDB download (CVE-2020-15121, advisory https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358)
• Pyc
  • Move to radare2 core repository and improve/clean it
• PE
  • Fix crash when resolving corrupted ordinal exports
  • Speedup parsing PE exports

build

• Various fixes for Haiku
• Add support for binr/blob and fix android build in meson
• Add --without-dylink configure flag to disable libdl features
• Add Debian 8 Jessie to GitHub CI
• CentOS tree sitter fix using gnu99 when available
• Fix the static build by dynamically resolving libutil symbols
• Add release Github workflow to create all the release artifacts
• Introduce --without-r2r configure option to disable compilation of r2r

cons

• Add VT sequences input support for Windows

crypto

• Remove hardcoded supported encoders names (e.g. base64, base91, punycode)

debug

• Fixes for windows debugger
  • Improve exception logging
  • Fix inconsistencies in killing/restarting a process
  • Fix detaching without killing debuggee
  • Expose exception reason for di

io

• Add new fd:// (handle:// on windows) plugin
• Support self:// plugin for Solaris and Haiku OS
• Fix regression while loading large files (>2GB) on 32bit systems

lang

• Fix C/Cpipe when non standard library paths are used
• Implement RLang.spp for templated scripting
• Move #!v out of core (it's now available via r2pm)
• Fix usage of #!python, #rust, and #cpipe
• Do not include C/cpipe RLangPlugins on windows

magic

• Add Android boot image signature

socket

• Fix socket connect with SSL

util

• Move RAnnotatedCode API from r2ghidra to r_util so it can be reused
• Refactor r_big for gmp and SSL
• Remove unused RConstr API
• Remove unused RRangeTiny API
• Add support for weakref RStrBuf and add r_strbuf_setptr API
• Add r_vector_fini and r_pvector_new_with_len API and add bound checks on all RVector APIs
• Add support for n# in pfc
• Add generic reference counting implementation

rabin2

• Fix go detection in non-elf binaries

radare2

• Config variables
  • Renamed variables
    • asm.jmpsub -> asm.sub.jmp
    • asm.var.submin -> asm.sub.varmin
    • asm.tailsub -> asm.sub.tail
    • asm.section.sub -> asm.sub.section
    • asm.var.subonly -> asm.sub.varonly
    • asm.regsub -> asm.sub.reg
    • asm.relsub -> asm.sub.rel
    • anal.in=raw -> anal.in=range
    • asm.bytespace -> asm.bytes.space
    • scr.ansicon -> scr.vtmode (only on Windows build)
  • New variables/options
    • anal.vars.stackname: (true/false) Name variables based on their offset on the stack
    • asm.bytes.right: (true/false) Display the bytes at the right of the disassembly
    • bin.str.enc=ascii is a new option
• Commands
  • Add axv and afvx and afv= commands to visualize var R/W accesses
  • Add afvxj to print JSON output of afvx
  • Add dmia command to list all info of a target lib and accept more print modes in dmi
  • Fix invalid json output for drtj command
  • Add key to highlight and go-to highlighted text in graph mode
  • Add JSON print to /E command with /Ej
  • Add zb command to find n closest matching graph zignature
• Initial refactoring to generate commands help automatically and support argv-style command handlers (e cfg.newshell=true)
• Add API to print decompiled code
• Optimize aao objc analysis
• Display file associated to the current file in the visual title
• Fix runaway scrolling in Visual mode after mashing down movement key on Windows Terminal
• Add F9 continue key to ESIL

rafind2

• Implement rafind2 -F to find the contents of the file

rasign2

• Add dumping of FLIRT signatures to rasign2
• Move main code to r_main

r2pm

• Initial support for git tags in r2pm

Details

This release could not be done without the help of several people, who
contributed with many fixes and improvements. Above you can only find some short
highlights of what was done in this release, but many more important changes
have been committed and you can find them in our git log.

Authors

• Alexis Ehret [email protected]
• Anton Kochkov [email protected]
• Aswin C [email protected]
• atodekangae [email protected]
• Azox [email protected]
• condret [email protected]
• Cyrill Leutwiler [email protected]
• David CARLIER [email protected]
• Dennis Goodlett [email protected]
• DharmaCode [email protected]
• Disconnect3d [email protected]
• Eduardo Novella [email protected]
• Eli Schwartz [email protected]
• Fangrui Song [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• FXTi [email protected]
• Giovanni [email protected]
• gkpln3 [email protected]
• GustavoLCR [email protected]
• HoundThe [email protected]
• Ian Huang [email protected]
• Ishi Tatsuyuki [email protected]
• Jerome-PS [email protected]
• karliss [email protected]
• Khairul Kasmiran [email protected]
• Les De Ridder [email protected]
• Liumeo [email protected]
• Maxim Ivanov [email protected]
• mdolmen [email protected]
• meme [email protected]
• meowmeowxw [email protected]
• Michael Scherer [email protected]
• NIRMAL MANOJ C [email protected]
• Ole André Vadla Ravnås [email protected]
• Óscar Carrasco [email protected]
• pancake [email protected]
• Paul I [email protected]
• phakeobj [email protected]
• RHL120 [email protected]
• Riccardo Schirone [email protected]
• Sean Maher [email protected]
• Sergei Trofimovich [email protected]
• Soatok Dreamseeker [email protected]
• Sylvain Pelissier [email protected]
• terrynini [email protected]
• Vane11ope [email protected]
• Yusef Karim [email protected]
• zawwwu [email protected]
• Zi Fan [email protected]

Release Notes

Version: 4.4.0
Previous: 4.3.1
Commits: 328
Contributors: 41

Highlights

• Replace shellscript, nodejs and V testsuites with r2r.c which is shipped by default
• Added initial analysis plugins for super-h and tricore
• Fix build and some runtime issues on IBM s390x
• Updated rap:// cleaned up implementation inside RSocket for client and server
• Speedup type linking (300x faster)
• Fixed all the timeouts and crashes from bins/fuzz
• Add support for retpoline switch table analysis (spectre/meltdown)
  • Fix #16418 - Implement blind main detection on endbr+mov files
• Add commands to emulate a basic block or the whole path until reaching an address
• Fix support for the latest GLIBC for heap parsing
• Improved automatic function signature association for the imports
  • Fixed afs command to show proper footprint
  • Add support for typedef and added NSString type on darwin binaries
  • Fixed all the t subcommands to print all types as C
• Improved visual class browser and the visual bit editor
• ragg2 now allows to change the path of the shellcode to run
• Graph visualization is now faster
• Use RPVector for io->maps - speedup map traversal (overall speedup)
• Lots of code cleanup and refactorings reducing memory usage and performance
• DEX loading is now 2x faster
• Fix assembler: MOV for x86 and LDR for arm64
• Improved the bin loader to support iOS 13.4 dyldcache files
• Improved support for ObjC IVAR fields loading them as C structs
• Add improved icc subcommands to print as classes as C, ObjC or Java
• Automated Emscripten (JS/WASM) builds in CI
• Fixed static build by defining a new file naming policy
• Default installation path with sys/install.sh is now always /usr/local
  • Previous installations in /usr will be purged
• Only check for major and minor version numbers when loading plugins

Authors

• Alexis Ehret [email protected]
• Anton Kochkov [email protected]
• Aung Khant Ko [email protected]
• David CARLIER [email protected]
• Disconnect3d [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• Frédéric Tobias Christ [email protected]
• HoundThe [email protected]
• Itay Cohen [email protected]
• Khairul Azhar Kasmiran [email protected]
• Khairul Kasmiran [email protected]
• Khairulmizam Samsudin [email protected]
• Liumeo [email protected]
• Lowly Worm [email protected]
• Maijin [email protected]
• NIRMAL MANOJ C [email protected]
• Paul I [email protected]
• Riccardo Schirone [email protected]
• Rikard Falkeborn [email protected]
• Rishi Bhatt [email protected]
• Robin [email protected]
• Sergey Alirzaev [email protected]
• Sylvain Pelissier [email protected]
• Tigre000 [email protected]
• Zi Fan [email protected]
• aar0nge [email protected]
• curly [email protected]
• davidpolverari [email protected]
• gur111 [email protected]
• karliss [email protected]
• kuqadk3 [email protected]
• luke-goddard [email protected]
• mdolmen [email protected]
• pancake [email protected]
• philoinovsky [email protected]
• yossizap [email protected]
• Óscar Carrasco [email protected]

Changes

anal

• Add initial SuperH and Tricore analysis plugins
• Added option to search all vtables
• Fix infinite loop in aae - check if address is valid
• If possible use symbol name instead of entry name for function name (#16528)
• makes the local variable access detection work on arm64
• Fix asserts when trying to use a unexistant or wrong analysis plugin
• Minor Fixes for XRefs counting (#16546) 
• Fix #16413 - Analyze code refs spotted with aae
• Implement x86 anal.jmp.retpoline switch tables (spectre/meltdown)
• Tweak arm64 ldr ESIL for var access
• Add opaddr field in ab/abj output
• Improve noreturn and aesu times, show it in afi & afij
• Fix dup af+ removing function from hts (#16526)
• Fix #16308 - Add fcn arg in r_core_anal_propagate_noreturn to avoid O(n) in af
• Fix ao~bytes and add test
• Improve aef by skipping calls and improving the logic
• Improve aeg command and add aaef as an alias for aef@@@F
• Fix #16225 - Remove the unused fcn_locs causing an UAF
• Implement Shortest Path between BBs and add tests for abt (#16200)
• Implement aesB command to step until the given basic block
• Implement afsj command to get the JSON definition of the function signature
• Add acvf command and devirtualizing vtable method calls (#16157)
• Implement aeb command to emulate a basic block (#16174)
• Guess a better name for functions when multiple flags point there

asm

• Fix #16433 - Use MOV opcode B8+ for MOV r64, <0x80000000 to 0xffffffff> #16572
• Fix #16433 - Support movabs for x86_64's MOV r64, imm64 (#16527)
• x86_64: Use MOV opcode C7 for MOV r64, -<1 to 0x80000000> (#16551)
• Fix arm64 branch assemble (#16205) 
• Support asm.cpu for Tricore architecture (#16161)

bin

• Fix infinite loop in macho commands parser (#16562)
• Fix heap overflow in the relocs ELF parser
• Improve COFF symbol info (#16523)
• Fix crash issue induced by an integer overflow in the mach0 parser
• Fix #16455 - iij asserts for ld-uclibc with a null import
• • Fix asserts in iij for ld-uclibc with a null import
• Add rust lang support to iD command (#16490)
• Fix #16418 - Implement blind main detection on endbr+mov files
• Fix COFF symbols/imports info (#16446)
• When computing ELF relocations, use DYNAMIC segment if available (#16419)
• Make dyldcache accelerator info optional
• • Make dyldcache accelerator info optional
• Do not use r_buf_data in DEX results in 1.5x faster parsing (22s vs 33s)
• Implement icc*, in sync with ic* to get C strcuts from mach0 classes into r2
• Add mach0 class fields with padding and sorted by offset
• WIP: Improve ObjC's IVAR fields support
• Fix #16265 - Segfault in rabin2 -O e/123 with ELF
• Fix memory leak in RBin. NE relocations
• This allows to open dyld cache files from iOS 13.4 for which
• Idea for fixing id? and idp? etc commands (#16244)
• Fix PE endian and alignment issues spotted by ASAN
• Strip minuses from the hash names for sha256 PE signatures (#16156)
• Fix heap overflow in the relocs ELF parser
• Fix crash issue induced by an integer overflow in the mach0 parser
• Fix #16455 - iij asserts for ld-uclibc with a null import
• Make dyldcache accelerator info optional
• Fix memory leak in RBin. NE relocations
• Fix PE endian and alignment issues spotted by ASAN

build

• Fix Build on NetBSD (#16520)
• Update SDB
• Make msbuild quieter (#16482)
• Create more GitHub Actions jobs for meson and gcc/clang
• Build fixes to make emscripten builds happy (#16406)
• Avoid duplicated module filenames to fix static.sh
• Rename util/diff.c to udiff.c to avoid libr.a collission
• Build *.deb packages only for master branch (#16320)
• Run sys/static in the Debian task
• Fix #9240 - sys/install.sh uses always /usr/local + rpath now

core

• Remove asm.linesup (#16293)
• Fix wen command for io.va=true, add two tests
• Fix #16281 - Do not load system-wide plugins twice
• Only check for major and minor version numbers when loading plugins
• Add cmd: acvf [offset] ([class name])
• Add r2 -NN to not load plugins
• Always use r_getopt, do not depend on libc (not just on windows)
• Use r_core_cmd_lines() for -c (#16290)
• Use @{} instead of @() and fix this modifier
• Implement @v: value modifier, like @x: but with endian and size
• Fix #15978 - segfault when using r2pipe webserver + local visual (#16508)
  • Makes r2 interop more stable

debug

• Fix tcache address and offset in print_tcache_instance()
• Fix dmht for glibc caused by wrong tcache offset and definition (#16247)
• Fix tcache_perthread_struct definition
• Test dmha/dmh for glibc x64 (#16307)
• Fix #16432 - openbsd fork+attach EBUSY issue
• Decouple shlr/gdb registers profile from code (#16312)
• Minor fix to get dmh to work with riomap (#16286)
• Detect glibc version and set dbg.glibc.tcache accordingly (#16255)
• Fix chunk listing with tcache and add test (#16239)
• Fix #16219 - Add $DB variable for dbg.baddr
• Add tests for rebasing in debug
• Fix debug rebase regressions
• Clean drx/drt/drp help message (#16203)

diff

• Fix print string in radiff -qu (#16212)

disasm

• Show realnames on function's signature when enabled
• Fix #16263 - Do not newline after showing switch cases

egg

• Fix shellcode path customization (#16384)

graph

• Optimize r_anal_get_bbaddr() to make graph navigation faster

io

• Fix #16210 - Show error message and update help for we
• Fix #14371 - Make wfs paired with wts, rename wfs to wfx
• Use RPVector for io->maps - speedup map traversal
• Fix #16347: o+ sets maps as writable like oo+ (#16381)

json

• Fix #16233 - ~{} works on colorized JSONs
• • Fix #16233 - ~{} works on colorized JSONs
• Use pj in zj (#16321)
• Use pj in ilj
• Add pj_ad api to print raw data

lang

• Update support for V in libr/lang

ports

• Fix #16109 - Add R_SYS_ARCH for s390x

print

• Fix #16394 - Make pm [file] work again
• • Fix #16394 - Make pm [file] work again
• Implement hex.offset config variable to hide address column from hex-dump (#16373)

refactor

• Initial r_anal_fcn_* purge (#16238) 

reg

• Make r_reg_get_list() search harder (#16202)

search

• /ad/ in /bin/ls ate 9 extra MB that was never freed
• Fix memory leak in /ad/ using r_regex api wrongly
• Fix #16327 - Search in range with io.va=false
• Add LZMA-BE magic signatures
• Display correct lengths for cryptography search commands (#16262)

socket

• Initial refactoring of the rap:// protocol (-75 LOC)
• Fix socket connection issue (#16218)

test

• Fix all the crashes and timeouts in the fuzz tests
  • Related to aav, aae, aa,
• Move test/new/* into test/
• Add interactive mode to r2r (#16466)
• Format some missed tests
• R2R for Windows (#16410)
• Add Timeout to R2R.c (#16371)
• Enable R2R in C for all CI except Windows (#16354)
• Initial support for test categories and fix the windows build
• r2r new flags: -n to not run -v for version, add manpage
• Delete the r2r.v and use r2r.c
• Autodetect dbdir in r2r.c (#16365)
• Add ic + icc* tests for objc
• R2R in C Enhancements (#16310)
• Initial Implementation of R2R in C (#16216)

tests

• Move test/new/* into test/
• Format some missed tests
• r2r new flags: -n to not run -v for version, add manpage
• Add ic + icc* tests for objc

tools

• Fix #16389 - r2r -qv and r2 -v to show version and quiet versions (#16472)

types

• Fix #13677 - Add txt command and make txf accept an argument
• Fix empty struct and add test (#16408)
• Fix tp and tpx to accept types with spaces
• Implement tc* and fix tc glitch
• Add NSString and size_t types in tcc+r2
• Optimize 'tl', r_core_link_stroff and r_type_link_at (0.01s vs 3s)
• Use the proper API to find function in tl
• Add R_TYPE_TYPEDEF to RTypeKind (#16243)
• Enhance the way imports are processed in r_anal_function_get_signature
• Implement tpv command and some random code cleannup
• Fix afs not showing signatures correctly with preloaded sdb types
• Fix afs not showing types and args

util

• Implement r_table_uniq as API and query (#16385)
• r_buffer: do not move seek when using _at APIs (#16401)
• Make r_str_split_duplist() thread-safe (#16341)
• Remove r_str_rmch and simplify r_str_replace_char*
• Add pj_ko and pj_ka APIs

visual

• Add anal classes to "Vb" (#16383)
• Fix cursor visibility after leaving visual graph (#16298)
• Visual bit editor now shows bits up and down
• Add VdN (afs!) to edit function signature with cfg.editor

Binaries: http://radare.mikelloc.com/release/4.3.1

• Fix segfault in om= command
• Fix dead process issue with ood/doo command
• Fix build with ancient capstone3
• Fix build with pre-c99 compilers
• Some more code cleanups + refactorings

See 4.3.0 changelog for full details compared to 4.2.0

Release Notes

Version: 4.3.0
From: 4.2.1
To: 4.3.0
Commits: 214
Contributors: 33

Authors

• Adam Van Scyoc [email protected]
• Anton Kochkov [email protected]
• Clark [email protected]
• David Carlier [email protected]
• Drew McGowen [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• Itay Cohen [email protected]
• Khairul Azhar Kasmiran [email protected]
• Khairul Kasmiran [email protected]
• Khairulmizam Samsudin [email protected]
• Manuel Prinz [email protected]
• Marco Grassi [email protected]
• Maxim Ivanov [email protected]
• Michael Rodler [email protected]
• Paul I [email protected]
• Riccardo Schirone [email protected]
• Roman Valls Guimera [email protected]
• Sylvain Pelissier [email protected]
• Vane11ope [email protected]
• XYlearn [email protected]
• Zi Fan [email protected]
• abcSup [email protected]
• bannsec [email protected]
• fooxax [email protected]
• haystack-ia [email protected]
• karliss [email protected]
• kuqadk3 [email protected]
• pancake [email protected]
• yossizap [email protected]
• Óscar Carrasco [email protected]

Changes

anal

• Rename the Function Flag on afn (#16078)
• Fix 'af' missing lines bug when analyzing in frida://0
• Implement function names with dots in signatures
• Remove more members from RAnalBlock
• Remove prev, jumpbb and failbb from RAnalBlock
• Refactor Anal Hints (#15876)
• Skip empty esil expressions in 'aeab' to fix partial results issue
• Add 'aba' command as an alias for aeab
• Fix aeab and add V (values) in aea outputs
• Implement aeab command

asm

• Fix #13908 - x86 aoj for instruction with hidden operand
• Add 'wao jinf' for Dalvik
• Determine Gameboy hardware registers in disassembly (#15909)

bin

• Add new BIND_OPCODE_THREADED constant for MACHO binaries (arm64e)
• Add Windows Crash Dump format support (#16087)
• Minor Fixes and Tests for NSO/NRO (#16053)
• Fix iS hash outputs (#16044)
• Add Authentihash support for PE (#15987)
• Fix ELF symbols for names just before the end of strtab
• Parse dyldcache local symbols
• Fix some out of bound accesses in LE (#15943)
• Fix #14325 - Honor segments in DEX files (#15920)
• Many FLIRT handling fixes

build

• Fix debugger build on Linux/s390x
• 'sign' as an alias for ios-sign and macos-sign
• Build debian package in CI

cons

• Fix again the EOL bgcolor issue (and improve scr.html) (#16120)
• Implement ecHj to list highlight rules in json format
• Fix r_table_tostring for string with ansi escape code (#16069)
• Fix #16063 - bgcolor not reset on newlines
• Fix ecH- deleting ecHi and deleting meta highlight items
• Fix #15359 - Enable key.f# keys to be used in the shell
• Improve the gentoo theme

core

• tree-sitter: support iter commands (#16111)
• Initial implementation of the 'rb' command to rebase all the things
• Use state struct and start handling cmd_substition_arg in tree-sitter (#15966)

debug

• Use RTable API in r_core_debug_rr (#16066)
• Fix show register value in column (#16010)
• Add 'dbH' to set hardware breakpoints (#15933)

disasm

• Improve ecH (ecH-* dels them all, ecH- doesnt segfault, ecH list)

esil

• If esil.addr.stack is mapped find an available one
• When esil.stack.addr is -1 set it to the next unallocated address
• Code cleanup for r_core_esil_step() (#16017)

graph

• Add graph.aeab to show esil stats instead of disasm

json

• Fix #15851 /wj without arg produce '\n' (#15885)

panels

• Fix a bug on clicking in panels (on Mac and Linux)

projects

• Preserve "functions" flagspace when saving projects (#16057)

refactor

• Revert "Avoidify the RUtil.strTrim() APIs, rename trimHeadTail() and add asserts in RConfig
• Avoidify the RUtil.strTrim() APIs, rename trimHeadTail() and add asserts in RConfig
• Fix consecutive call to r_table_sort (#16049)
• Kill all globals in rabin2.c
• Remove globals from main.r2
• Remove globals from rax2

refactor"

• Revert "Avoidify the RUtil.strTrim() APIs, rename trimHeadTail() and add asserts in RConfig

test

• Add tests for RList (set, get, reverse, clone, append, prepend) and remove legacy
• Add initial sparc regression tests
• Handle ^C in r2r.v and support threads in fuzz tests
• r2r.v: Assume BROKEN=1 if not 0 or "" (#15936)
• Add Unit Tests to Meson (#15926)

types

• Fix tccj, tccl, tcc* output errors and add tests (#15931)

util

• Avoidify the strTrim() APIs + cleanup/refactor
• Memory leak fix proposal in syscmd_join

visual

• Fix #15963 - Handle / in Vx (visual xrefs)

To Review

• Fix #15211 - null deref in calling convention analysis
• Fix crash in elf parser found in the mtk-su binary with asan
• Add support for number_command and recursive help
• cmd_ignbithints should be set everywhere for consistency
• Save rnum->value before doing a cmd substitution
• Update radare2-shell-parser to fix null deref in html_disable_command
• Fix last coverity issues (#16114)
• Make r_strbuf_fini() safer (#16115)
• Add test for loading typedefs with to (#16101)
• Add test for long ESIL bug (#16102)
• [ppc] Only free op->esil if ESIL not requested (#16102)
• Fix #16093 - support syscall redefinition in REgg (#16106)
• Upgrade to node-r2r-0.4.0 (#16098)
• Add test for yara in extras (#16090)
• Fix #14647 - Add output of sections to segments mapping for ELFs (#16045)
• Add output of sections to segments mapping for ELFs
• Create RReg test unit (#16081)
• Fix some anal cmd handlers (#16085)
• Do not use the elvis operator for bool expressions (#16073)
• Upgrade node-r2r to 0.3.1 to fix the <<EOF -i issue (#16072)
• Fix null-deref on afv[rbs]-* without function (#16071)
• Use RString and minor cleanup (#16070)
• r2r.v path/to/cmdtest works now
• Convert NAME='name' to NAME=name in tests (#16067)
• Fix r_cons_rgb_parse() harder (#16061)
• Also fix init of some ret args in r_meta_print()
• Boolify try_walkthrough_jmptbl
• Add R_ANAL_RET_NOP constant
• Add test case
• Replace O(n2) ELF symbol matching with hashmaps (#16052)
• Replace O(n2) ELF symbol matching with hashmaps
• Swap loop order to ensure that all phdr_symbols are marked.
• Use name, size and offset as hashmap keys.
• Add [?] to fd help entry (#16058)
• Allow function names containing dots in tcc
• Add some very basic tests for NSO/NRO
• Remove broken readLE* functions from NSO/NRO
• This reverts commit 38b61c7bcfe55a727b9c3cedbc0f3147018e7c6b.
• Run 'r2r fuzz' from anywhere
• Remove stray pancake activity ;) (#16054)
• Fix a segfault in libmagic when error string > 4096 (#16050)
• Fix address representation minbound maxbound in afij (#16051)
• Force sorting of rows in the event of consecutive sort
• Remove global Gdec and use r_list_reverse for decreasing sort
• Add test for r_table_tostring and r_table_sort
• Upgrade capstone v4 and next branches
• Simplify travis oneliner
• Fix r_table_sort segfault when column type is NULL (#16047)
• Rename argument to 'dec' (decreasing) to reflect existing output
• Add test
• Refactor bin_sections function
• Add filter_hash_string function
• Fix segfault in Authenticode hash check (#16042) (#16043)
• I noticed that r2 will crash when loading a PE file with
• Authenticode digest algorithm other than SHA-1 or MD5. I traced
• it down to the PE_(bin_pe_compute_authentihash) function returning
• NULL if it encounters an unsupported digest function. This results
• in NULL being passed to strcmp which causes the segfault.
• Solution was to add a check for PE_(bin_pe_compute_authentihash)
• returning NULL and to set bin->is_authhash_valid to NULL.
• The real solution is to add support for more algorithms but this will
• stop crashes for now.
• Greenify AppVeyor on master by using different tag name (#16041)
• Greenify AppVeyor on master by using different tag name
• Co-authored-by: Itay Cohen [email protected]
• Fix read stack-based buffer overflow when using str with pk_js (#16040)
• In some cases I noticed str is not correctly terminated, so when it is
• later used in pk_js, that function reads a very long string, outside
• of the memory bounds of the original buffer.
• Add support for @* commands in new r2-shell-parser (#16038)
• Use TSSymbol instead of comparing type strings
• This patch uses ts_node_symbol instead of ts_node_type to check whether
• a node is of a given type. Since TSSymbol is just an integer, the check
• will be much faster. Also, it allows to store commands handler in an
• hashtable, instead of having if-cascade.
• Make sure r_config_hold works even when keys do not exist or are freed
• Add support for all _tmp_commands
• Make sure to always reuse the same TSLanguage
• Update both tree-sitter and radare2-shell-parser
• This way we use TSLanguage version 11, which fixes some problems with
• TSSymbols.
• Compute is_last_cmd on each single command and fix logging
• is_last_cmd should be set on a per-command basis, so if you analyze
• things like pd 3; .; .; .; the . refers to pd 3.
• This also fixes logging, so when an invalid command is parsed, it is
• still available in the history.
• Add comment about directly using r2-shell-parser in r_core_cmd_lines
• r_core_cmd_lines tries to parse the input and split it in lines, but at
• least in theory, we don't need it as the new parser can already handle
• full scripts.
• Allow other tasks to run between commands even in the new parser
• Fix #10696 - Kill r_io_map_add_next_available
• The function is just renamed to be reused and we have no tests for it, but it may fall into an infinite loop
• Fix #15842 - Add minimal slice for reproducible af test on anal-block branch
• Highlight that 'new' is a directory name in test docs (#16035)
• Use absolute URLs in pull request template (#16036)
• Fix sdb API usage to avoid extra strdup() (#16028)
• Make r_table_columns() faster, leak- and double free free (#16031)
• Remove ARGS= from tests (#16032)
• Support real names in "fd" command (#16027)
• add tests for fdj and fd.j
• Add support for realnames in fd
• Add a Test for fd with realname
• Co-authored-by: Florian Märkl [email protected]
• Fix Spaces Interference in r_flag_get_at() (#16019)
• Unstick Travis by using compgen instead (#16025)
• Code cleanup in r_core_esil_step()
• remove unnecessary call to initializeEsil()
• remove another set PC register in initializeEsil()
• Add test for aes without initialization
• Use git clone --depth 1 as much as possible in builds (#16022)
• Refactor r_bin file hashes
• Add r_bin_file_compute_hashes
• Add r_bin_file_set_hashes
• Refactor it itj commands
• Introduce hashes method to RBinPlugin
• Add test for env with spaces
• Make env command trim key/value strings before setting env variables
• test/bins/fuzz: null_pointer__elf_init__store_versioninfo__store_versioninfo_gnu_versym
• Fix crash in mach0 mach0_invalid-addr_walk_exports
• Add Certificate Table parser to PE plugin
• Add SpcIndirectDataContent ASN.1 structure parser
• Add Authentihash calculation and check
• Refactor r_bin_file_hash
• Add tests for Authentihash check
• Fix for ar= and dr= and add tests
• increase width to accomodate register name larger than 4 chr
• fix flag type register value not printed
• update r_debug_reg_list() to accept '=' arg
• Fix builds by installing radare.r2 manually (#16009)
• Upload all generated ZIP files
• Use the "concatenation" concept in radare2-shell-parser
• Implement repeat_command and do not unwrap quoted args
• For back-compatibility it's better to not unwrap quoted args, because
• existing commands right now just understand this syntax.
• sdb header file dependency for external plugin i.e. pyc (#16004)
• r2r.v: Add color to BR and FX of cmd tests (#16003)
• Upgrade V
• Fix incorrect PPC ESIL and add testcase (#15970) (#15995)
• r2r.v: Fix EXPECT_ERR check
• r2r.v: Mark broken failing-only-on-EXPECT_ERR tests as BR and not FX
• Add ecH. command to show highlight info in the current offset
• Fix 32bit format string bug in the protobuf decoder
• Fix RCons test UB issue
• Add testcase for this RCons.rgbParse() crash
• Fix ASAN segfault in RCons.rgbParse()
• r2r.v, BROKEN=0: Check only first char
• Honor rc in unit runs and fix execution path in make run
• Handle return code in r2r.v and fix crashing unit test
• Fix asan crash in ecH-
• Echi bad color (#15986)
• Outputting error on ecHi bad color
• Add logic to parse unmapped local symbols.
• Every macho image present in the dyldcache has all the metadata about its local symbols stripped away from the corresponding macho header. Instead, this information is present as dyldcache-specific metadata stored in unmapped parts of the cache file.
• This PR, for every loaded image, takes care of adding the local symbols which are missing.
• Bonus
• Fix a potential use-after-free caused by r_bin_object_set_items, by rebuilding class-related hash tables after replacing the class list.
• Convert ONE_STREAM tests to EXPECT_ERR (#15979)
• Remove RAnalBlock.type
• Remove RAnalBlock.cases
• Remove RAnalBlock.label
• Reorder RAnalBlock members to free 16 more bytes
• Handle instructions with hidden operand
• Add hidden_op() for instructions with hidden operand
• Added operands info for pushf, popf, pushfd, popfd, pushfq, popfq
• Add test for aoj for pushf
• Fix last covs (#15976)
• Fix too long var name and assert on strlen (c) > 1
• Fix grep when there is also {}
• r_cons_grep_strip expects the ~, otherwise it does not work well.
• new parser: fix multiple words in grep and add support for > $alias
• Add tests for swift-x86-64 calling convention
• Update afcr, afs command
• Add support for self, error register argument (Swift)
• Refactor and Add Swift calling conventions to sdb
• Fix escape/unescape in new shell parser
• Fix UB, oobread, infinite loop and other bugs in the LE parser (#15968)
• r2r.v: Slurp empty lines as well (#15964)
• Cleanup some RAnalBlock Members (#15965)
• Simplify ownership in the PE resource parser to fix a double free
• Use RVector for Address Hints
• Add Arch/Bits Hint Trees
• Add Unit Tests for Addr, Arch and Bits Hints
• Add unset for newbits
• Fix jmptbl hint fetching
• Fix r_anal_*_bits_foreach
• Print grouped Anal Hints
• Fix arch bit affect on disasm
• Add Reset Hints to Commands
• Add test for type uint64_t
• r2r.v: Fix wg race
• Memory leak fix for kernel cache module.
• Add missing afis info in afi? and fix afis?
• Fix tests
• Note that ^c is only supported on unix systems for now
• Some tests use the new radare.r2 api to use RCons.isBreaked()
• Other tests use os.signal() to catch C.SIGINT
• Add tests for assemble/disassemble neg al (#15949)
• Update neg eax test (#15950)
• r2r.v: Fix Success: 0 when running cmd tests (#15948)
• Try V suite on FreeBSD and OpenBSD (#15852)
• Try V suite on FreeBSD
• Try V suite on OpenBSD
• Fix V lang error
• Update V lang
• Fix /wj without argument produce stray \n
• • Change logic to prevent unreachable branch
• • Revert to R_MODE_RADARE if there is no argument
• Add asm x86 neg
• Upgrade V
• Upgrade V
• Convert '..' tests to <<EOF
• Convert EXPECT_ERR= tests to <<EOF
• Convert some tests to use CMDS/EXPECT without enclosing quotes (#15939)
• Convert some tests to use CMDS/EXPECT without enclosing quotes
• Add test version that is friendly with node-r2r, r2r.v and AppVeyor
• Fix unit tests by upgrading V (#15940)
• Fix /j when there is no input argument (#15935)
• Return address for unknown Gameboy hardware registers
• Improve warning messages in r2r.v
• Convert more tests to use a strictier syntax
• r2r can load test files when passed as argument
• duplicated test names are reported as warnings
• run tests from test/new instead of test/src (like r2r.js do)
• Upgrade to the latest V
• Use only BROKEN=1 in tests (#15932)
• Convert cmd_i tests to <<EOF
• Upgrade node-r2r to 0.3.0
• Tests for concatenated greps in pd (#15925)
• fixed esil for arm push/pop with conditional (#15922)
• Fix Comment about RAnal.bb_tree (#15919)
• Terminate on missing script when doing radare2 -i -Q (#15918)
• Add realname to anj (#15917)
• Fix a format string in arm (Fix #15915) (#15916)
• Fix radare2 -i -Q output when script has no nl at eof (#15914)
• Go back to 4.3.0-git after the minor release

On February 2, 2020, GitHub will capture a snapshot of every active public repository, to be preserved in the GitHub Arctic Code Vault. This data will be stored on 3,500-foot film reels, provided and encoded by Piql, a Norwegian company that specializes in very-long-term data storage. The film technology relies on silver halides on polyester. This medium has a lifespan of 500 years as measured by the ISO; simulated aging tests indicate Piql’s film will last twice as long.

Release Notes

Version: 4.2.0
From: 4.1.1
To: 4.2.0
Commits: 175
Contributors: 23

Authors

• Anton Kochkov [email protected]
• David CARLIER [email protected]
• David Carlier [email protected]
• EggUncle [email protected]
• Florian Märkl [email protected]
• Guillaume Valadon [email protected]
• GustavoLCR [email protected]
• Itay Cohen [email protected]
• Jeong Jihoon [email protected]
• Khairul Kasmiran [email protected]
• Kārlis Seņko [email protected]
• Riccardo Schirone [email protected]
• Sylvain Pelissier [email protected]
• Theodore Dubois [email protected]
• Vane11ope [email protected]
• d4em0n [email protected]
• dodococo [email protected]
• dok [email protected]
• itayc0hen [email protected]
• pancake [email protected]
• vane11ope [email protected]
• yossizap [email protected]
• Óscar Carrasco [email protected]

Changes

anal

• Fix #15091 - Make 0 fcnsize warning more meaningful and verbose-only (#15866)
• Fix jumptable size #13812 (#15822)
• Fix afs not working without rettype
• Fix a null deref in fcn_recurse
• Remove Custom Analysis for Java (#15817)
• Refactor RAnal Basic Blocks and Functions (#15169)
• Change RAnalBlock.size to ut64
• Make type matching independent of bb list order
• Improve the op.type text representation when unhandled modifiers are used
• Remove dupped basic block analysis in core (#15714)

asm

• 'push rip' is not a valid instruction

bin

• Improve realname support for symbols (#15702)
• Add test for #15727 (smd strings) (#15777)
• r_str_unescape: Support all izz esc seqs (#15770)
• Force read permissions on all load maps in ELF
• Initial implementation of LX/LE file plugin

cons

• Implement ar, and dr, commands to list registers in table format
• Fix #14424 - Handle ~ operator in the ms shell
• Implement r_strbuf_slice and use it in panels to solve a glitch

core

• Add ?V0 ?V1 ?V2 - for semver support
• Upgrade to acr-1.8.1 to get semver support
• Add pkgname in RLibStruct for r2pm on outdated plugins

debug

• Added reverse step and continue support to gdbr
• Moved drC to drpC for profile comments and added drC for reg comments
• Added register specific comment parsing to register profiles
• Fix crash caused by rebasing a file without sections
• Set cfg.debug to true before running oodf in doof
• Fix multithreaded breakpoint behavior in linux
• Attach to new linux threads on creation
• Fix debugger build on linux-s390x
• Always unset bps after continue and step hard
• Add detailed location info to dpt using pc instead of path
• Add packed sizes to gdb vector registers and improve mapping of target description to r2 regs
• Fix drt not printing non 64bit/32bit registers and flags
• Refactor breakpoint validation (#15754)
• • Refactor breakpoint validation
• Revert "Validate bp addr on rebase and restore instead of preventing creation
• Validate bp addr on rebase and restore instead of preventing creation
• Fix hardware bp restoring and fix hwbp repeating errors
• Add location in file to linux dpt output
• Fix var rebasing by saving regname info
• Refactoring ptrace register write for BSD
• Implement bsd_thread_list for FreeBSD
• Fix reopening of windows debug after detaching not working
• Fix windows breakpoint rebasing
• Prevent the restoration of disabled breakpoints

diff

• Add explicit fingerprint_size to RAnalFunction
• Add ccdd command to diff decompiler output of two functions
• Add ccdd command to diff using decompiler (experimental)

disasm

• Remove realname from strings (#15841)
• Show flag realname when finding a function and realname is enabled
• Hide flag comments when realname is shown (#15801) 
• asm.symbol: Improve code/test a bit more (#15798)
• asm.symbol: Fix flag name when disasm from non-flag addr with no anal

esil

• Add RISC-V 64 word instructions and test (#15742)
• Correct RISC-V division and add test (#15712)

io

• Fix #15789: Increment offset for reads as well (#15865)

json

• Use PJ api in the output of isj and show realname
• Fix issues in iCj, drlj and arlj
• Fix izzzj json output
• Fix gen json dwarf with pj api (#15755)
• Fix is.j iEj and iaj json validation issue in r2 -- (#15724)

panels

• More fix for resizing issue (#15844)
• Performance improvements for the cursor mode
• Code clean-up and a little performance improvement for decompiler cache
• All the available decompilers outputs will be properly shown with this
• Make the decompiler cache work properly
• Add H key for cursor mode which works like the one in vim

print

• Implemented pmj (#15864)

r_debug

• Debug, BSD systems refactoring

search

• Add elliptic curve private key search in /cr command (#15761)
• izzzj: Add izzj attributes (#15759)

signatures

• Apply types on matching zignature data

table

• Add f, command to list flags in table format

test

• Fix V testsuite build with latest V from git (#15867)
• Convert cmd_pd* tests from <<KEYWORD to <<EOF (#15823)
• Support extras tests in r2r.v (#15821)
• r2r.v, -j 0: Allocate 1 job per test (#15807)
• Improve unit test execution using the new V suite and makefiles
• Many improvements in the V testsuite (#15722)

tests

• r2r.v, -j 0: Allocate 1 job per test (#15807)

util

• Fix r_list_set_n() to allow empty element (#15820)

visual

• Limit panel tabs to 9 to avoid keybinding and click issues

windows

• Fix reading on invalid process memory

To Review

• Release 4.2.0 - Arctic World Archive
• Fix resizing issue (#15863)
• Fix pkgname version check for real now (#15862)
• Enable V testsuite on GitHub CI (#15796)
• Enable V testsuite on GitHub CI
• Check version for pkgname correctly (#15860)
• dot can be null
• Using R2_VERSION_MAJOR/MINOR is wrong because they will be continuously updated and we want to check for exactly 4.2.0
• The version check logic itself was wrong
• Fix afb test (#15861)
• Fix #15833 - Only print pkgname if the plugin is for r2 >= 4.2
• Update/improve jmptbl size tests
• Use specific commit of V to avoid build issues
• A bit more picky fix
• Add test for afs without type
• Fix #15767 - Temporarily disable colors in drrj
• Fix warnings
• Update radare2-shell-parser
• Use void because we don't do anything with the return value
• Coverity fixes
• Remove the wrong test
• More tests fixes
• Resizing works not perfectly yet but close
• Fix #15604: Convert all tests from <<KEYWORD to <<EOF
• Fix wrong tests (#15834)
• Add test for env variables boolification
• Introduce SETBPREF to handle "boolish" vars like asm.cmt.off
• Do not try to convert to true/false, as it breaks integer vars
• See discussion at https://github.com/radareorg/radare2/pull/15681 .
• Unfortunately the change cannot be done for non-int vars only, because
• right now vars are not statically typed, so a var that is initially
• CN_INT can then become CN_STR if you set a string.
• Changing vars to assign them a static type when they are created would
• require a much bigger change and discussion.
• A bit of refactoring in r_config.h
• Move all version defines into r_version.h and handle it from meson too
• • R2_VERSION_MAJOR
• • R2_VERSION_MINOR
• • R2_VERSION_PATCH
• • R2_VERSION_NUMBER
• Mach-O io: mem leak fix proposal. (#15829)
• C89 Fixup for r_sign_fcn_types function (#15824)
• Fix error: for loop initial declarations are only allowed in C99 mode
• Implement new zignature types format
• Adapt zignature types deserialization to new format
• Integrate fcn types when zignatures match
• Use node->i_value in the log.level/log.traplevel callbacks
• Basic Blocks are now global instead of owned by a single function.
• Fix dbg_bps tests that always succeeded (#15763)
• Approved-by: Riccardo Schirone [email protected]
• This feature only works with server implementations that have ReverseStep
• and ReverseContinue enabled, such as rr. The official gdbserver doesn't support it.
• Remove opt->sz checks and operations in r_bin_open_buf
• opt->sz is not used anyway in r_bin_open_buf, so there's no need to
• check its value or compute it.
• Fix last coverities related to cbin
• Add test for a8 command
• Some more coverity fixes (#15802)
• Implement pcV command to print byte array in Vlang
• Fix a small bug by removing some useless codes (#15795)
• Initial implementation of libname for flags in imports
• Initial support for PE and real flag
• Read libname for PE exports
• implement pj for imports
• Remove imp. prefix from symbol names
• Fix r_core_bin_impaddr()
• Fix some mdmp import stuff
• Print libname in ii
• Fix some imp. checks and reloc meta
• Fix r_bin_filter_sym() for imports
• Use realname for noreturn check
• Fix asm.flags.real for direct calls
• Fix realname for direct calls with fcn
• Fix resolving names from ordinal
• Co-authored-by: Florian Märkl [email protected]
• Add sha256 hash to "it"
• Refix #15331 (-nn filename with @) (#15788)
• C prototypes fixed
• Fix broken AppVeyor due to rejected apostrophes (#15785)
• Some coverity fixes
• Third fix attepmt for musl builds
• Second fix attempt for Alpine/musl builds
• Aim to fix the alpine build
• The plugin wouldn't properly trace breakpoint hits on different threads
• since they weren't switched to and the events weren't always handled.
• Also, since the breakpoints are removed after they are found in one of the
• threads, it's best to stop all threads for now even if dbg.threads is false.
• New threads were only added after being attached to manually or if
• dbg->trace_clone was true. dbg->trace_clone stops debug and switches the
• new thread now.
• Fix a format string vuln in the disassembly with comments (#15783)
• Add s390x reg profile
• Add missing pc register
• Use gregset instead of regset
• ww: Support esc seqs (#15780)
• Breakpoints were left in disassembly after a signal/break and there
• are probably other cases that may lead to it.
• Offset for each panel was not correct (#15778)
• Add null to pj and use for relocs (#15776)
• Add pj_null() and pj_knull()
• Print reloc name as null in json if not available
• Omit reloc name in json
• Improve shell injection check
• Fix Coverity fixes (#15779)
• Some coverity fixes
• Fix #15331 - rabin2 -rk code injection issue (#15678)
• Rewrite r_str_unescape() using switch
• Do not compile radare2-shell-parser by default (#15769)
• Last release (4.1.0) did compile it by default, but the build requires
• internet access to download the repositories. For now, since the feature
• is anyway very experimental, we disable it at compile time so that
• distributions can just compile their packages without internet access.
• In the future we may want to use submodules or augment the release
• tarball to include the tree-sitter and radare2-shell-parser archives.
• Pass 64-bit sdb_fmt parameters as 64-bit (#15758)
• Fix double free in r_bp_del_index and other breakpoint index bugs
• Lack of cleanup in r_bp_del_all causing use after free in other dbi
• commands
• Copy paste error turning dbix into dbx
• Add dbi- command
• Allow dbi commands to operate with index 0
• izzzj: Use pj api (#15760)
• Some xmm registers were printed as fpu and bnd registers were shown in
• all drt categories.
• dr will still only show 64bit/32bit registers to avoid printing all
• of the flags and d/w/b register variants.
• This fixes situations that if a read contained even a byte inside invalid memory, the entire read would fail
• Added RCoreBind.syncDebugMaps() and RCoreBind.getDebugMaps() api
• Reenable db tests and add new tests to check validity
• Add perm check to isMapped and remove map sync to improve performance
• Fix two tests
• Add RCoreBind.isMapped() api
• This reverts commit e503bdd9c212c2da221abe31091c6e9753ce018e.
• This way it is possible to set breakpoints before starting debug through
• 'db' and the user will be notified when a breakpoint points to an
• invalid map.
• Instead of unsetting breakpoints they were set again without removing
• the previous drx values, which also caused the "Invalid DRX length (0)
• must be 1, 2, 4, 8 bytes" error because of the wrong len values.
• Also, when resetting twice, del failed since there weren't any hw
• registers to delete, which caused the "hw breakpoints not yet
• Shows the module, offset and function name instead of showing the executable's
• path for all threads
• Upgrade node-r2r 0.2.8 (#15751)
• Fix windows dp showing the parent's path for all processes (#15741)
• Fix #15734 - Automatically download PDB file if pdb.autoload=1 (#15738)
• Automatically download PDB file if pdb.autoload=1
• Don't re-download pdb if it already exists on the symstore
• Only download if file doesn't exist
• Fix wrong filtering of equals sign on PDB enum define (#15745)
• Fix all PDB tests
• Update node-r2r 0.2.7 to solve the json lost promise issues
• Hide warning message
• Fix warnings
• Add a fortune (#15736)
• Fix Vdv start_off calculation (#15735)
• Fix #15691 harder (#15733)
• Fix #15691 - avoid reading invalid memory
• izz: Fix printing of string with backslash if str.escbslash=false (#15731)
• More improvements for the cmd tests using r2r.v (#15728)
• Fix #15717 - Update scroll panel when stepping with F7
• Fix infinite loop in panels - vttq (#15729)
• Check for error when analyzing instructions in vmenus
• Fix #15719: Reduce false negatives in 'U' strfilter
• Added path escape and unescape
• Unescape paths only if r_str_argv was successful
• Use r_str_replace instead of r_str_arg_(un/)escape to avoid breaking escaped filenames
• Fix debug and 'o' not being able to open paths with spaces #debug
• After starting debug the register deltas weren't mapped to the same
• registers in remote and native debug. This made wrong registers appear
• as vars and in remote gdb none showed up since the remote's list is much
• shorter than r2 reg lists.
• Kill some more tests using <<RUN
• Improve r2r.v quite a lot up to 0.2
• Delete stale temporal files in the unit test
• Use executable path instead of dbpath and more cleanup
• Move manpage and move old bins into the attic
• This api honors ansi escape characters
• Delete the use and definition of "eprint" (#15716)
• After release version bump
• Add sys/r2env.sh: Set up env for r2 in non-standard loc (#15696)
• Fix invalid JSON in rabin2 -j (#15709)
• Fix Field Seek in Visual Menus (#15710)
• Fix some warnings (#15705)
• Fix some warnings
• Remove unnecessary duplication
• Co-authored-by: Anton Kochkov [email protected]
• Few warning build fixes proposal.
• attach_new_process was called instead of regular attach because the
• saved pid and tid in core->dbg weren't reset before calling r_debug_select
• in a new session. Made sure this won't be a problem when using dp= after
• dp- either.
• Calculate the diff ourselves since bp->delta is calculated with the
• dbg->bp->baddr at the time of breakpoint creation, which may not
• reflect the correct baddr and break the rebase.
• Previously, disabled breakpoints were restored and then hit during
• execution. The debug logic ignored them and continued but that's
• an unnecessary slow down. To achieve this type of behavior the user
• should use tracepoints.
• Minor syntax issues in panels
• Use v fmt to indent the new testsuite
• Change Semantics of r_rbtree_upper_bound() and simplify Iter Fcns (#15698)
• Remove RAnalBlock members only used in Java (#15679)
• Remove RAnalBlock members only used in Java
• Remove R_ANAL_BB_TYPE_(HEAD|BODY|LAST|FOOT)
• Fix a Test
• Fix afb+ help
• Try to test with PowerPC and SystemZ (#15452)
• When setting non-bool config var, set false/true if r_str_is_false()/_is_true() (#15681)
• When setting non-bool config var, set false/true if r_str_is_false()/_is_true()
• Fix for cmd_open tests
• Fix for cmd_print test
• Separate pure BSD calls into its separate compilation unit.
• Fix #15682 - Fix getting noreturn info from invalid addr (#15693)
• fix some crashes of the widget (#15694)
• fix some crashes of the widget
• JK moves the cursor by a page and g moves the cursor up to the first line, plus a few improvements (#15690)

Release Notes

Version: 4.1.0
From: 4.0.0
To: 4.1.0
Commits: 252
Contributors: 40

Authors

• Alex Kornitzer [email protected]
• Anton Kochkov [email protected]
• Anton Kochkov [email protected]
• Armin Weihbold [email protected]
• David CARLIER [email protected]
• Eli [email protected]
• F3real [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• Giovanni [email protected]
• GustavoLCR [email protected]
• Henry Eklind [email protected]
• Jared [email protected]
• Johannes [email protected]
• Kamil Lorenc [email protected]
• Khairul Azhar Kasmiran [email protected]
• Khairul Kasmiran [email protected]
• Kārlis Seņko [email protected]
• MNayer [email protected]
• MartinJM [email protected]
• Paul I [email protected]
• Qian [email protected]
• Riccardo Schirone [email protected]
• Sergi Àlvarez i Capilla [email protected]
• SjRNMzU [email protected]
• Sylvain Pelissier [email protected]
• TheGoddessInari [email protected]
• Vane11ope [email protected]
• condret [email protected]
• dav1901 [email protected]
• dok [email protected]
• erfur [email protected]
• fcasal [email protected]
• ilian [email protected]
• karliss [email protected]
• pancake [email protected]
• xarkes [email protected]
• yossizap [email protected]
• yossizap [email protected]
• Óscar Carrasco [email protected]

Changes

anal

• Improve SP based variable analysis
• Some more helpful messages for anal.verbose
• Fix first r_anal_op call after asm.bits change
• Improve SP based var analysis
• Fix ms cc wrong argument analysis
• Fix r_type_del() for typedefs (Fix #15337)
• Add base64: for afn
• Move the fcn preludes into RAnal and add anal.jmp.tailcall (-1,0,N)
• Fix typo in ios-syscalls.txt (#15436)
• Initial implementation of afvf - show bp-relative stackvars
• Insert arguments into types SDB on function analysis

arch

• Add support for or1k (OpenRISC) disasm+analysis (#15515)

asm

• Fix ignored asm.bits settings because of RBin overrides
• Fix for #15459 - Also set the first operant to the right value on a mov from pointer with offset
• Add ARM strd support (#15388)

bin

• Add 64-bit iOS SEP xtr plugin
• Add PIE flag check in kernelcache detection
• bin.str.enc: Accept UTF hyphen aliases (#15492)
• Support UTF32-BE decoding (#15472)
• Recognize Unicode BOMs (#15469)
• Use pj in the izj and izzj commands
• Fix #15445 - Add support for Mach-O external relocs
• Add support for C64 PRG fileformat
• pd: Don't abort string printing on initial null if bin.str.enc != guess (#15446)
• Fix #14279 - Ignore entrypoint on non-executable ELFs
• Analyse HIOS and LOOS symbol types by default. (#15411)

build

• Fix #15485 - Improve argument parsing in sys/{install,build} (#15486)
• FIx 32bit windows
• Rename "asan" to "sanitize" (#15412)
• Fix build for 32bit Linux systems
• Fix build of the onefied shared lib 

command

• Very simple tree sitter integration (#15414)

config

• Pass R2_CONFIG file to ! commands and serialize methods

cons

• Fix #14197 - Don't highlight control chars on hud filter (#15552)
• Include last line when greping using foo~n.. (#15524)

core

• Fix some Race Conditions with the thready task scheduler (#15667)
• Make Task Scheduling Explicit (#15511)
• asm.cmt.off: Accept 0 & 1 as aliases for false & true respectively (#15500)
• Use sigaction instead of signal
• CPU affinity API introduction
• Honor cfg.editor in 'vi' instead of always using 'vi'
• Implement $foo:=,+=,-= and $foo to alias some flags commands
• Support 'f foo+=4' and 'f foo-=4' syntax for flags

debug

• Improve debug rebasing and fix partial windows rebase
• Refactor debug native's wait function
• Fix native debug not working with files that were opened as RW
• • Add ppid to win32 debug and 'dp''s display/json
• • Add process selection to w32 debug
• Fixed a crash caused by reopening gdb
• Fixed not killing child processes and added detach
• Fixed gdbr warnings and a dpt crash after debug was over
• Added an event to signal the end of the debug session
• Fix 'oo' rebasing when leaving debug and add 'doc' to exit
• Silence drr warning on UT64_MAX registers
• Fixed an issue with detached child breakpoint inheretence
• Added oodf\doof to enable rebasing for remote debug
• Rebase Breakpoints for PIEs
• Added dp processes info support to gdbr
• Add breaking to ood in linux to avoid execvp freezing
• Allow debug plugins to modify pid/tid on select
• Fix linux_set_options error
• Add process selection to linux native debug
• Setting parent pid on pid list on BSD
• Show all processes for pid 0 using dp
• Improve linux native debug dp output
• Fix getting DRX breakpoint size
• Fixed overflow that broke remote debugger reopening
• Impl. list modules for WinDbg
• Fix WinDbg IO in page boundaries
• Fixed windbg concurrency and added missing locks
• Fixed windbg pipe timeout behavior on linux
• Added rebuild rules for windbg
• Fixed windbg continue on windows 7 64bit
• Allow breaking for WinDbg
• Update hardcoded gdbr registers for 16/32bit x86 (#15488)
• Added parsing support to all gdb registers
• Fix gdbr's reg_write and reg_next_diff for reverse stepping
• Reduced gdbr's tcp connect timeout and added a break
• Fix gdbr not closing sockets after connect failed
• Add break to gdbr's read_packet and move isbreaked to libgdbr
• Fix gdbr_write_registers and refactor gdbr_write_reg
• Replaced lock_check with tryenter in gdbr_read_registers
• Add breaking to gdbr connect to avoid waiting on invalid connections (#15442)
• Add experimental ymm regs support for linux-x64 and extend drm command
• Add Windows 8 and 8.1 WinDbg profiles
• Fix attaching to a pid on Windows (#15406)
• Fixed w32dbg breaking issues (#15386)
• Add support for printing xmm* as packed floats and doubles (#15378)

disasm

• Fix hidden hint.lea for hint.pos==0
• Improve switch-statements in disassembly
• Add refs, xrefs and esil columns to pdt
• Add asm.cmt.esil to show ESIL as comment

doc

• Improve macOS installation documentation (#15438)
• Fix links to Doxygen documentation (#15377)

gdbclient

• gdbclient reduces risk of use after free down the road

io

• Uses the setitimer api instead for the alarm in self://
• Automatically set the debug plugin when opening debug uris (#15403)

json

• Add current process field to dpj

network

• Fix r_socket_connect not using the given timeout in unix

print

• Fix #14661 - Support parsing binary protobuf data (#15423)
• Add utf-8 support in r_print_rangebar (#15389)

r_debug

• Refactor signal handling for FreeBSD

search

• Introduce the r_magic_load_buffer() api and boolify a bit
• Update RSA key search to find larger keys (#15494)
• Search for AES 128, 192 and 256-bit keys (#15426)

signatures

• Add auto zignspace generation for the zg command (#15402)

test

• Implement asm, fuzz and json test runner in r2r.v

util

• Add RIntervalTree data structure
• Added r_th_lock_tryenter API (#15454)
• Use HtPP for RStrConstPool (#15424)

visual

• Improve the interaction with decompilers in panels
• Reduce the blocksize on some hexvisual modes

windows

• Add command to identify window under cursor
• Fix #15456 - Fix reopening in write mode
• Fix hang when running dc in a task

To Review

• Release 4.1.0 - Codename 'antull'
• Fix lock ordering of RCoreTaskScheduler.lock vs. RCoreTask.dispatch_lock
• Remove RThreadLock.refs
• Fix a race in tasks
• Make SP based variable analysis aware of changes to SP
• Use delta inside stack to identify the variable used instead of offset to SP
• Keep track of offsets to SP used to access the variable
• Fix argument printing order for reg args
• Add test
• Revert pe coverity fixes to fix ihj
• The format is reused for printing and internal type representation,
• breaking the JSON by making the value field in ihj empty since "llx"
• isn't a valid type
• Fix ESIL UB
• Mark fixed tests as such
• Fix some FX Tests
• Separate windows, linux and *bsd/apple since they have vastly different
• logic and the ifdef jungle implementation was too confusing
• sys/meson.py: Use == 'vs2017' instead
• The FD was kept open and ptrace was prevented from opening it with the
• error "Could not execvp: Text file busy". Fixes issue #15650.
• Solving r_debug_handle_signals build warning issue.
• Fix #15653: Silence MSVC XP deprecation warning
• Use eprintf instead
• Fix typo
• Make it possible to use sysmagic again (#15658)
• Compile tree-sitter with std=c99 flag (#15654)
• SystemZ analysis logic error
• Fix some MSVC warnings
• Add ppid to dp and fix dp= for windows (#15649)
• Previously, dp= wouldn't fully switch to the given process since it
• was treated like dpt thread switching, leaving the debugger in
• an undefined state.
• Function r_anal_cc_arg should just return NULL when nothing is available (#15646)
• Function r_anal_cc_arg should just return NULL when nothing is available
• Callers should be able to handle NULLs
• Fix memory leaks in unit tests
• Some coverity fixes (#15643)
• The plugin would try to work with an old version of desc that was already
• freed by r_io_close_all after closing the session. I set debug_gdb's
• global 'desc' to NULL in detach as a temporary solution. We should convert
• to **desc to keep an updated copy of the pointer.
• Fix warnings in or1k_disas.c
• Fix #15545 - Fix NULL derefs after r_file_slurp() fails
• Fix format string in windows_message.c
• Replace some strstr() calls with strchr()
• Fix Alignment Check in aae on bit change
• RDebugPid not being initialized with NULL resulted in a free on an invalid
• pointer after gdbr_threads_list failed.
• Fix memleak in r_anal_free() (#15631)
• Fix heap-buffer-overflow bug in get_src_regname() (#15630)
• r2r.v: Fix test skipping (#15629)
• r2r.v: Move threads into r2r (#15628)
• Some Coverity defect fixes (#15626)
• Not all of the data was rebased after reopening the original file and
• there was warning message from set_baddr which isn't needed here.
• Switched to __rebase_everything instead of the old methods that were used.
• r2r.v: Support running of just 1 cmd testfile (#15616)
• r2r.v: Fix invocation of json tests (#15624)
• Fix AppVeyor (#15623)
• Refix magic's bgets()
• Fix another infite loop in RMagic.loadBuffer()
• Fix bread in RMagic.loadBuffer()
• Loading json tests is not the same as running them (#15618)
• In this way 64-bit SEP kernels aren’t wrongly detected as XNU kernel caches.
• Rename or1k insns global (#15613)
• As in certain build configurations it conflicts with the Capstone’s symbol of the same name, raising errors in the linking phase.
• The warning:
• WARNING: r_core_anal_hasrefs_to_depth: assertion 'core && value != UT64_MAX'
• failed (line 2062)
• This way registers like 'orax' will simply have an empty reference like before,
• just without an annoying warning when there really is nothing to telescope.
• {"reg":"orax","value":"0xffffffffffffffff","ref":""}
• Use ONE_STREAM=1 instead and assume it sets scr.onestream
• Name variables based on their offset from the start of the stack frame
• Fix tests
• Fully implement the asm test runner in r2r.v
• • Must use the native api to speedup
• • TODO: Multiple cores to run in parallel
• Fix N and V results in 6502 BIT ESIL (#15562)
• r2r.v - better portability
• Fix some more asm tests and use the same warning style for r2r.v
• Fix crash on oom when command line is too long. Aim to fix #15543
• Initial implementation of the asm/dis tests support in the V suite
• Remove broken Threading Code from main for #12996 (#15554)
• Previously, forked children would instantly die if the fork was stepped
• over using a breakpoint which is accessible to the child process.
• Removed deprecation messages (#15557)
• Moved the information in the help messages
• Add RRangeTree
• Inclusive/Exclusive
• Add r_interval_tree_delete and r_interval_tree_resize
• Fix r_interval_tree_all_at()
• Fix a bug of the tab (#15559)
• Imports Tests from radare2-regressions (#15546)
• Fix some warnings (#15549)
• Fix signed integer overflow in r_asm_massemble (#15551)
• Fix an int Overflow in r_asm_massemble() for #15543
• Fix length type in r_str_trim_tail()
• Aim to fix another integer overflow in r_file_slurp
• Fix integer overflow when assembling a 2GB file
• Blindfix for #15543 - aka CVE-2019-19590
• Most servers/clients should have xml support by now so it should behave
• like dp in any other debugger. vFile is the only way to get detailed pid info unfortunately.
• Execvp may hang until a signal is received on some systems(reproduced in
• arch linux) in case the file can't be executed for some reason(broken
• symlink, different arch, etc).
• Previously, when using dp=, the debug plugin would set a new tid based
• on the requested pid, but r_debug_select would set the old tid as dbg->tid,
• resulting in issues interacting with the current thread. This could also
• be an issue when the requested pid/tid is invalid and the plugin selects
• something else.
• Previously, setting options would fail sometimes since PT_ATTACH's attach
• SIGSTOP wasn't hit before reaching linux_set_options.
• Previously, dp= wouldn't fully switch to the given process since it was
• treated like dpt thread switching, leaving the debugger in an undefined state.
• Add user Pointer to RBNodeFree (#15540)
• Fix sj current position marker after buffer wrapping. (#15538)
• Coverity Scan GitHub Action (#15539)
• ONE_STREAM_HACK & scr.onestream: Force expected ONE_STREAM order if necessary (#15535)
• Fix spp warning (#15530)
• Try showing offset when there are no redo items.
• Fix handling of many seek history items and other edge cases.
• Previously, the command didn't show the pid's path, replaced the path
• field with current/ppid, and showed the ppid instead of only showing the
• requested process and the children of the requested process.
• Fix some warnings on Windows (#15532)
• opt->sz is initialized with r_buf_size at r_bin_open_io using an io
• buffer if r_bin_open_io can't open a file buffer. Since the debuggers
• returned unsigned values to opt->sz which is signed, opt->sz would
• overflow and contain a negative value, causing r_bin_open_buf to fail.
• Went ahead and modified CUR_END values for all debuggers even though this
• should only affect remote debuggers. ST64_MAX should be enough.
• Python and VS updates for Windows/clang (#15526)
• Python and VS updates for Windows/clang
• Fix labeler environment
• windbg module build warning fix (#15514)
• Switch labeler to periodic-labeler (#15517)
• With https://github.com/actions/labeler/issues/12
• being an issue, the action's labeler is useless for PRs that come from a fork.
• This one runs on a cron timer instead and doesn't suffer from the same issue.
• fixed bin.libs loads and dex use after free (#15522)
• Fix a Double Free for Dex (Fix #15519) (#15521)
• Add Comments to RCore and kill some unused Members (#15513)
• Fix #15498 - Fix stdcall stack calling convention (#15508)
• Remove unnecessary RConfig Members (#15509)
• Fix a Double Free in tms320/c55x+ (#15505)
• Before we didn't check if a virtual address read/write would go through a page boundary. This fixes it.
• Also do some formatting and re-enable some useful error messages
• Fix XP build
• Partially decouple Tasks from RCore
• Add pull request labeler (#15503)
• Previously, windbg_break would freeze waiting on a lock instead of breaking,
• taks other than wait weren't breakable and read regs would freeze the
• process while waiting for a mutex.
• Previously, linux would timeout when trying to connect and would timeout
• too frequently since milliseconds were treated as microseconds.
• ContinueApi2 only worked on XP 32bit while ContinueApi works on both.
• Previously, continue would do a single step.
• Fix OOB read in windbg_reg_read
• Add locks to prevent collision
• Enable timeouts on the pipe backend
• Fix #15495 - show current seek history position in sj
• bin.str.enc: Accept uppercase aliases (#15496)
• bin.str.enc: Check for NULL (#15493)
• Fix anal.timeout calculation in r_cons_break_timeout (#15490)
• Remove broken Task Pausing and unnecessary RCore.lock (#15489)
• Fix null deref when using waf on non-valid file
• Inital GitHub Actions (#15467)
• Inital GitHub Actions
• Disable Windows for now
• Disable tests for now
• Add missing BT instruction optype for x86
• There are still platforms that don't support the target xml format.
• Added parsing of gdbr arm/arm64 register features and added a default to >64bit registers
• Since r2 doesn't support set/get to large/vector registers (it will still work
• when printing gdb's registers with dr/drt or restoring the registers
• with reverse stepping), there's a possible issue that the user will get
• lots of prints of "r_reg_[get/set]_value: Bit size 128 not supported"
• when running various debug commands that use those functions. This fix
• simply moves those registers away from gpr to avoid those prints while
• still being able to view/restore the registers.
• Minor Refactoring and Comments for RBTree
• Fix the flags.prefix with flags.inline glitch
• The previous implementation was limited to 64bit registers and didn't
• parse the 'feature' field.
• Writing registers with gdbr worked with single registers because
• reg_next_diff started at delta 0 and only had to run the diff once for
• the single register that was changed. When running reverse
• stepping/continue, multiple registers are changed at once so
• r_reg_next_diff would fail every time due to incorrect offset calculation.
• The new r_reg_next_diff also support different register sizes to restore
• all registers correctly.
• The endianity swapping part from reg_write isn't needed since the arena
• is the return value of 'g' which is already in the correct target byte
• order (see: https://sourceware.org/gdb/onlinedocs/gdb/Packets.html#read-registers-packet)
• Fix #15451 - Update Windows compilation documentation
• Connect isn't effected by r_socket_block_time since it can only change the
• timeout of read(and not implemented, write) actions with setsockopt.
• Also, connect may wait for an unspecified amount of time so we have to use
• select.
• The socket object was free'd without closing the fd. In the following
• gdbr_connect attempts, tcp's connect would freeze on a valid socket since
• connection based protocol sockets may successfully connect only once,
• any connections beyond that are undefined behavior.
• Remove printf debug leftover
• Some fixew for the graphviz code (#15470)
• Add TODO comment for overlong strings
• No more hacky base64
• iz != izz, before izz was iz+izz
• Fix x86 lahf instruction
• Fix autocomplete
• Don't contribute with patches
• Emit sp-based var offset as a number
• The output of afvsj shows offsets of sp-based variables as strings.
• This fix changes the offset to be shown as a number, just like sp-based arguments and bp-based variables.
• Since read_packet has a large number of retries you would wait for it
• for a couple of seconds after breaking in functions like connect and
• vcont
• Previously, write_registers sent a partial string instead of the
• correct register format which specifies that each byte should be
• represented by two hex digits.
• This change allows reading registers when calling read_registers in
• a thread that holds the recursive mutex.
• r_th_lock_check only returns the refcount which isn't enough to know if
• the current thread is holding the mutex when a recursive mutex is enabled.
• Support UTF16-BE decoding (#15450)
• Support UTF16-BE decoding
• Add spaces
• Fix few warnings for the gdb client
• Fix crash
• Cleanup tab-completion initialization code
• R2 will hang while waiting for any resolvable port to respond, this takes
• a long while since connect is attempted twice in r_core_file_open.
• Update capstone v4/next from Git
• Added break to gdbserver vCont and refactored the code to use locks (#15433)
• The previous gdbr implementation didn't allow interrupting background
• tasks with &b since send_vcon wasn't properly configured with the cons
• api. In addition to that, gdbserver doesn't support processing multiple
• commands at the same time, resulting in undefined behavior once cons
• were set up for vcont.
• This commit adds the relevant cons api and solves the concurrency issues
• by adding locks on all socket related logic.
• Fix r_sys_sigaction not setting up the requested signals (#15440)
• The for loop's iterator was initialized with the first member of sig[]
• instead of 0. Added an error to avoid this issue going unnoticed.
• r_list_free() -> r_list_free ()
• r_list_new() -> r_list_new ()
• __exit was listed twice with same number (1), and fork was missing.
• Fix broken pkg uninstall command on macOS (#15437)
• Provide a proper package ID to get rid of the following error:
• No receipt for 'radare2.pkg' found at '/'.
• Prepend a / for each returned path by the pkgutil command, to make
• it an absolute path instead of a relative one.
• Avoid invoking the sudo command for each file, which speeds up the
• command significantly.
• Avoid ambiguous signing certificates on macOS.
• If a user manually installed a new code signing certificate into the
• login keychain as documented, the install script will fail to sign r2
• because the sys/macos-cert.sh script generates a new certificate in
• the System keychain. This results in the following error when signing:
• org.radare.radare2: ambiguous (matches "org.radare.radare2" in /Users/user/Library/Keychains/login.keychain-db and "org.radare.radare2" in /Library/Keychains/System.keychain)
• To be constistent with sys/macos-cert.sh, change manual certificate
• generation steps to install to System keychain instead of login
• keychain.
• Mention that code signing certificate generation is automated by the
• install script before listing the manual steps to generate a new
• code signing certificate.
• r_list_newf(..) -> r_list_newf (..)
• Use free() instead of R_FREE() in r_list_delete()
• Same reason as #15430.
• Use PJ in oj (#15434)
• This fixes escaping issues
• Fix Leak of Flag Zones (#15432)
• Use free() instead of R_FREE() in r_list_free() (#15430)
• Refactor r_flag_color() to r_flag_item_set_color() (#15429)
• Add r_spaces_purge() (#15428)
• Fix comment about RFlag.ht_name (#15427)
• Faster interactions -- can be improved still
• Add missing entry for meson
• Fix r_strbuf dependency on r_cons
• This allows the 'zg' command to auto generate zignspaces from function
• names by utilising the ':' convention used in zignatures. Now when 'zg' is
• run if any funtion names are in the format ZIGNSPACE:FUNCTION, the
• zignspace will be extracted, created and the function applied under its
• scope.
• Fix build (#15422)
• Fix #15419 - Fix bytes field in aoj
• Hold this analop warning under anal.verbose
• tree-sitter-integration: support tmp-seek, arged, and interpret commands
• Make meson automatically download tree-sitter and radare2-shell-parser grammar
• Add tree-sitter/radare2-shell-parser directories in gitignore
• Add Support for tree-sitter in acr/makefile
• Just use one script to download 3rd party repositories in shlr
• Use cfg.newshell
• Fixes for Windows debugging (#15418)
• Fix error when continuing after attaching to process
• Get threads correct EIP
• Fix some memory corruptions and small refactor
• Remove core->oobi because not used (#15413)
• Fix leaddrs leak (#15417)
• $foo:=123 f foo = 123
• $foo+=4 f foo @ foo + 4
• $foo s foo
• Strip bins and libs for the Debian package
• sys/meson.py: --asan accepts sanitizer list (#15405)
• Fix #15407 - Fix using unexpected ACP for input on Windows (#15408)
• Fill op->mnemonic in anal-gb
• Use RPUSH in anal-gb
• Clarifying yara-to-r2 integration documentation. (#15404)
• Sync default sanitizer list of sys/asan.sh and sys/meson.py (#15397)
• Sync default sanitizer list of sys/asan.sh and sys/meson.py
• Keep signed-integer-overflow
• Hardening esil-dfg
• Modified debug_native to handle break's thread switching behavior
• The user was interrupted during continue and switched to a different
• thread since DebugBreakProcess creates a thread that triggers a breakpoint.
• With these changes the DebugBreak thread is recorded to skip the breakpoint
• event afterwards.
• Modified r_debug_native_wait to avoid switching between threads for each event
• The debugger should return to the requested thread after handling events
• in other threads except for breakpoints.
• Refactor drm to be ready for the YMM registers (#15394)
• Fix Appveyor hang. (#15396)
• fix linux x86 build (#15395)
• Fix assert
• Fix build
• After release version bump
• Add some asserts in rreg
• Fixed w32dbg breaking issues and moved break_push to w32_dbg_wait to support stepping as well
• Previously, breaking would only work during 'dc' because it was pushed
• in debug.c specifically for continue. This change moves the
• responsibility of pushing/popping w32_break_process_wrapper to
• windows_debug.c instead to support calls to w32_dbg_wait from anywhere.
• sys/meson.py: Use -fsanitize=... instead of -lasan when linking (#15390)
• Use pj api in drrj (#15391)
• This also solves an issue with drrj in windows since the code relied
• on iter->p to know if a comma should be prepended, but windows always
• has it initialized so it was always prepended - invalidating the JSON.
• Make the generated r2.bat use bat path_relative syntax instead of hardcoding. (#15383)
• Fix double-free in canvas.c (#15379)
• stack.nl is no longer active

Release Notes

Version: 4.0.0
From: 3.9.0
To: 4.0.0
Commits: 299
Contributors: 48

Changes

anal

• Bring back the MASK_DISASM because not all nanal plugins support it yet ##anal
• Select default var type based on its size (#15352)
• Fix #15325 - Improve af- like its done in Vdu
• Deprecate anal.jmp.eob /refs #13482
• Fix #15117 - honor asm.var.sub in ao/aoj
• Fix #15315 - Honor RAnalOp.disp in aar and ao
• Update 8051 plugin (#15321)
• Avoid reloading of cc sdb - huge speedup (#15306)
• Implement ESIL for arm64 UBFX
• Make RAnalFunction.cc come from RAnal String Pool
• Deprecate the use of anal plugins that doesnt handle mask.disasm
• Add jumptable support for main() in bins/elf/analysis/ls-alxchk (#15266)
• Add jumptable support for main() in bins/elf/ls.odd (#15233)
• add afoj and afdj (#15254)
• Fix #15235 - push [mem] not handled in /r
• Add initial reg profile for sysz arch
• Don't propagate noret to fcn if fcn jmps outside itself (#15190)
• Fix #15004: Make meta.min rbtree more robust (#15141)
• Fix memleak in r_core_anal_propagate_noreturn()
• Minor speedup/cleanup/refactor of the RAnal
• Implement ESIL control-flow-graph and further dfg analysis
• Add anal.delay to disable delay slot analysis for testing
• Fix pc-rel movs in sh's esil
• Delay execution debug messages are now available via anal.verbose
• Fix #15073: Disambiguate using fcn addr also in meta.min rbtree (#15077)

api

• Add r_strbuf_copy API (#15186)

asm

• Fix post-indexed memory access for str instructions on ARM (#15298)
• Fix #15302 [rasm2/armass] Correctly propagate errors from thumb_assemble (#15303)
• Add additional [indirect] access syntax for 8051 (#15272)
• Fix #10651 sub sp, sp, 0x1000 not correctly assembled for ARM (#15187)
• Fix #15198 (#15199) arm64 assembler const value
• Add 8051 assembler plugin (#15189)
• Z80's LD opcodes assembly (#15185)
• Fix parsing of floating point instructions in x86_64 assembler (#15174)
• Fix x86 assembler output for some memory loads (#15068)

bin

• On AArch64 there is a new special symbol $x (#15362)
• Fix #15152 - Support old Java attribute format (#15317)
• Simplify r_bin_open_io function (#15307)
• Support > 4GB ELF files
• Add support for RTable.query in i
• Fix #15132: Integrate table to iS,ia,ir,iz,is (RBin info) based commands (#15159)
• Implement support for the RISCV PLT ELF relocs
• Fixes for MSVC demangling (#15210)
• Format the .rela. sections in ELF
• Add NES ROM mirroring map

build

• sys/asan.sh: Use -fsanitize=... instead of -lasan when linking (#15375)
• Link sdb fully into r_util in meson (#15338)
• Fix #15296 - *BSD builds (#15309)
• Fix macOS build with latest XCode
• Add MSVC 2019 for AppVeyor
• • Try MSVC 2019 for AppVeyor
• Set rpath if non-Windows Meson shared
• Debian package fixes (#15081)

cons

• Fix function key handling in visual/panels
• For utf-8 locale, check LC_ALL, LC_CTYPE and LANG in sequence instead (#15326)
• Also use LANG env var to check for UTF-8 output support (#15257)
• Move UTF-8 setting logic to scr.utf8 config callback on Windows (#15273)
• Implement 'str' operation in RTable queries

core

• Fix #14247 - fn.j/fnj. show all flags in current offset, not just one
• Few compiler watning fixes here and there
• Fix #15114 - Implement r_sys_info() and uname
• Add kitty clippy replacement :3 (#15232)
• Add possibility to specify time zone with rax2 -t (#15180)
• Implement cj command using the PJ api (#15168)
• Add support for the V programming language
• Fix #15134 - Support octal numbers like 0o666
• Implement function-based plugin loading method
• Add omt and help message for RTableQuery + add format column api
• Move Lib already loaded check before dlopen Call (#15075)
• Replace r_str_const* with RStrConstPool (#15300)
• Kill r_sys_get_osinfo () (#15346) ##core

debug

• Use RTable for Windows heap info output (#15368)
• Add support for setting xmm registers on linux (#15365)
• Fixed continue not being associated with the current thread in unix
• Added a way to break while in dbg_wait (continue, step etc)
• Fixed dpk
• Fixed opcodes not being associated with the current thread in gdbr (#15358)
• Fix drm[bwdq] command, add xmm0h/l and xmm8-15 registers (#15354)
• Fix the way linux debugging options are set (#15323)
• r_reg_get_pack/r_reg_set_pack are not able to deal with 128 packbits
• Added support to thread switching in linux and fix r_debug_select
• Fixed ptrace 'Operation not permitted' errors (#15287)
• Fix debugger build for native GNU/Linux on RISC-V
• Fix incomplete drr/drrj formatting when r_core_anal_hasrefs fails (#15277)
• Added "dptj" and "dptj " (#15259)
• Enhance drm command, add drm xmm0 functionality (#15214)
• Fix drf output formatting
• Implementing debug info per pid on NetBSD
• Using unused map debug field on macOS
• Rebase fcn/bbs, flags , comments, meta, refs when ood
• Fix issues in windows thread switching (#15366) ##debug

diff

• Implement radiff2 -X for hexII diffing
• Fix #14845: Support radare2_rc in radiff2 for graphs (#15078)

disasm

• Better pdi output when Cd is involved
• Implement 'pdt' - print disasm in table, supports queries
• Make asm.fcnsig more compact
• Do not resolve the strings pointed by ADRP on arm64
• Improve (change) sh4 disasm (lowercase regs...)

emu

• anal_x86_cs fix esil expr for neg instruction (#15252)
• Fix #15246 - Honor the 'u' suffix in PPC instructions in ESIL

esil

• Fix #15297 - Update ESIL help message
• Improve registers handling in ESIL dfg
• Simplify ESIL code for ARM str instructions
• Add a parameter to $s and $o (#15171)

io

• Setting the upper address limit for OpenBSD
• Improve omt and implement RTable.filterSum

io_self

• Setting the upper address limit for OpenBSD

json

• Show flagname and realname in json format for fnj and such
• Add current thread field to dptj (#15268)

lang

• Rewrite hashbang command parser, use argc & argv in hashbang (#15188)

panel

• Fix #14857 - Handle 'O' key to rotate asm.pseudo/asm.esil
• Another const pointer to be free fix
• Handle / highlight in panels for zoom and window modes
• Fix const address freeing
• fix #15060 - Add xrefs and xrefs here in visual
• Fix #14559 - Honor scr.fps

panels

• Fix #14857 - Handle 'O' key to rotate asm.pseudo/asm.esil
• Handle / highlight in panels for zoom and window modes
• Fix const address freeing
• fix #15060 - Add xrefs and xrefs here in visual
• Fix #14559 - Honor scr.fps

print

• Fix #15216 - Implement pcy command to print hexpairs in Yara format

r2pie

• Implement r2pipe_open_dl() to use dlopen/dlsym

rasm2

• Freeing main assembly object

script

• Fix vlang plugin to run scripts and add example

search

• Fix #8575 - Support stdin slurping in rafind2 -
• Add support for hex escaped litterals in regular expressions (#15291)
• Fix RCALL and RJMP in aop and /at
• Refactor Search to use less Global State (#15076)

table

• Add :json,:quiet,strlen,minlen,maxlen,sortlen in table queries
• Integrate table API for p-h (#15083)

util

• Fix rop inline assembly form

visual

• Run .dr* in visual prompt in cfg.debug is set
• Fix for VV going to V (issue 15181) (#15195)
• Fix #14919: truncate long function names in Vv (#14996)

wasm

• Further wasm memory leak fixes
• Memory leak fixes in error code paths

windows

• Print child output in pipe lang plugin

zign

• Integrate types field in zignature operations (#15082)

Thanks to all the contributors

• Anton Kochkov [email protected]
• Armin Weihbold [email protected]
• Brandon Lin [email protected]
• Cyrill Leutwiler [email protected]
• David CARLIER [email protected]
• Dennis Goodlett [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• Fritz Reese [email protected]
• Giovanni [email protected]
• Gordon M [email protected]
• GustavoLCR [email protected]
• Joseph Griego [email protected]
• Khairul Kasmiran [email protected]
• Maijin [email protected]
• Paul I [email protected]
• Paweł Łukasik [email protected]
• Qian [email protected]
• Quim [email protected]
• Remco Verhoef [email protected]
• Riccardo Schirone [email protected]
• Roman Valls Guimera [email protected]
• Samuel Hopstock [email protected]
• Sanyam Agrawal [email protected]
• Stefan [email protected]
• Stefan Ilic [email protected]
• Thomas Bailleux [email protected]
• blenk92 [email protected]
• condret [email protected]
• dav1901 [email protected]
• dodococo [email protected]
• dok [email protected]
• fcasal [email protected]
• hmht [email protected]
• layderv [email protected]
• lzutao [email protected]
• neuracr [email protected]
• pancake [email protected]
• the-remmer [email protected]
• xarkes [email protected]
• yossizap [email protected]
• Óscar Carrasco [email protected]

In r2land we are happy to celebrate that the artichoke seasson is back with a new release \o/

Binaries: http://radare.mikelloc.com/release/3.9.0

Release Notes

Version: 3.9.0
PreviousVersion: 3.8.0
Commits: 102
Contributors: 31
TimeSinceLastRelease: 2 weeks

Authors

• Кirils Sоlovjоvs [email protected]
• Anisse Astier [email protected]
• Anton Kochkov [email protected]
• Chris Moore [email protected]
• David CARLIER [email protected]
• Eduardo Novella [email protected]
• Florian Märkl [email protected]
• GustavoLCR [email protected]
• Igroeg Okiob [email protected]
• Khairul Azhar Kasmiran [email protected]
• Khairul Kasmiran [email protected]
• Kārlis Seņko [email protected]
• Lev Aronsky [email protected]
• Lowly Worm [email protected]
• Maijin [email protected]
• Maxime Meignan [email protected]
• Meador Inge [email protected]
• Paul I [email protected]
• Reviakin Evgeny [email protected]
• Roman Valls Guimera [email protected]
• Sergey Alirzaev [email protected]
• Vane11ope [email protected]
• Yanick Fratantonio [email protected]
• dodococo [email protected]
• jvoisin [email protected]
• karliss [email protected]
• kmartin36 [email protected]
• lkempf [email protected]
• pancake [email protected]
• v45k0 [email protected]
• Óscar Carrasco [email protected]

Changes

anal

• Implement anal.norevisit using SetU instead of Sdb
• Fix #15013 - jump/cjmp analop for m680x
• Fix the infinite aac issue, reduce false positives, speedup a bit (#15015)
• Fix mov.l/jsr ESIL for SuperH4 (#15039)
• Fix nopskip (its not fixed at all. just random typing here and there) (#15024)
• Add anal.nonull to avoid analyzing functions if starting by zeros
• Fixed i4004 arch to be according to spec (#15062)
• Fix zero register set issue (r2wars)
• Implement types field for zignatures

cons

• Fix #14611: Vi-mode indication by prompt color
• Add a way to print an aliased without a trailing new line (#15031)
• Fix clicking on frame borders to resize
• Remove code for no-anal asm.bb.line (#14977)

core

• Make -m do an implicit -s
• Fix #14990 - multiple quoted command parsing issue
• Fix multiple quote cmd issue
• Fix #14019 - Move ta to aht, move other commands around, refactor indentation
• Fix #10851 - Solve slurp messages on http/sandbox/pipe
• Don't run ldconfig when installing into /usr (#15049)

debug

• Fix gdb reg write byte order (#15009)
• Improving slighty the process status check on Darwin
• On Darwin, expose process path
• ASLR check setting fix on FreeBSD

emu

• Hackaround to get esil stepping on delayed execution
• Fix arm32 stmia post-increment (#14983) (r2wars)

io

• Support shm_open in shm:// and some code cleanup
• Fixing perms for Darwin
• Fix #15002 - Propagate write error issues into RCore.patch
• Print error msg if write fails (#14978)
• Fixing self:// perms issue on Darwin

Release Notes

Version: 3.8.0
From: 3.7.1
To: 3.8.0
Commits: 188
Contributors: 30

Authors

• 00rsiere [email protected]
• Adrian Studer [email protected]
• Alex Gaines [email protected]
• Alexandre ZANNI [email protected]
• Anton Kochkov [email protected]
• Anton Kochkov [email protected]
• Ayman Khamouma (ak42) [email protected]
• Brenton Morris [email protected]
• Carles Pey [email protected]
• Chirag Jariwala [email protected]
• David CARLIER [email protected]
• Florian Märkl [email protected]
• Giovanni [email protected]
• GustavoLCR [email protected]
• Khairul Azhar Kasmiran [email protected]
• Maijin [email protected]
• Maijin [email protected]
• Paul I [email protected]
• Reviakin Evgeny [email protected]
• Roman Valls Guimera [email protected]
• Rot127 [email protected]
• Srimanta Barua [email protected]
• Sylvain Pelissier [email protected]
• Vane11ope [email protected]
• bagginslin [email protected]
• dodococo [email protected]
• elouet [email protected]
• fandauchytil [email protected]
• pancake [email protected]
• tantei3 [email protected]

Changes

analysis

• Improve the aab (blaze) analysis by honoring data meta
• Speedup and reduce false positives in aae by honoring code/string/format
• Do not analyze functions in strings/data by honoring the meta
• Fix infinite (or expensive) loop when fcnsize=0
• Honor anal.strings in aav
• Define argument and ret pseudo registers in the SuperH4's reg profile (#14920)
• Introduce anal.in=code (2x faster aar in some big binaries)
• Introduce afisaj and fix table contents for afisao and such
• Implement afis[aof] - to show instruction type, family and mnemonic tables
• Fix as command to resolve syscall by name, number and SN reg
• Fixing ESIL for ARM architecture pre-indexed addressing mode with LDRB (issue #14850) (#14901)
• Add more info in aflt and add afltj
• Initial implementation of aflt (using the new RTable API)
• Hide the shift overflow warnings under esil.verbose
• Fix ownership issues related to cc
• Add calling conventions for ARM32 and Thumb
• Unify the use of R_ANAL_CC_MAXARG
• Propagate noreturn information (#14793)

bin

• Fix code injection issues i* commands (rabin2 -r)
• Fix #14930 - handle LC_DATA_IN_CODE in macho
• Fix strings on ELF bins for SH-4 with the Renesas SDK
• Support deep JSON format for binary headers in iHj
• Fix Cf with named formats when .iH* is used
• Fix #14898 - Show warning when -B used on unknown binaries

build

• Shrink the Cydia package from 512mb to only 64

core

• Add single quote as alias for =! and \
• Support 0X as an alias for 0x in numbers

debug

• Fix crash in gdb client (#14897)
• Notify user on hardware breakpoint hit

diff

• AGraph integration with radiff2

disasm

• Fix #14716 - Honor local flags in RParse
• Implement asm.hint.emu and improve Vr reftype selection
• Do not try to resolve strings pointed by adrp instructions on arm64
• Honor asm.instr in pdi
• Hide brackets for LEA even if operand is section flag
• Add support for the amd29k architecture
• pix and pdx are now aliases for pad

doc

• Remove help for hud in ??

graph

• Fix #14859: Enter used to update seek in visual call/ref graphs (#14906)

io

• Fix a couple of bugs in wo* and implment wo8
• Add support for io-plugin initialization via null system command =! (#14915)
• Simplification of the io_self plugin for macOS/iOS
• Consider endiannes when performing block write operations

panel

• Few memory leaks fixes
• Fix #14891 - Seek in panels after coming back from console
• Fix #14883 - use[] to realign comments in disasm
• O in visual is supported in panels with the "i" key
• Added some asm settings and classified it

panels

• Fix #14891 - Seek in panels after coming back from console
• Fix #14883 - use[] to realign comments in disasm
• O in visual is supported in panels with the "i" key
• Added some asm settings and classified it

print

• Implement pv* to completely fix #14165
• Fix #14165 - Implement pVj and fix pvj with argument
• Fix #14936 - Add po[..] set of commands
• Implement 'cols' RTable.query to filter by column names
• Use block character for p= and p== graphs (#14941)

r2pipe

• Initial support for r2pipe.html

rop

• Add ROP chain execution support in ragg2

search

• Let search.align override arch.align if set, improves aav in SH
• Bring back /ai and fix regression for SUB.val
• Skip gadgets starting with a nop in /R
• Fix #14755 - read-only raw search
• Fix #14202 - Add support to '\d', '\w', etc. in regex

util

• Initial implementation of the RTable API with filter, sorting and query APIs

visual

• Fixes #14914: Mouse wheel for hud (#14940)
• Improve mouse in visual (hud instead of goto and ignore cursor toggle

windows

• Fix #14816 - Properly get lib path

Other Changes

• add nf flag in ESIL generated for ARM thumb (#14954)
• Fix regression in wo2/4/8
• Fix divbyzero and garbage variable found by clang-analyzer
• Fix memleak in r_strbuf_prepend
• Fix logic in 2-byte endian swap used by "wo2" (#14951)
• Display operand of EBC push/pop instructions (#14949)
• ARM: fix order of registers in push/pop with reglist
• fixing esil =[*] (poke multiple regs/values)
• Fix out-of-loop issue in aae
• macOs/Notes 6.8s -> 6.4s
• macOS/r_core 4.3s -> 3.8s
• Still wip. only works as a hint when using -e bin.verbose=true
• Improve r_core_anal_hasrefs_to_depth (#14863)
• Fix Win32 build patch from @sanguinawer (#14945)
• Fix uninitialized variable issue related to the mouse state
• Fix regressions
• Fix #14380 - Fix demangling symbols containing the '?' char with iD
• Fix #14889 - Implement ! and c keys in visual help
• Improve vq and v!!! workflows
• Break early in Cf format name failure
• Fix #14939: Replace assertions about missing RReg profile registers with warnings (#14943)
• fix help message of ? (#14944)
• Fix #14935 - Kill harmless warning
• Fix assert in aea for r2wars
• Show backtrace when assert happens
• Fix crash in aea* when code is ffff
• Fix #14771 - Modified pdx/pix to disassemble hexpairs (blocksize-independent) (#14892)
• Add frame pointer to AVR register profile (#14938)
• Enable mouse only if it was prev enabled and based on scr.wheel (#14925)
• Fixes #14911: Use theme colors for p= and p== (#14934)
• Add fortune
• 1 != 0
• Massage two more assertions
• Fix early assert for IO
• Disable Travis IRC notifications
• Too much noise at IRC.
• Blindfix more null derefs in reg.value
• Fix another null arena deref
• Assertify io.fd api
• Fix aea for instructions referencing PC
• Boolify the reg api a bit more
• Fix null deref in reg arena
• Blindfix for empty reg arenas
• Add Predicate for Task Dispatch
• Fix assertion when emulating invalid instructions and revert pcalign4 for sh
• Update help message for Vd
• Fix #14928 - vr to be in sync with Vr
• Fix assert regression before it triggers
• Minor cleanup and visitor cache proposal test for RAnal.fcn()
• Fix #14821 - crash in td
• r_str_split_list() rewritten to support nth limit
• r2 -qq -c 'aac;aflt size/gt/200,addr/cols/name/nbbs,nbbs/sort/inc' /bin/ls
• Fix off-by-one in RCore.lines.initCache();
• Set asm.hint.emu=false by default
• Fix build
• Add r2con2019 svg logo
• $ r2 -i doc/r2pipe.html /bin/ls
• Syncing with r2hexagon (#14918)
• the reference of emulation are displayed one instruction after. which is bad
• Fix build
• Fix Windows build (#14916)
• afisa uses rtable, as well as afist@@@F
• Useful for r2frida to automatically run .=!i*
• This makes reading iOS apps much simpler by removing lot of false positive strings
• Fixes #14900: Disable color for dot mode (#14908)
• Better directory structure for the panels config file (#14903)
• Fixes #14896: Enable and disable mouse based on requirement in visual/panels (#14909)
• v!! = V!! - use ! to toggle between visual and panels
• Fix hexdump height issue in panels
• Reset mouse settings after leaving the hud
• Fixes #14900: xdot type commands functional now (#14902)
• Fixes #14900: xdot type commands functional now
• Remove recursive handle_stop_reason call
• Revert "Fixed the bug that I had fixed before (#14788)"
• This reverts commit 9e271424d8805afaae06e74678bab5edf7a8e3b6.
• This change was breaking panels in Mac
• Fix MSVC build
• Add afltj and some more fixes and improvements related to RTable
• Accepts a query as argument
• Fix a segfault in RStrBuf.prepend
• Add lsls and ldrh thumb asm.describes
• Add missing include install for meson
• Improve disasm char hints
• Fix some warnings from gcc
• Make cmd_depth task-local (#14888)
• Add neg pseudo instruction to arm assembler (#14890)
• Freed some vars (#14885)
• Fixes #14845: Use unicode settings in radiff2 (#14884)
• Fixes #14845: Use unicode settings in radiff2
• Fixed indent
• Tame vayour
• Fixes #14534: Ignore non-printable and non json chars (#14876)
• Fix #14878 - Fix unaligned field access
• Add afos command and minor cleanup for afo
• Fix null derefs in afv subcommands when no function is found
• Fix afvn outside of Function (#14882)
• Fixes #14856: Changing visual seek behaviour in Vv (#14877)
• Fix #12438 - Fixes for PDB (#14874)
• Fix use after free when autoloading pdb
• Use heap on td command
• Fix #12438 - Fix wrong 2 byte read for char value
• Fix crash on r_line_readchar_win (#14875)
• Merge pull request #14868 from kazarmy/x86-cmp-disp-for-disp
• Use op->disp instead of op->ptr for disp of x86 CMP (and ACMP)
• Drop not needed wrapper
• Fix non-unicode Windows build virtual keys not working
• Fix arrows in vi mode on Windows
• Merge Windows and Unix dietline implementation
• Simulate escape sequences in r_line_readchar_win
• Fix some bugs on Windows
• Some refactoring
• Fix #14854 - Fix glitch in asm.hint.pos=0
• Use LTO for the Cydia build
• Fix segfault in r_main_free
• Add the syscall number regname for hexagon arch
• Fix #14870 - Fix crash in type propagation when no cc defined
• Instead, recursively going through the regions while focusing
• on main addresses and grabbing pages states informations.
• Fixes for the cydia static build of r2, needed for iOS12
• add missing =SN for the SH analysis plugin
• Fix for meson
• Fix hexagon jumps second try (#14867)
• Synchronized files with radareorg/r2hexagon
• Fix warning, assertions and regressions in arg type handling
• Add missing cc-x86-16
• Fix anal.depth and remove arm16 dim
• Code cleanup
• Update capstone again (#14862)
• Fix #14861 - Reset cursor after leaving panel's prompt ':'
• Fixed the bug that I had fixed before (#14788)
• Use op->disp instead of op->ptr for disp of x86 MOV (and others) (#14829)
• Use op->disp instead of op->ptr for disp of x86 MOV (and others)
• Fix for jumptable MOV
• Fix for [] operands
• Fix another Appveyor hang (#14844)
• Fix coredump PC not being considered (again) (#14836)
• Use r_sandbox_fopen instead of fopen (#14832)
• Revert multiple layout saving regression in panels (#14792)
• Some little refactoring in panels (#14798)
• Fix #14522: Added g support for Vv mode (#14823)
• Add a small menu tick for visibility when scr.color is 0 in panels (#14801)
• Avoid disassembling the same instruction twice on rop search (#14815)
• Avoid disasm the same instr. twice on rop search
• Fixes for comments
• fix double free
• Fixes #14267: Does not print the function name for agft (#14819)
• Fixes #14672: f= gives output from current flagspace (#14820)
• Add @sghctoma pf definition for BIOS and NTFS
• Add *BSD SourceHut builds (#14824)
• Fix r_print_color_op_type param type mismatch (#14825)
• Specify graph.diff colors for sepia (#14817)
• Implement agd* based commands (#14809)
• ag* commands fully functional
• Indent and r_return usage
• All agd* commands functional now
• Graphs are pretty now
• Refactoring the code
• Fixed assertion error
• Fixed broken agf
• Always bracket indirect addr operand (except LEA) (#14802)
• Always bracket indirect addr operand (except LEA)
• Don't use RAnalOp
• Add clang-cl support (#14814)
• Fixes for path autocompletion on Windows (#14813)
• Fix register writing on Windows (#14805)
• Fix register writing on Windows
• Drop unecessary use of heap
• Fix stack-use-after-scope (#14811)
• Fix #14804 - Make sure anon structs have unique names (#14806)
• Also skip "union" to get type
• Fix Appveyor hang on master (#14803)
• Propagate noreturn information
• Avoid infinite loop when propagating noreturn information
• Avoid all recursive cases
• Avoid warnings
• use r_anal_bb_opaddr_i