As usual, some numbers first:

Contributors: 48
Commits: 480
Issues: 135

Grep stats:

• Fixes: 269
• Add: 107
• Enhance: 7
• New: 7
• Esil: 18
• Anal: 36
• Leak: 15

Contributor commit counter: (sys/pie.sh)

$ sys/pie.sh 0.10.1 | sort -un | tail -n 13
1   Adrien Garin
2   Adr1
3   Kitsu
4   Darredevil
5   Anders Kaare
6   Aneesh Dogra
7   Evan Shaw
8   Jeffrey Crowell
12  Maijin
16  Anton Kochkov
36  oddcoder
46  Álvaro Felipe Melchor
237 pancake

Special thanks from pancake to:

• @revskills for the massive fuzzing
• Google for the GSoC
• Ghostbar for being the new Debian maintainer and update r2 packages
• Nibble for coming back
• Alvaro Felipe Melchor for the elf relocs, dyldcache and the massive bugfixing.
• oddcoder for being the most active student
• Daniel Dominguez for the initial coredump support

This release is much bigger than we ever thought. Thanks to Google and GSoC applications process we've got an honest amount of a students' contributions, who implemented a few file formats, improved analysis and fixed a bunch of issues.

Highlights

• Add r2 -d and -R shortcuts to simplify loading rarun2 profiles and using remote debugging plugins
• Support for cryptography (blowfish, rc2, rc4, aes, xor, ror, rol)
  • woE/woD
  • rabin2 -E
  • Adding wo*y commands using clipboard instead of [val]
• Better PE and ELF parsers
• New easter-egg!
• dyldcache extractor is working again
• Support for BOCHS
• Coredump support for iOS and OSX
• New fileformats, namely Python bytecode and Flash files
• Improved analysis and emulation thanks to ESIL on x86, ARM and MIPS
• New make menu to choose plugins to build
• Add ?E clippy echo and use it in ????
• xrefs and types are now properly saved/restored from projects

New R2PM packages

• ramoji2
• www-t and www-p
• syms2elf

Better Disassembly

• Add asm.spacy and asm.flgoff
• noreturn function database is much more reliable now
• Summary mode (pds)
• Press R in visual to rotate on the color themes. (see scr.randpal)
• Fix some asm.spacy and asm.flgoff glitches
• Add ecn and use it from VR with scr.randpal
• asm.fcnsign is now working for non-windows binaries
• asm.(symbol|section)[.col]
• Added m68k parse pseudo plugin and enhance the arm one
• Fix ROR/ROL ESIL expressions for x86-64 capstone
• Honor fcn.fcnlines in fcnvarlist

WebUI

• WebUI moved to a separate repository.
• some of them accessible via r2pm (r2pm -i www-t www-m)
• use Grunt, update all dependencies, indent code, minify, ..
• Fixed some XSS vulns
• Added http.referer checks to fix CSRF vuln

Architectures

• z80: better analysis
• SNES: better analysis too and support 16-bit immediate operands
• m68k: fixed bugs and improved analysis. honor asm.cpu
• ARM (better analysis and emulation, handle IT)
  • Honor ARM conditional bits to skip bxeq lr and such
  • Better Thumb support
  • Assemble blx for arm32 and thumb
• New plugins!
  • Adding initial support for PIC18C diassembler
  • python bytecode disassembler
  • Flash bytecode disassembler

File formats

• PE parser is much better now! (version info + handling even more fucked'up PEs)
• Support Swift-Demangle
• JSON output for classes+ methods
• Add support for parsing TLS and add TLS callback addresses to the list of entry points
• Extracting iOS's dyldcache is working again (thanks @alvaro_fe)
• *.pyc file format
• *.swf file format
• Better parsing of PE and ELF files
• Add versioninfo support for PE and ELF
• Fix #2780 havecode field

Graphs

• Disassemble first basic block in callgraphs
• Summary graph (af;VVP')
• Add graph.gv variables to set custom graphviz styles
• Fix #4374 - ags command to show simplified flowgraph

Bindiffing

• radiff2 -C does not analyze by default, mimics r2 -A
• Does not diff strings because they are not functions
• Increase memory limit for code diffing

Analysis

• Colorful entropy bars
• file.analyze is only running when the binary contains code
• new aex command to emulate an hexpair of native code
• huge improvements for x86 and arm
• Set anal.autoname by default for now
• Adding verbosity in aaa
• Improve mips string reference detection with ESIL
• Honor anal.strings in aae
• Fix aap for static and make it work in debugger
• Find more string references for MIPS and remove some false positives.
• ROP search find honor search.align and detects more cases
• Do not autoname functions by default. Add e anal.autoname
• analysis is deeper than ever: new aaaa command
• aai command to show analysis statistics info
• aav command to show all references for section/map
• added lodsb,stosb and did some rep cosmetic to esil x86
• Initial support for unions
• Redesign the t command and add a lot of tests (@oddcoder)
• Initialize BP register in aeim (handy for arm)

Debugging

• New bochs plugin works on Linux, Mac and Windows.
• Coredump generation for Mach0 binaries on iOS and OSX
• MACH0 Coredump loading
• r2 -d gdb:// no need for -D gdb
• Added drw/arw command
• Add r2 -R as alias for dbg.profile
• Alias doo for ood command

iOS

• Implement ios9 pangu's tfp0 in the debugger
• dyldcache extract
• coredump generation and loading
• Support swift-demangle if found in $PATH

Various changes

• New r2r program in radare2-regressions repo
• Work in progress support for squashfs
• An aaaaaa command
• Add r_lang_rust
• Implement rasm2 -A to replace ranal2
• rax2 -B and -b
• Handle ~/.config/radare2/radare2rc.d

Commands

• Extending wo* commands to use clipboard
• Ps and PS commands to save project
• Implement Cz like Cs with automatic length detection
• Implement new commands: yl, yw, ywx, wz
• Implement ys to show clipboard as string
• Honor q in scripts to stop interpreter
• Add rarun2 execve to avoid posix_spawn

radare2 0.10.1 - Release Notes

Six weeks ago, when our great leader pancake announced "a release every 6 weeks", everyone was a bit, well, surprised, but it seems that we did it.

But first, some numbers:

• Codename: solid chair society
• Weeks: 6
• Commits: ~280
• Issues Fixed: 50
• Contributors: 38
• New contributors: 10
• New easter-eggs: 1

This 0.10.1 release pushes other updates for:

• sdb
• acr
• radare2
• radare2-bindings
• radare2-extras

Also binary builds for Windows and OSX are also available.

This is great, since it means that our downstream people who puts radare2 into package manager will be able to push updates quicker (yes, I'm looking at you, debian).

This also means more release party, which is a good thing. There wasn't an special focus on anything during that last 6 weeks, but if I had to comment on this release, I would say that its theme would be "compiling on windows", and "usability". Or something like that.

Anyway, here is the human-readable changelog:

• Variables and flags can now be renamed in cursor mode asciinema
• Optimized GDB connectivity, now its 10x faster!
• print signed base 10 hexdumps with pxd[1,2,4]
• radiff2 -C to compare checksums
• Lot of work towards the mach-ification of the OSX/iOS debugger by alvarofe
• more polished cursor movements in Visual mode
• Better ARM and Thumb code analysis and emulation
• Added disassembler support for Microblaze architecture
• Updated unicorn plugin to be in sync with git
• Various enhancements in the Visual mode
• backward disassembly uses RAnal info for better offset computations
• asm.bbline uses RAnal info to have precise results
• fix bug in env.sh when using more than 9 arguments
• Mingw compilation improvements
• preliminary support of XNU debugging
• ESIL support for v810
• radare2 does now compile in appveyor: no more excuses for broken commits on windows!
• Lanai (the secret CPU used by Google) support
• a new shiny xtensa CPU analysis backend
• change local variables/arguments format names (ebp-0x10, ebp+0x13 becomes, respectively, local_10h and arg_13h) and now it works too when asm.ucase is set.
• add Vdn option to rename a flag/function/local variable/local argument used in the current instruction
• refactoring of RFlag + better names for functions when there are symbols
• ahi now supports IPv4 and syscall
• various optimizations and bugfixes
• opcodes descriptions for v810, propeller, riscv, tms320, lm32, i4004, i8080, java, Malbolge, SH-4, M68K, ARC and LH5801 (that you can access with ?d or e asm.describe=true)
• axg to get a graph of the function xrefs to reach a specific point.

Known regressions and future work

The webui graph stopped working on Google Chrome because they have deprecated a js function to manipulate SVG which was used by the joint.js library, the webuis will be distributed in a separate repository and dependencies will be maintained using bower/grunt/npm. This way we will solve the license problems some distros (Debian) complained for not packaging the webuis because of non-free and confusing uglified js blobs. This will hopefully attract more web developers.

Debian, Docker, Void, FreeBSD, Sabotage and other distros raised the interest in our project, so, the 6week release cicle will hopefully fix the problem of having very old packaged versions of r2.

Windows binaries from appveyor still need to be fixed thus the windows installer.

There are some interesting wip patches to be included in the next release 0.10.2 scheduled for April 11th.

Also, it is important to note, that some people started to work on the GSoC microtasks even before knowing if we are accepted this year. This is a good sign which clearly shows the growing, healthy and brave community we have.

Special thanks to:

• alvaro felipe: for fixing some bugs and enhancing the XNU debugger
• xvilka: finally getting the windows builds happy again
• maijin: for reviewing issues and adding more opcode descriptions
• deffi420: to find and fix some tiny, but important bugs in SDB
• condret: for working on the SIOL branch that will hopefully be merged soon.
• crowell: enhacing the local variables experience
• ret2libc: fixes a bug in dietline, rewrote flags, metadata, better midflags and cursor movement.
• mballano: for commiting for the first time, making RAP:// more consistent.

Have fun with this new release and keep up hacking!

More details soon!

Nightly build

Reference

Homepage: http://www.radare.org
ChangeLog: http://rada.re/get/changelog2-0.9.9
Blog: http://radare.today

Binaries:

Android: https://play.google.com/store/apps/details?id=org.radare2.installer://play.google.com/store/apps/details?id=org.radare2.installer
iOS: http://cydia.radare.org
Windows: http://rada.re/get/pkg/radare2-w32-0.9.9.zip
WindowsPython: http://rada.re/get/pkg/radare2-bindings-w32-0.9.9.zip

Sources

Sources: http://rada.re/get/radare2-0.9.9.tar.xz
Bindings: http://rada.re/get/radare2-bindings-0.9.9.tar.xz
Extras: http://rada.re/get/radare2-extras-0.9.9.tar.xz
Valabind: http://rada.re/get/valabind-0.9.2.tar.gz
SDB: http://rada.re/get/sdb-0.9.6.tar.gz
ACR: http://rada.re/get/acr-1.0.tar.gz

Homepage: http://www.radare.org
Version: 0.9.8
SoundTrack: http://radare.org/get/Neuroflip-BabylonRocket-OriginalMixForR2.mp3
Music Artist: Thanks neuroflip!
ChangeLog: http://rada.re/get/changelog2-0.9.8

Sources: http://rada.re/get/radare2-0.9.8.tar.xz
Bindings: http://rada.re/get/radare2-bindings-0.9.8.tar.xz
Valabind: http://rada.re/get/valabind-0.9.0.tar.gz
SDB: http://rada.re/get/sdb-0.9.2.tar.gz

CodeName: Segfault as a feature
ReleaseDate: 2014-03-03

Tarballs:

http://rada.re/get/radare2-0.9.7.tar.xz
http://rada.re/get/radare2-bindings-0.9.7.tar.xz
Required valabind version to build the bindings: http://rada.re/get/valabind-0.8.0.tar.gz

Numbers

• 1 man
• 3 months
• 8 new architectures
• 28 contributors
• 73 reported bugs fixed
• 283 bugs with 'Fix' keyword (memleaks, bugfixes, warnings, nullptr)
• 613 commits
• 1273 files changed
• 94362 deletions
• 115678 insertions

Binaries

• Gameboy ROMs are now supported
• Java class files detection has been improved
• COFF is now supported
• DWARF2 is now fully parsed and manually handled

New Architectures

• H8/300
• T8200
• 6502 (Atari, Apple II and Commodore 64)
• TMS320
• NIOS II
• SNES
• Gameboy
• MSIL is working again
• Whitespace
• Malbolge

Java

• Ability to load multiples Java files at once
• Improved analysis
• Support for access flags

Imports bugs fixed

• Invalid instructions display 1 byte hexpair in disasm
• Fixed many crashes and incorrect handling of commands in extreme conditions
• /v now supports 1 byte search and obeys cfg.bigendian

Bindings

• ctypes bindings are more complete and close to swig.
  we need testers and contributors to make ctypes support everything.
• Add OCAML bindings
• Fixed and tested Java bindings
• Updated NodeJS bindings
• Added work-in-progress hand-made JNA (Java Native Access) bindings
• Added Python3 example scripts
• Fixed perl compilation
• Use latest ACR to fix some bugs in configure script
• Updated mingw32.sh dist build script

Look

• Mouse wheel supported on xterm-compatible terminals in visual mode
• Add a pink theme (ecf pink)
• Tiled web interface
• to follow jmp/call/cjmp in visual mode
• Add a less ability

New stuff

• ^x^e supported in RConsLine
• Added 'less' and '~..' (internal less)
• Added 'ls -l' command.
• Implement backward search /b (Thanks JudgeDredd)
• Added cpu cycles (and fail cycles) columns in disasm (condret)
• Radare2 can now be built with Jamroot
• The ARM assembler is complete
• Ability to search and filter ROP gadgets
• Zip files support
• rarun2 can r2preload=true using self:// (linux, osx)
• Emoji hexdump
• Add more cparse basic types t*

Changes

• Strings now have length and size fields.
• Rename 'rdb' to 'projects' in ~/.config/radare2/
• Add -S option to r2 to start with sandbox enabled
• Fix too much memory usage in analysis (thanks saelo)
• Converted almost everything to LGPL
• AND, OR, XOR NEG operations are now supported in RNumCalc

Improvements

• ESIL generation for x86 was simplified
• More opcodes support for ESIL
• ragg2 can now produce ELF64
• Backward disassembly refactoring
• Disassembly is now at least 7 times faster
• Analysis eats less memory

Analysis

• C55x+ analysis is improved
• Gameboy ROMs are now properly loaded and have better analysis
• Takes much less memory

Updated things

• sdb: (0.8) Update SDB with new API and much more tested.
  Sdb is the noSQL backend for radare2. The API is now stabilized, and
  it will be used in the next release to simplify data storage. Feel
  free to review the specification: https://pad.nopcode.org/p/sdb
• udis86 - from git, now we are using our own fork

Upcoming stuff

• Sdb everywhere
• Initial work to support hardware breakpoints
• Better and faster analysis
• Import capstone

Contributors

• Xvilka
• xtraeme
• Ender
• Eduardo de la Arada
• Fedor Sakharov
• BatchDrake
• Ilya V. Matveychikov
• Jaume Delclòs Coll
• Jerome Marty
• Jüri Aedla
• Maijin
• Nibble
• Samuel Groß
• Saul St. John
• VisualPrankDude
• Vitezslav Cizek
• Zach Riggle
• aaSSfxxx
• axt
• condret
• cquaid
• defragger
• dso
• jvoisin
• pancake
• radbrad
• schrotthaufen
• zonkzonk

Greetings

I would like to thank the help from Debian and VoidLinux packagers who pointed
me some issues in the build system and tested against their build machines.
Probably 0.9.7 would never have been released without them (because I was not planning
to make a bugfix release :P)

hg tag -r      1974 0.9
codename:      furoner
last commit:   Tue Dec 06 01:41:17 2011 +0100
oldest commit: Tue Nov 01 12:59:07 2011 +0100
commits:       115

Author and main developer:

email: pancake<nopcode.org>
twitter: http://twitter.com/trufae
github: http://github.com/radare

Thanks to:

• @santitox for the XOR shellcode encoder and big-gmp implemention
• Glyn Kennington's patch for the build system
• sre the Debian guy and betatester
• earada for discusing, testing, reporting and bugfixing lot of stuff
• vext01 for the OpenBSD bug reportz and packaging
• l0gic for the archlinux package and bugreporting
• Ender for bokken packaging and r2 feedback
• ash for bokken, bug reports and beers
• Nicolai Stange for the SPARCv9 (64bit) support
• Instruments, Dtrace, Valgrind, llvm-analyzer, OpenBSD
  • fixed memory leaks
  • reduced memory usage in 40%
  • optimized code analysis
  • null pointers and double frees
  • do not use alloca() anymore
  • change io.va only when needed
  • Fix two format string portability issues

Portability:

• Tested support for iOS, Windows, GNU/Hurd and GNU/kFreeBSD
• Use O_BINARY in all open() calls on Windows fixes IO
• Fix dup2 for w32

Binaries

• Various symbol resolution fixes in ELF
• Honor -o in rabin2 for dump section operation
• Add initial native support for fat binaries in r2
  • Select arch/bits with r2 -a and -b (old -b is now -B)
  • Kinda hacky, but works for osx-x86/32/64
  • Export offset information of fat bins
• add initial support for creating p9 binaries
• Add initial support for plan9 binaries
  • supports x86, arm, ppc, sparc, mips
• RBin suport new section_end flags

Filesystems

• Autodetect filesystem when mounting
• Fix signature of r_fs_name()

Bindings

• Updated bindings
• Fail build of bindings if somethings goes wrong
• Depends on valabind 0.6.4 that fixes some bugs on Python
• Added bindings for NodeJS
• Add accessors for RAnalFcn.{refs,xrefs,vars,bbs}

Visual mode

• Enhaced speed visual mode
  • Dot clear unless necessary (fix flickering)
  • Cursor is now hidden
• Add 'T' menu at visual mode to show comments and anal info
• Use x1, x2, x3... to seek between xrefs in visual mode
• S= now fits in 80 columns
• Fix P visual print rotation
• Show flag+delta on title

Assembler/disassembler

• Added assembly description API (ported from r1's rsc adict)
  • r_asm_describe(): Added api to get opcode descriptions using sdb
• Add support for SPARCv9 (64bits)
  • Disassembler and Code analysis (binutils-2.21.1)
• Use asm.size config variable to show size of opcodes
• Add new assembler directives
  • .int8 (alias of .byte)
  • .int16 (alias of .short)
  • .int32 and .int64
• Add -D flag to rasm2 (show hex and asm)

Debugger

• Execution traces are now stored as a graph
• Warn if file size != region size in dml
  • dmd and dml commands to dump/load debugger memory regions
  • Sd and Sl to dump/load debugger memory region from/to file
• Initial implementation of r_debug_map_protect()
  • Bind to dmp command
  • Only w32 + osx, needs more work

New commands

• Added dtc and dtg to draw execution call graphs
• Add /z command to search for strings
• Add /v2 /v4 /v8 and remove /q
• added 'afi' to show info of functions
• Add 'fl' command to get length of flag
• Use ?d to get description of opcode (uses asm.arch)
• Added 'pdi' command
  • Like 'pi', but showing offset and bytes
• Added 'pda' new commands
  • Disassemble code byte-per byte
  • Disobey instruction length
• afl is now less verbose
• Make 'fd' accept arguments
• Use "f name 1 off" instead of "f name @ off" in dr*
• Added 'g' command to use r_egg api from RCore

API changes

• Added r_core_file_reopen() // work in progress
• Added r_flag_get_at () to handle deltas
• New APIs in r_util
  • r_sys_run() for JIT execution
  • r_file_size()
  • r_cons_clear_line()
  • Add has_va in RBinInfo class for bindings
  • Added new api r_graph
• Added R_MEM_ALIGN()
• r_core_bin_info shows bin data from core
• rabin2 now depends on RCore as long as r_bin_info()

rasc2 deprecated

• rasc2 has been deprecated and reimplemented inside r_egg
  $ ragg2 -i x86.osx.binsh -b 64 -k osx -f mach064 -o a.out
• Added ragg2 and ragg2-cc
  • Shellcode compiler for linux-x86-32/64 and OSX-32 based on ${CC}
  • XOR encoder
• Padding data is now defined like a format string

New stuff:

• rax2 now supports hexpair <-> binary conversions (-s, -S)
• Added eval var descriptions (see e?? command)
• Add graph.font=Courier eval var to configure dot graph output
• Add support for byte patching in ragg2 (-d, -D, -w)

Search engine

• remove search.asmstr and use /a and /c
• Show progress info in search
• Rename /a to /r
• Fix search when io.va=true
  • Add search.in = file, section, raw

Changes:

• Add support for continuations in rapatch2 '+' char
• Add r2 -a arch -b bits
  • -b flag to specify blocksize is now -B
• rasc2 has been deprecated. ragg2 is the replacement
• Colorize trap instructions in bright red
• Handle int3 on x86 as a trap instruction instead of SWI

Build framework

• Magic files are distributed on Windows too
• Simplified makefiles to use absolute paths
• Add sys/static.sh
• Add install-rev.sh script to build old versions of r2

Bug fixes:

• 'oo' reopen command will
• Update file size information when requested
• Fix bug when redefining io sections
• Fix warning in R_MEM_ALIGN() macro
• Fix rabin2 -B baddr
• Fix overflow in r_cons
• Fix loading strings on a object file without io.va
• Fix for .ko and .o elf parsing
• Use UT64FMTx instead of %llx in various places (fix for w32)
• Fix AT&T x86 disassembler
• Fix negative blocksize and printidx issues in visual
• Many ugly hacks to enhace w32 console
• Various fixes in sys/
• Added dist-bin.sh and python-bindist.sh
  • Fixes paths and pkgnames
• Implement dtg (debug trace graph)
• Fix RIO seek undo with io.va

After about 10 months of development I'm proud to announce a new release of radare2. It has been delayed many times and I'm not happy about that, but stability requires some time. I'm happy to see new contributors and users interested on the project.

This document describes a compacted list of all the changes done from the previous release (0.9) and this one (0.9.2).

As always, if you want to use the r2 api from python, nodejs or others you need to install the r2-bindings package which depends on valabind and swig.

Big news for this release are an official Android package maintained by Pau Oliva (pof) and an embedded http-1.0 webserver which provides a simple way to implement an user interface.

Lot of bugs has been fixed and new CPUs are supported while code analysis gets better and is focused on x86-16,32,64, arm and mips.

Enjoy!

--pancake

Commit Authors

git log 0.9..HEAD | grep Author| sort -u

Main Developer

pancake [email protected]

Contributors

• Anton Kochkov - xvilka - build system
• earada [email protected] - bug fixes
• Eduard Burtescu - eddyb - nodejs bindings
• Pau Oliva [email protected] - android installer and apk
• Rodrigo Chiossi [email protected] - fix rasm2 -D infinite loop
• Roi Martin (@nibble_ds) [email protected] - code analysis x86 and arm
• Simon Ruderich - cfg.pager and random bugfixes
• rudi_s - test write cache, improve seek/undo, fix segfault in r_cons
• flux - add arm assembler patches to support barrel shift and fix bitwise ops
• Anton Bolotinksy - use absolute path for libraries in OSX linker
• vext01 - test suite and openbsd bug reporting
• l0gic - reporting bugs
• thuxnder - dalvik payload opcodes
• nics - requested support for dumping huge files with 'wt'
• w_levin patch fixing memory leaks
• ac1d3 - fixes in the build system

License

LGPLv3

Numbers

More than 300 commits

Time range

Date: Mon Oct 1 17:48:10 2012 +0200
Date: Tue Dec 6 03:03:50 2011 +0100

Web Server

• Added an embedded webserver that listens on 9090 port
  • r2 -c=H /bin/ls
• Use http. env vars to configure
• Implemented a basic web UI
• Autodetect osx, win, linux and android browsers

Binaries

• mach0
  • section perms are properly handled now
  • support mach0 files with multiple sections using the same name
  • Fix delta bug with fat mach-o
• Find main symbol on new platforms
• Fixed lot of bugs and vulnerabilities in the ELF parser
• Fix string parsing in rabin2 -z and more random fixes
• Add support for wide string dump in r_bin
• RBinSize implemented for elf, mach0 and plan9
• Dwarf info with null filenames are now supported
• Initial implementation of r_bin_size (rabin2 -Z)
• Initial support for Classes in RBin (java, dalvik, objc, c++..)
• Add 'id' command to show debug info
• Add r_bin/mz plugin (old EXE binaries)
• Add support for Java debug line information
• Fix parsing of ELF binaries generated by TCC

Debugger

• Add 'dbs' command to swap/toggle breakpoints
• r2 -b 32|64 selects sub-binary and debugger mode for osx and linux
• Assume -w when running r2 with -d
• dbt - backtrace accepts an argument to redefine ebp
• Fix backtrace for osx-x86-32
• regdiff colorizer fixes (dro works again)
• Fix dcr (continue until ret)

Assembler/Disassembler

• New CPUs supported:
  z80 : assembler + disassembler + basic code analysis
  m68k : disassembler + basic branch analysis
  dcpu16 : assembler + disassembler
  arc : disassembler and analysis of few branch instructions

Changes in current supported platforms

mips : rewritten code analysis and added pseudodisasm and debugger
arm : import and use arm.winedbg (arm and thumb) and disassembler
x86 : enhace x86olly disasm, add more instructions to the x86.nz assembler
dalvik : add android4.x new opcodes and payload ones. added pseudo disasm
avr : use standard disassembly syntax

• Fix rasm2 infinite loop for -D option.
• QNX/arm port (this is bb10 and playbook devices) (no debugger yet)
• Implemented 'pdr' recursive disassembler
• Add coprocessor move operators to arm.winedbg
• Added iOS/arm register profile for the native debugger
• Fixes in r_core_disassemble() Honor delta and r_asm_set_pc()
• Show breakpoints in disassembly

Print commands

• Compacted many commands like pw -> pxw
• Added yx command to show yank buffer in hexadecimal
• Fix pZ-pz help message and stuff
• Add python print buffer (pcp)
• Added 'pa' command to print assembled instructions
• Add 'pz' (print ascii until zero) command
• p6[de] Fix and use the base64 encoder/decoder
• Add 'pif' command. as in 'pdf' one resizes the blocksize
• Entropy bars with 'p='
• Add pf c for signed bytes

Commands

• Add ?ip to take input from ?I and select path to file
  • ?i stores the input into the yank buffer now
  • ?I accepts a file name as argument which is loaded as hud
  • ?k used as key=value temporal storage
• Add support for temporary block contents (from file, string or data)
• Renamed ?z to ?l
• Added dummy 7bit<->8bit char encoding
• Quoted strings can now be temporary seeked "x"@239
• Fix quoted commands parser
• Fix nested command repeaters
• Better parser of commands, macros, pipes and quotes
• Better error reporting when using unexisting flags or wrong syntax
• r2 -q flag now quits after processing -c or -i
• Add b+ and b- commands
• Grep
  • Implement RCons grep ~foo? as an alias for ~?foo

• pd|!grep eax~ebx now works

  • Add ^ and $ in cons grep expressions
  • Implement ~& attribute to match all words
  • Add ~?? to show help of grep
• Implement support for >- (pipe to editor)
• Allow to load multiple files with -i
• Support for quoted strings and backspaced spaces in macro arguments
• Added support for anonymous macros
• Add support for !! command to use r_cons
• Obey q! in scripts
• Use (* to list macros

Search

• e search.show = true # by default
• Implemented support for visual search and search.in=block
• Add visual search and enhace search output
• Added support for binmask searches
  • /x 123456 ffc0e3
• Add /x key:msk (':' separator)
• Fix search counter
• Add search.in=block
• Add support for nibble-level search keywords

Visual mode

• Added Visual diff mode (press 'D' in visual) (tab to swap columns)
  • Added 'cc' command to compare bytes with column hexdiff
  • Added diff.from and diff.to eval configuration variables
• Chop RLine buffer when > console columns
• Mark cursor in visual for pw and pq
• Do not prompt or clear screen when using V in batch mode
• New HUD input method for the visual mode ('_' key)
• Toggle breakpoints with 'b' in visual
• Visual keystrokes for dcu and dcr with cursor mode and sS
• Refactor some visual keybindings
  • fF in visual is now nN
  • nN in visual has been deprecated. Use > and <
• Rename Vw to Vi (write->insert)

IO

• Handle zip:// and apk:// uri in r_io
• Add 16bit x86 segment IO addressing mode XXXX:YYYY
• Add support for local networking in RSocket
• Added 'om' command to create, destroy and list IO maps
• Fix invalid write in r_io_cache_read().
• 'om' now works without size (file size)
• Add r2 -m to specify the load map address
• max blocksize is now configurable via io.maxblk
• Fix bug in r_core_read when io.va and sections used
• Fix o- segfault where r_io_desc_free called twice
• Lot of fixes and regressions tests for the io api
• Create file if not exist when -w is used
• Fix bugs in r_io_maps and io.va
• Fix 'ao N' command

Bindings

• Requires valabind 0.7.2
• Vala, Python and NodeJS are the official bindings
• LUA, Perl, ... are also supported with valabind->swig
• Updated all vapi bindings
• Added nodejs bindings
• Add r2irc.js example (nodejs r2 irc bot)
• Fix segfault in xtr_fatmach0 on small files

New features

• Added yesno dialog input method "?iy"
• Initial support for dwarf and java debug information
  • id command will show debug information of loaded binary
• Added new command ?y to get and set yank buffer contents to stdout
• Add --with-rpath to fix build on linux with !/usr
• Add support for multiple cons grep attributes
• rax2 -f -> floating point support

Fixes

• Fix ragg2 -d for one byte writes
• Fix memleaks, nullref and undef (clang-analyzer)
• Fix infinite loop in rasm2 -D

Updates

• Update sdb to 0.5, sdb is now public api
• use acr 0.9.1
• valabind 0.7.2

Enhacements

• r_num_math reimplemented with r_num_calc for proper parenthesis support
• added support for floating point calculations in r_num
• Handle ^Z in dietline
• Drop interactive mode when '>' is used
• r2 - is an alias for r2 malloc://512
• Improve startup times by using r_file_mmap instead of malloc+read
• rarun2 now supports connect/listen with r_socket
• Added BLOCK and BYTES in r_core_sysenv_begin()
• Fix parsing of commands with nested quotes
• r2 -e now evaluates before and after loading file
• ?p print error if VA is not
• ?k (keyvalue) command is now more usable. supports ``..` strings

Removed

• The gear bindings, they're obsolete.
• armthumb moved to radare2-extras. Replaced by arm.winedbg.
• Remove tests/ and use r2-regressions from vext01 github
• ranal2 is not installed anymore

Code Analysis

• Fix the ff25 x86-64 opcode analysis
• Add file.analyze eval config variable from radare1
• Fix analysis of 16 bit word opcodes on x86
• Better support for 16bit x86 code analysis
• Guess base arch anal.plugin when asm.arch is set
• Resolve address of jmp [(rip+)0xoffset] and call [(rip+)0xoffset] in r_anal
• Properly detect end of functions in visual
• Traps and unknown jumps are now end-of-block opcodes
• Show strings referenced by relative LEAs
• Fix code analysis blocksize issue
• afr and VtR to rename functions
• Removing a function now deletes all sub-functions-locs
• afl will list functions

Graphs

• Add 'agv' command to view graphs with cmd.graph
• Add demo graph view for www, add pad command remove a8
• Added htmlgraph.sh as a cmd.graph html5 graph backend
• Affected by scr.html (useful for www)

Behind the scenes

• Add binr/blob to build r2 like busybox (used in android build)
  • Single binary with symlinks (main dispatcher)
• Show git HEAD hash in r2 -v
• Moved to GIT (from hg)
• Lot of code cleanup, bugs fixes and speed ups
• Added a regression test suite (vext01 repo)
• Revised use of RList
• Add r_str_unescape() helper function
• Swap eval/cmd load order in r2
• Add r_core_cmd_str_pipe()

Experimental

• cparse support to load function and struct info from .h
  • uses the lemon parser, supports vala-like attributes
  • not yet integrated (./configure --enable-cparse)
  • Check and use flex in configure.acr
• Initial parser dwarf implementation (incomplete)
• Support for classes in rbin, not yet extended

http://www.radare.org/

date: 2013-11-11

In numbers!

• 1 man
• 8 months
• 18 contributors
• 215 tests
• 603 commits
• 33272 more lines of code

Looks better!

• r2 now supports UTF-8, RGB and TrueColor ansi codes
• Color palettes and themes
• Use ^x^e to edit the current prompt line using $EDITOR
• Configuration files follow XDG Freedesktop paths
• Tweaked disasm to make it more readable

See e??scr. for more information about the screen options.

More platforms!

• ARM aarch64
• TI c55x+
• 8051
• Javascript (emscripten)
• ARCcompact

Several enhacements to ARM, ARC, X86, Dalvik, Java (including v7) and Brainfuck assembler/disassemblers. Also, the embedded udis86/GNU based disassemblers have been updated from git.

You can now compile r2 for Haiku and Emscripten!

Binaries

ASLR is now supported by using the -B flag which specifies the hardcoded base address when loading a PIE binary.

• MACH0 XNU kernels are now properly loaded
• Added support for TE binaries
• Identify some PC BIOS and UEFI ROMs
• Java Class file parser has been rewritten to support Java7
• Reloc information is now fully parsed and import addresses are stored in symbol listing to keep coherence.

Import PLT addresses are no longer listed with rabin2 -i. For consistence: imports are ordinals and PLT entries are listed as symbols.

Define structs and enums using plain C

A reduced fork of libtcc is now included to parse C include files. At the moment only structs and enums are handled, but it is planned to support function signatures and conditional struct definitions in the future. Nested structures are supported.

[0x8048000]> "td struct Foo { int a; int b; }"

See 't?' for more help. But in short, you will be able to load .h files into sdb databases to define metadata for the disassembler.

Bindings

Following the release of Valabind 0.7.4, we are now able to provide the following changelog:

• Python ctypes support
• Test and install Java JNI bindings
• Untested D language bindings

I have added more scripting examples like a simple debugger.

UNIX shell right there

Commands like 'clear', 'ls', 'cat', cd', 'pwd' are now supported. No need to escape to the shell with '!' for them. Bear in mind that cfg.sandbox can be enabled to restrict access to filesystem, execution or sockets.

Those commands can be piped to system programs using the '|' like in a posix shell. The command line prompt is now better by supporting utf8 and handled new keybindings.

If in visual mode you place the cursor on top of a 'call' instruction that refers to an import and press '?' key you will read the associated manpage. Like 'K' key in vim.

Debugger

You don't need to specify the path to the debugged program any more. It walks the $PATH or takes ./ if found. This is a way to make windows and unix process launching consistent.

You can run the visual debugger by using the following flags:

$ r2 -cVpp -d ls

Signals can now be captured, and passed to the target process.

Now you can properly debug 32bit binaries on Linux x86-64.

SDB Everywhere

SDB is a simple key-value database that supports on-disk hashtable, arrays, json, CAS and easy string serialization for data structures.

From now on we are going to use SDB more and more inside r2 in order to speed up queries, simplify code maintainance and unify data as text with easy serialization methods.

This is the first release that comes with sdb.

Web UI

An embedded webserver have been included, and you can invoke it using the =h' or '=H' commands. To make it public just-e http.public=true`.

$ r2 -c=H /bin/ls

Improved JSON output for many commands. Just append 'j' to the command and it will use that format. From bindings you can call r_core_cmd_str() to retrieve the resulting string and parse it.

AJAX.get ("/cmd/isj", function (data) {
   var symbols = JSON.parse (data);
   ...
}

The r2agent is a new program that acts as a remote web interface for launching r2 sessions and interact with them using the webui.

Test everything!

This is the first release of r2 that makes an extensive use of the test suite in order to ensure no regressions appear while developing new features or fixing bugs. This is an important point from now on, so we will be able to cover r2 features, supported instruction set, etc. as much as possible.

We encourage all users to write test cases for every bug they report. Type 'make tests' to retrieve the testsuite from git, but this is only suposed to be used when developing. Stable versions are only for packagers. If you want to report a bug, first test it against the code in git.

The build farm runs the whole testsuite after every commit on the r2 or r2-regressions repos, this allows us to identify when and how every check was broken.

Thanks to a0rtega for his fuzzed binaries.

Annotated hexdumps

A new command 'pxa' have been added in order to provide support for annotated hexdumps.

Those hexdumps allows visual interaction and permits you to select range of bytes using the cursor mode, colorizing zones, adding comments, defining structs, etc.

This is still under development and we are open to new ideas and proposals to enhace this new interactive print mode.

More stable

Lot of bugs has been fixed, overflows, memory leaks, and many handcrafted binaries can now be loaded without the butthurt of segfaults, crashes or lack of info.

The farm allows us to get automatic builds for several platforms on every commit. And identify development issues earlier.

New contributors

I'm pretty impressed by the raise of interest on contributing to radare2 lately, This release would not be possible without the help of the following people:

• a0rtega
• capi_x
• chous
• cosarara
• dx
• earada
• eddyb
• jvoisin
• jjdredd
• Sirmy
• xtraeme
• xvilka

Author

• pancake