Authors

0x8ff Alex Bender Anton Kochkov Axel Iota DaKnig Dennis Goodlett Dennis Goodlett Ernest Deák (Tino) Francesco Tamagni HighW4y2H3ll Hors Lars Haukli Lazula Matthias MewtR Miles Liu Mohamed Lemine Ould El-Hadj Murphy Ole André Vadla Ravnås Paul B Mahol Peter Meerwald-Stadler Quentin Kaiser RHL120 Sylvain Pelissier Sylvain Pelissier TheAllSeeingOwl condret iTrooz_ meme pancake pancake rax2 rhl120 schrotthaufen schrotthaufen singurty

Changes

abi

• RAnalOp.srcs,dsts are not pointers

anal

• Working apt and add apl to list function preludes
• Rename axj to axlj, because axj is for jmp refs
• Introduce anal.tailcall.delta and use flags for better metrics
• Improve the tailcall detection logic
• Improve warning that only seems to happen when anal.nopskip is set
• Always show all the archinfo, even when not provided by the plug
• Dont show analysis progress on non-interactive shells
• Add esil.dfg.mapinfo and esil.dfg.maps config vars
• Some more improvements to esil_dfg
• Fix size returned from r_anal_op
• Fix warning in aflj when parsing vargarg signatures
• Add register computed const pointer support for esil dfg
• Add memory computed const pointer support for esil dfg
• Introduce R_ANAL_ESIL_DFG_TAG_{REG,MEM}
• Use treebuf io plugin as memory access backed for esil_dfg
• Fix pickle asm rejecting empty strings
• Do not recurse noreturn inspection when !addr or -1
• Generalize vector instruction types instead of following intel-specific
• Add /au to search for unknown destination jmp/call
• Add anal.noret and refactor anal.noret.refs
• Fix #20827 - Show srcs/dsts in aoj
• Fix aae argument parsing regression in and improve help
• Add support for stack-computed const pointers in esil_dfg
• Fix anal.a2f in aac
• Increase default anal.depth from 64 to 128
• Clarify which commands are used on each aaaa line
• Fix anal.depth usage when analyzing one basic block
• Loongarch analysis bug fixes (bl, race condition)
• Implement aflxv and aflx? commands
• Run /azq in aaaa
• Fix long1,long4 pickle opcodes
• Fix #20798 - Fix bx after add lr,pc,0 in arm32
• Fix null pointer in aflxj
• Implement aflxj
• Add noreturn column in afll
• Use RPVector in RAnalOp src/dst to support ldm/stm/simd
• Fix pickle arch thinking 0 is 64 bit
• Don't show the linearsize in the afl output
• Add anal.vars.newstack - configurable improved stack-relative var

analysis

• Working apt and add apl to list function preludes
• Rename axj to axlj, because axj is for jmp refs
• Introduce anal.tailcall.delta and use flags for better metrics
• Improve the tailcall detection logic
• Improve warning that only seems to happen when anal.nopskip is set
• Always show all the archinfo, even when not provided by the plug
• Dont show analysis progress on non-interactive shells
• Do not recurse noreturn inspection when !addr or -1
• Generalize vector instruction types instead of following intel-specific
• Add /au to search for unknown destination jmp/call
• Add anal.noret and refactor anal.noret.refs
• Fix #20827 - Show srcs/dsts in aoj
• Fix aae argument parsing regression in and improve help
• Fix anal.a2f in aac
• Increase default anal.depth from 64 to 128
• Clarify which commands are used on each aaaa line
• Loongarch analysis bug fixes (bl, race condition)
• Implement aflxv and aflx? commands
• Run /azq in aaaa
• Add noreturn column in afll
• Add anal.vars.newstack - configurable improved stack-relative var

api

• Make RReg refcounted
• Implement {ctz|clz}{32|64} RNum
• Define RPluginMeta and RPluginStatus
• Add new RCore.cmdCallf() helper function
• Merge RParse into RAsm
• Refactor RLang api to use the new design
• Fix null deref on wrong api usage for RCore.cmdStr
• Moving more logic between asm, arch, parse and anal
• RAnalEsil -> REsil api refactor
• Deprecate reil and sysarch defines
• More refactorings and api redesigns in r_arch
• Remove eprintf calls in favor of R_LOG
• Implement RReg.clone()
• Deprecate r_str_dup() - related to #20959
• Rename RVector.len to RVector.length for consistency
• Remove the unnecessary RThread.CpuAffinity()
• Add portable NaN and INF defines for different float sizes
• Deprecate r_cons_eprintf and use R_LOG instead
• Rename RStr.home() to RFile.home() as part of the Plan
• Rename r_mem_memzero to r_mem_zero
• Prefer _tostring() instead of _to_string()
• Improve r_ref implementation with debugging support
• R_BIN_NM -> R_BIN_LANG
• Implement thread-safe refcounting - but disabled by default
• Deprecate the unused RFList
• Implement r_str_ntrim() and speedup r_str_trim() with it
• Initial implementation of RString (30% faster than RStrBuf)
• Implement r_sys_getenv_asint
• Add r_cons_is_initialized
• Boolify r_core_yank_file_all() and fix shadow var bug
• Add r_file_is_executable and r_file_extension apis
• Fix UB bug when using r_vector random access
• Change R_LOG_INFO to R_LOG_TODO where suitable
• Merge rhash into rcrypto and improve apis
• Fix memory leak in r_str_list_join()
• Boolify and rename some methods and fields from RFS
• Add .author field in all the RLang plugins
• Add a public api for the yank-unset action
• Constify the help

arch

• Add the arch.preludes() callback and new RSearchKeyword constructor
• Move anal.v850 to arch
• Fix counted string bug in pickle
• Fix negative unsigned cast in the xtensa disassembler
• Add RAnalOp.weakbytes() and move more analop apis to arch
• Move anal.xap into the arch
• Update tests and better arch.patch/modify callback
• Move anal.{6502,snes} into arch
• Kill RAsmOp, we can reuse RAnalOp in here
• Improve pickle disasm on invalid instructions
• Remove RAsmPlugin struct and add the 'aia' command to show archinfo
• Move the remaining asm plugins into the arch
• Minor plugin selection improvements
• Move asm.nasm into the arch
• Move asm.vasm into arch.any_vasm
• Assemble large pickle instructions
• Fix and move failing tests, reorder lib build
• Move the arm assembler plugin from asm to arch
• Temporary add RAnal as dependency for REgg
• Improve x86.nz assembler parsing and other bugs in rnum
• Initial implementation of the arch.any.as plugin
• Better handle of RNum errors for egg and arch.x86.nz
• Support reg+idx and idx+reg in x86.nz assembler
• Move the x86.nz plugin
• Fix asm.acur supporting arch, anal and asm plugins
• • Fix asm.acur supporting arch, anal and asm plugins
• Move anal_riscv to arch_riscv
• Fix rasm2 -LLL using the new multi-bits macros
• Introduce RSysBits and its packing/checking macros
• Implement archinfo() in RAnal.Plugin.tms320
• Deprecate the unused RArchPlugin.esil field
• Use PJ to return the list of mnemonics aoml in arm.v35
• Move anal.rsp to the new home
• Move anal.v810 into arch.v810
• Move pickle from anal to arch and add it to meson
• Remove anal.malbolge and fix CI r_esil issues
• Move the 'sh' plugin to the new home
• Honor plugin name in rate matching for RArch.use
• Move jdh8 from asm/anal to arch
• Unify RArchOp into RAnalOp using common include files
• Fix RArchOp.refptr from bool to int
• Bump cs5 to support FNOP on m68k
• Wire-up RArch into RAnalOp
• Fix arm64 plugin to work well with latest arm64 changes in capstone
• Use the latest capstone5-next with updated aarch64 support
• Copy anal_amd29k.c to rarch
• Change arch plugin definition
• Add some more arch config vars
• Introduce arch.endian config var
• Instantiate RArch in anal
• Introduce RArchConfig->decoder
• Add R_LIB_TYPE_ARCH and i4004 arch-plugin
• First arch plugin (arch.null), implement basic lib api
• Start moving EVM analysis from extras to core
• First implementation of r_arch decoder api
• Introduce the new r_arch library, just the skeleton
• Add some r_arch api declarations
• Initial commit on RArch structs

asm

• Deprecate more unused fields from RAsmPlugin
• Fix the parse.z80.pseudo plugin and add a test
• Remove the unused RAsm.binb
• Internal cleanup of asm.c, deprecate the disassembly callback
• Load cpu descriptions for multiarch plugins
• Fix rasm2 x86.nz for "xchg eax,eax" and add tests

bin

• Fix JSON encoding of section addresses
• Add test for cwd source listing, CLL and list
• Add warning when loading DWARF5 files (not supported)
• Add test for the obm with CL, support noncwd paths
• Use obm when spotting a companion dwarf file on macOS
• Implement RBinFile.merge() and obm command to use it
• Initial implementation of the ob-- command to close the last binobj
• Autoload the dwarf companion file on macOS systems if available
• Use rabin2 -rO for raw dump operations
• Use glob expressions to specify section name to dump
• Fix #14540 - klass->super must be an RList instead of char*
• Support for Xbox 360 PE32 architecture (PPC BE)
• Fix wrong detection of main in elf-arm32
• Fix rabin2 -gj and add tests
• Add bin.types and disable by default for CI reasons
• Support loading Plan 9 kernels
• Use API instead of commands to autoload a pdb
• Fix #21020 - fix json format for rabin2 -jM when no main is found
• Expose section type for coff, elf and macho formats
• Fix #18375 - Only patch arm64 relocs when not initialized
• Add experimental bin.str.nofp config for less false positives
• Parse the PT_DYNAMIC elf section for the preinit pointers
• Fix validation check in xnu
• Initialize macho header pf definitions
• Speedup class bin loading with bin.filter=false
• Implement 'ic.' command
• Fix initial seek for Rosetta2 aot binaries
• Silent noisy warning in dwarfprocess
• Expose klass->super details for objc categories
• Include fields in the ic output
• Enable the swift metadata parser by default and import classinfo
• Add lang field for classes, symbols and methods, expose it via ic
• Warn about unpatched relocs when no bin.cache is set for macho fixups
• Add support for 32bit Mach-O fixups
• Expose the macho reloc fixups and use internal buffer for parsing
• Fix obf and add tests for it
• Fix Cd4[ invalid syntax used in macho _const section
• Expose the id_dylib macho command info into the bin kv
• Enlarge the c++ demangler stack limit to solve a warning
• Implement Dwarf.register identifier mapping for v850
• Infuse asm.cpu from the elf flags for v850 ELFs
• Remove asm.features, improve RBinInfo with flags and abi details
• Improve brainfuck detection to reduce false positives
• Implement dwarf.regName() for arm64
• Import the free pascal symbol demangler from rizin

build

• Double lowerdash defines should be defined only by the compiler
• Fix and improve static build, faster libr.a with libtool if available
• Improve libr.a creation with ar -rcT instead of ar -x
• Speedup tcc builds by not using -g
• Move esil one level up in libs.mk
• Update sdb to remove double include paths
• Fix compilation with -lcrypto
• Do not use macos-latest (macos-11 is fine for LTS)
• Update the capstone4 support to 4.0.2
• Fix zig's @cInclude of r_th.h
• Add crosscompiling support with sys/zig.sh
• Do not install the v35 archives (-50MB) in make install
• Fix capstone dynamic memory allocation setup issue
• Support sys/debian.sh crossbuilds
• Remove unused lc-printscan-long-double wasi flag
• Check if CWD contain spaces in sys/install.sh
• Add the acr --enable-threadsafety flag and the same for meson
• Fix meson infinite loop
• Disable libuv by default on meson and acr
• Change build order as long as now bin depends on fs

ci

• Test r2 build with all sysdependencies enabled
• Upgrade al-cheb/configure-pagefile-action to the v1.3
• Run unit tests in parallel
• Upgrade github actions/checkout from v2 to v3
• Upgrade actions/upload-artifact from v2 to v3

cmd

• Fix bugs in aeg command parser

config

• Deprecate the use of comma in e: as stated in the r2580 prophecy
• Deprecate graph.web eval config var
• Remove the file.offset unused config variable

cons

• Fix static themes listing
• Add support for statically compiled themes
• Fix Ctrl+Arrow dietline shortcut for word cursor
• Fix console history log path regression

core

• Enable cmd.undo by default
• Rename many bin.str evars into bin.str.
• Use XDG instead of R2_HOME_CACHEDIR and R2_HOME_HISTORY
• Initial support for XDG env vars and paths
• Fix RConfig.setB when the key doesnt exist
• Deprecate scr.seek configuration variable
• Initial implementation of R_LOG_TODO

crash

• Fix segfault in poa 1
• Fix integer overflow in fuzzed dwarf rendering in graphs
• Fix use-after-free after @@@e spotted by meme
• Fix UAF in aaft when the BB is removed during the loop
• Fix UAF on quit exposed by r2frida

crypto

• Initial abi breaking changes in RCrypto/RHash
• Fix rahash2 -L listing full hash
• Initial work on the way RCrypto handles plugins
• Separate SM4 algorithm from plugin
• Implement the SIP hash algorithm

debug

• Bring back the 'dms' command
• Fixed incorrect thread arena output
• IO uses PID to read from child, tid is just for regs
• Fix r2 -d foo\bar.exe and r2 -d bar.exe on windows
• Make RDebug.regRead() and regWrite() return bool

decompiler

• Improve the outpuf of pdc by trimming the addresses of inline nops and colorize numbers
• Add colorization support to pdc output

disasm

• Implement asm.bytes.align to justify them to the right
• Fix char auto-comment in cmp instructions
• Improve pseudodisasm for arm64
• Improve arm.pseudo when no function information is available
• Fix mips.pseudo shortpath when function is null
• Fix x86.pseudo shortpath when function is null
• Fix NULL function xrefs in pd
• Implement asm.flags.right option
• Add dummy parse.evm plugin to fix portability of test
• Add a dummy bpf pseudo plugin
• Add RParse.justify() to easily fix commas and spaces
• Better spacing in arm.pseudo parse plugin

esil

• Initial support for threads in esil
• Fix #21052 - wrong emulation for pop rsp
• Move anal.esil into the new esil
• Add aegb command as an alias for 'aeg pieq $Fi'
• Add aegn command to combine N esil instructions into one dfg
• Use a function instead for the spaguetti code in all cmp esil opcodes -30LOC

globals

• Remove one global variable in RCore.cmdEval()
• Remove two globals from RCons.cpipe
• Remove the 3 globals in anal.xtensa
• Remove 3 globals from anal.tricore
• Remove the 3 globals from anal.vax
• Remove 3 globals from anal.nios2
• Remove 3 globals from anal.arc
• Remove 3 globals from anal.sparc.gnu
• Remove 3 globals from anal.sh
• Remove 3 globals from anal.alpha
• Remove 3 globals from anal.lanai.gnu
• Remove 3 more globals from anal.pdp11
• Remove 3 globals from anal.hppa
• Remove 3 globals from anal.m68k.gnu
• Remove the 3 globals in anal.ppc.gnu
• Remove 3 globals from anal.cris
• Remove 4 globals from anal.mips.gnu
• Deglob 4 vars in the arm.gnu disassembler
• Remove 3 globals in s390.gnu
• Remove 10 more globals from analysis and capstone
• Remove 3 globals in ccarg analysis
• Remove all global variables from RCrypto
• Move colortable global into the RConsContext
• Remove global from utf8
• Remove the last global variable in libmagic
• Remove in_log_process global
• Remove global in bin.obj.reloc_patch
• Remove global variable in esil loop

graph

• Initial work in graph.bubble for custom bg color in nodes
• Honor graph.layout in aegv too, instead of harcoding horizontal one
• Deprecate aegi and aggi, those were dupes for aegv and aggv
• Fix null deref in agg and avoid destructive manners of 'V ,'

help

• Make the anal.depth warning more useful

indent

• Balance spacings in braces

io

• Initial implementation of the generic io-stream api
• Fix UAF in streaming io plugins when used with io.va=1
• Remove invocation of v layer cache in r_io_desc_read
• Start rewriting io_cache.c
• Kill r_io_read_at_mapped
• Initial import of the serial plugin
• Kill io->buffer
• Remove unused fcn declarations
• omfg runs omm if no map is set
• New o++ command to create and open a new file
• Add "reset" system command to treebuf io plugin
• Minor bugfix in treebuf io plugin
• Add treebuf io plugin
• Fix free-before-use on r_io_reopen of a rbuf:// fd/desc
• Handle reloc maps properly in r_io_map_remap and r_io_map_resize
• Fix reloc map memleak
• Add rio reloc maps
• [5.8.0] Disable the default io.basemap

json

• Fix tj ttj tfj outputs
• Fix invalid json in tj command
• Fix #20772 - ihj rendering an invalid json because of pfj

lang

• Make r2 -j work as a hashbang handler for qjs
• Enable BigNum in qjs
• Use r2papi 0.0.4 with base64 and R2Api is now known as R2Papi
• Add requirejs, simplify compilation and add js_ prefix to all the c files
• Add typescript support
• Minor improvements for js: with r2.call() and r2.cmdj
• Enable Bignum support to the QJS interpreter
• Import the alpha r2papi 0.0.2 api for qjs
• Integrate the qjs repl into the js: command
• Initial import of the interactive QJS repl
• Import the quickjs rlang plugin
• Implement py command and add stdin slurp support for js- too
• Add 'js' and 'js:' commands, as well as improve help for #!?
• Fix null deref in rlang
• Add "lua" as an alias for "#!lua"

leaks

• Fix leaks in pdc
• Fix more memory leaks in rbin and ranal for arm64
• Patch more leaks in the analysis and rbin
• Some safe memleaks related to analysis and registers refcounting
• Fix memory leak in dietline

lint

• Enable the leading spaces linter rule and fix them all
• Use more tabs and add a (disabled for now) linter for it

logs

• Redirect RLog messages into the Corelog
• Add base64 support to the T and T* commands

panels

• Add ve command to set fg/bg colors for current panel

print

• New RPrint.spinBar() API used from scr.demo for now
• Fix pcc trifids confussion issue
• New command CLL (aka list) show function source using addrline (dwarf) info
• Fix #21080 - Add cfg.codevar to change the buffer varname from pc
• ASN.1 and x509: correct OCTET_STRING and Public key info parsing
• Add ASN1 Algorithm Identifiers for Edwards curves
• Fix #20993 - Correct ASN.1 BIT_STRING parsing
• Implement pcn command to print bytes as space separated numbers
• Add support for the swatch dot-beat internet time
• Workaround for "too large buffer" in formats
• px* is an alias for pc*
• Implement pFoj command
• Implement pFaj for asn1 json decoding
• Initial refactoring/cleanup of ASN1 parser api
• Add pFxj command to print x509 certificates in JSON format
• Add pFpj command to print PKCS7 files as JSON
• Fix issue in 'pdc' that was showing empty orphan nodes
• Implement new 'pcq' command, like pc, but inline-include-friendly
• Implement the new pieb command as an alias for pie $Fi
• Fix read buffer overflow in pxq -272
• Implement pFbJ command with quiet and verbose json formats
• Implemen pFbj for json printing of protobuf
• Set hex.hdroff=true by default
• Implement pFAj to render android xml in JSON (abi break)
• Implement TSV output format for RTable

projects

• Fix some problems when renaming projects
• Fix some bugs in projects
• Quote commit message to avoid git error when saving project
• @radare Do changes in Px->Pc, Pc->PS* as planned

r2pipe

• Check magic header before assuming an interpreted file is executable

r2pm

• Fix assert in Str.Trim() when r2 is not installed
• Add support for tarball and zip packages
• Honor EDITOR in r2pm -e
• Remove all the references to the old r2pm.sh
• Implement R2PM_FAIL and mark it as deprecation for r2-5.9.x
• Implement r2pm -cp like it was in r2pm.sh
• Fix clean installations with r2pm -c
• Expose R2PM_SUDO and list R2PM_PREFIX in -H
• Handle -HH in r2pm for verbose env listing and remove unused R2PM_GITSKIP
• Fixes pull/install/uninstall on windows
• r2pm -Ui can be combined now and fix extras package building
• Honor R2PM_DBDIR env var
• Honor -f in r2pm -U to force clean the r2pm db
• Support XDG on r2pm and expose the PKG_CONFIG_PATH
• Expose R2_LIBEXT for r2pm packages
• Update r2pm manpage and add -q and -a flags
• Show package source with r2pm -d
• Implement r2pm -H to make more packages build
• Fixes parsing the GIT URL on some packages
• Test the new default native r2pm fix flushing and using RLOG
• Make R2PM_NATIVE the default and provide R2PM_LEGACY

r2r

• Fix rvector assert when indexing empty ones

refactor

• Move the RParse.cparse into RAnal.cparse
• Stop aeg from abusing agg
• Rename R_ANAL_ESIL_DFG_BLOCK_ to R_ANAL_ESIL_DFG_TAG_
• Rename EsilDFGRegVar to EsilDFGVar and introduce EsilDFGVarType
• Avoid using RArchConfig->big_endian
• Add addr_bits to RArchPlugins and make info and decode cbs cfg aware
• Add archcond api to rarch, some small cleanup in anal
• Make bitness, endianess and esil-support fields of RArchPlugin again
• Copy value.c and op.c from anal to arch
• Copy switch.c from anal to arch
• Add some more typedefs and enums to r_arch
• Rename r_arch_set_ to r_arch_config_set_
• Rename R_ASM_SYNTAX to R_ARCH_SYNTAX
• Simplify x86_cs BSR and BSF esil
• Use r_strbuf_replacef in anal_mips_gnu esil generation
• Use r_strbuf_replacef in anal_mips_cs esil generation

rvc

• Initial refactoring of the version control api
• Move rvc from core to util
• Fix rvc.commit when non-interactive with a default message

scan

• Fix crash in the swift metadata parser spotted by coverity

search

• Fix JSON encoding of unsigned search values
• Fix /au after aeim
• Fix /w and /wi, add tests, minor code cleanup
• Add r_anal_optype_index to make /atl and /at use full listings of optypes
• Support space separated instruction types and family in /at and /af
• Improve json output for /asj and /atj
• Fix calling /re twice after ^C
• /az uses anal.in instead of search.in to improve scan results
• Make /az faster after aeim, skipping unrelated regions
• Fix last char bug in swift strings found with /az
• Add x86-64 support to /az
• Add flags under the asm.str flag prefix when doing /az
• Honor bin.minsz in /az is no argument is provided
• Implement /azq to search for assembly strings and add tests
• Implement the new /az command to find assembly constructed strings
• Superseed #20447 - remove some magic globals

shell

• Fix ?vi:123 and ?v:123 commands
• Print whatever is taken from io_system to rcons
• Fix runtime warning after leaving an rlang session
• Add "" command to run RCore.cmdCall()
• Fix #21136 - o <tab> autocompletion not working
• Show help when using invalid subcommand of afi
• Implement abo and afbo commands to list opcode offsets in function or bb
• Implement o-. command, add help for future o-$
• Expose RCore.cmdCall() and fix b64: command + add tests
• Show number conversion error messages in ?v command
• Fixes for the line editor using live save/load with new RFile apis
• Implement oe command to open a file using cfg.editor
• Add quiet and table listing for lang plugins
• Implement Ll, Llq and #!?q commands for better rlang listing
• Fix r2 /directory behaviour
• Support $r:REGNAME syntax and document it
• Implement cmd.usr1 and cmd.usr2 to handle signals on unix
• Add #!qjs and #!tiny for autocompletion
• Fix behaviour of -a and -b flags (no arg= show current, append? for help)
• Rename the drm command to drv for consistency
• Add -s -i -f r2 commands
• Implement -a, -b, -c and -e commands in r2
• Add tabhelp exception for pf.
• Add r2 -LL to list core plugins
• Improve help message for f subcommands
• Take into account static themes when listing
• Add ot command as an alias for touch
• Implement the ji: command as an alternative to ~{} without cons filtering
• Also handle (j) and (*), more syntax-consistent and add a test
• Implement (j for json output of macro commands
• Initial implementation of ?ie
• Add missing help for the '?i?' command
• Use RCoreHelp for /ca?
• Fix #20760 - Implement native gron via ~{=}
• Remove RPrintRowlog and use R_LOG isntead
• Allow changing number of saved input lines
• Implement log.source and log.origin
• Add the new ucu and ucd commands using the new core-undo apis
• Rename asm.{off} variables to asm.offset

syntax

• Move the preincrement and void arg from tests to lint.sh

threads

• Initial ref-counted RRegItems, needed for threadsafety
• Move the readahead logic to a local variable
• Guard more critical sections in cons and core
• Analysis now waits in background for the bin parsing to finish
• Add some RThreadLocks and start to use the critical sections

thready

• Dont call RCore.seek() and read a new buffer in disasm

tools

• rax2: corrects base64 encoding for null bytes
• Fix r2 -2
• Fix broken tests for long number conversion
• Fix base64 null byte decoding bug in rax2
• Implement rasm2 -LLL to list arch plugins
• Add Ls to list assemblers, and LA to list analysis plugins
• Bring back the r2 -t for parsing bin and analysing in background
• rarun2 supports multiple preload directives

util

• Fix the XML parser
• shlr/yxml -> libr/util/rxml - fork the abandoned yxml parser and expose it
• Add RStr.ansiStrip() and RStr.insert()
• Improve internal RBuffer API checks
• Add log error when pj depth limit reached
• Add R_SYS_BITS_12
• Introduce R_SYS_BITS_4
• Add :header and :noheader in RTable
• Fix crash in r_vector_shrink
• Minor COV fix in r_str_char_count
• Fix return type of r_str_char_count
• Add new RStr.replaceAll() api
• Use R_PRINTF_CHECK for r_strbuf_replacef
• Add r_strbuf_replace{f}

vc

• Initial rvc refactoring and cleanup of the api
• Move rvc apis into callbacks
• Make ravc2 accessible via blob and r2 shell

visual

• Use RAnalOp instead of RAsmOp in r_core_visual_bit_editor
• Fix issue with cursor disappearing towards the bottom of the screen
• Don't draw two cursors when too many bytes are on disasm panels
• Make j/k movement in panels' cursor mode more consistent with it's visual counterpart
• Don't skip byte when moving left/right in cursor mode (disassembly panel)
• Fix pdc glitching in panels
• Handle arrow keys in VT
• Handle JK0 keys in VT
• Honor cmd.vprompt and scr.notch in VT
• RStr.wrap() supports ansi and use it in VT
• Implement Tv command and use it from VT
• Fix the cache and other bugs in panels
• Override scr.maxpage in panels to avoid undesired prompts

wasm

• Upgrade to the latest wasi16 sdk

Authors

Axel Iota Ben L Denis Ovsienko Dennis Goodlett Dennis Goodlett Francesco Tamagni Nikhil Saxena Paul B Mahol Richard Patel Seunghwan Chun Sylvain Pelissier adwait1-g condret erfur pancake pancake rax64

Changes

anal

• Define =SN for the sparc register profile and improve warning message
• Include bb instruction addresses in an array for abj
• Fix more tests to run outside x86-64
• Implement aflx and aflx* commands to re-analyze function callers
• Implement aflm. and aflm? to print the makefile-style function call summary
• Fix bug in esil_cfg
• Implement r_anal_esil_dfg_reg_is_const
• Fix quotes in pickle assembly
• Improve aab results by using section size
• Refactor esil new in cmd_anal
• Refactor ar set command to static func
• Fix '/gg' output
• Fix duplicate aarch64 syscalls
• Fix leak in 'aex' command.
• Fix compilation warning
• Silence compilation warning in show_reg_args()
• Fix leak in r_core_esil_step()
• Check list allocation return value
• Fix leak of RAnalBlock in false return code path
• Check that vector length is not 0
• Fix leak of list when using asj command
• Fix leaks caused by not calling r_anal_op_fini()
• Add pickle descriptions

analysis

• Define =SN for the sparc register profile and improve warning message
• Include bb instruction addresses in an array for abj
• Implement aflx and aflx* commands to re-analyze function callers
• Fix duplicate aarch64 syscalls

arch

• Support assembler plugin resolution by aproximated name
• Rename asm.arm_cs to asm.arm
• Merge asm.sparc_gnu into anal.sparc_gnu
• Lowercase all pickle instructions
• Upgrade to the latest capstone-next for ppc purposes

asm

• Fix integer overflow in match_c_lui()

bin

• Fix boundary check in mach0 fixups reconstruction
• Fix two oobreads in coresymbolication and dyldcache
• Update coresymbolication cache parser
• Add table's :help and ignore commas in i subcommand parsing
• Fix incorrect relocs=false in macho
• Fix regressions affecting dyldcache parsing
• Fix #20624 - Implement ic, command to query klass information
• Fix oba $$ in frida://0 global
• Add support for REL file format plugin
• Support powerpc coffs
• Handle RABIN2_MACHO_SKIPFIXUPS env var in the macho parser
• Add wasm globals to symbols
• Fix leak in bin_sections

build

• if != ifdef on msvc
• Add lint for C++ include support

ci

• Fix #20655 - Zip the blob for windows

config

• Fix prj.alwasyprompt description text

cons

• Fix a couple of coverities in canvas and dietline
• Fix 'num' display with gentoo theme on 256 term
• Add to all themes 'ecd' at start
• Remove duplicate entry for basic theme
• Fix background color for dark theme
• Simplify ansi color mapping
• Fix several bugs when interacting in VE mode
• Fix leak in nextpal()
• Fix leaks in VE mode
• Fix leak of memory returned by r_str_ansi_crop()

core

• Fix leaks when calling r_flag_all_list()
• Fix leak in error path of r_core_anal_search_xrefs()
• Fix leak of pointer left behind

crash

• Fix stack exhaustion bug in the c++ gnu demangler
• Fix oobread in protobuf parser
• Fix oobread in r_str_is_printable_limited
• Fix UB bug in afi command causing random segfaults
• Harden swift demangler
• Harden msvc demangler
• Fill null deref check in the x509 parser
• Fix two more bugs in pdb found by libfuzzer
• Some safe fixes in rbin
• More r_run_parseline fixes
• Fix #9782 - r_run_parseline OOB read
• Fix oob write in dyldcache
• Fix null deref on non-capstone builds

crypto

• Add SM4 block cipher

debug

• Add new 'drp*' 'arp*' commands to flag the reg arena
• Fix build for 32bit iOS debugger
• Fix process detach in the xnu debugger
• Fix arm64 register access in xnu debugger
• Initial blind support for io.self for serenity

diff

• Implement radiff2 -B to specify base address
• Emit json when radiff2 is run with -Cj

disasm

• Fix #20202 - pd-55 showing invalid instructions

esil

• Fix tests and emulation for x86_cs BSR and BSF instructions
• Add warning for esil op $$ deprecation
• Tag dfg nodes that are vars with constant values properly in esil_dfg.c

fs

• Implement mdd, mdq and ms's ls -l
• Add initial fs.zip plugin, listing only for now

fuzz

• Fix another crash in the protobuf parser
• Fix too much time spent loading corrupted dyldcaches
• Fix negative allocation in the dex parser
• Fix infinite loop in dyldcache parser
• Fix large allocation bug in wasm parser
• Fuzz pdb
• Fuzz protobuf
• Fuzz pkcs7, punycode, x509
• libFuzzer demangler target
• libFuzzer bin target
• add libFuzzer integration, r_run_parseline test

globals

• Remove two global variables in the anal.ppc.cs plugin
• Remove global in cons.rgb
• Remove globals in bin.sms
• Remove globals in flirt and apply some extra cleanups

graph

• Implement new toyish visualization command agt
• Implement aggb command, like agfb but for agn/age
• Add cmd.bbgraph to use a different command to render the basic blocks
• Remove hack fixing a bug that is now gone for agn

io

• Initial implementation of the reg:// io plugin
• Fix #20616 - Fix analysis when using io.cache
• Implement wcu command to undo cached writes
• Initial implementation of the xattr io plugin
• Fix leaks on error path in r_io_zip_open_many()

lint

• Enable linting for trailing tabs

panels

• Fix #20651 - Decompiler panel was disapearing after clicking

print

• Implement pxu{1,2,4,8} like pxd but unsigned
• Fix w6e and w6d, Add w6x, p6[e|d][s|z] + tests
• Fix #20540 - pc should use an unsigned char buffer
• Implement p8x and p8* similar to y*

refactor

• Add linting to spot misuses of r_strbuf_appendf and fix them all
• Minor optimization of generated esil expressions
• Remove some unused macros in anal_riscv_cs
• Remove occurences of $$ in riscv esil
• Remove occurences of $$ in mips_gnu esil
• Remove occurences of $$ in bf and mips_cs esil
• Move the asm.m68k.gnu into the anal
• move asm.arm_windebg to anal.arm_wd
• Remove occurences of $$ in v810/v850 esil
• Minor optimization of generated esil in anal_arm_cs.c
• Minor optimization of esil generation in anal_arm_cs.c
• Avoid =[*] in arm_cs esil
• Remove occurences of $$ in arm_cs esil
• Move lanai from asm to anal
• Move the hppa plugin from asm to anal
• Use more R_LOG in cmd.open
• Merge asm.arm.gnu into anal.arm.gnu
• Move asm.ppc.cs into anal.ppc.cs
• Merge asm_arm_cs disassembler into anal_arm_cs

search

• Add help message for /at?
• /at accepts a comma separated list of optypes
• Enable emulation in /as, it's fast enough and results are better
• Test and benchmark --with-sysmagic in the CI

shell

• Add open command as a wrapper for the system launcher
• Fix #20387 - woa 1 confusing error message
• Honor autocompletion in the of command
• Use RCoreHelp for j? and uc? to fix a lint
• Add |E |D |J pipe aliases for base64 command execution and encoding
• Support interpreting executable binaries with r2 -i or '.'
• Don't print eol chars for now to fix an r2pipe issue
• Make command repeat behave as expected with the foreach operator
• Improve the yank command and help
• Honor : table modifiers in om,
• omt->om, and make omr print map size with no args
• Implement s** for proper seek history parseable output
• Implement ics command to list address of class methods
• Protect ms shell with scr.interactive
• Fix null deref crash in RTable and improve C,
• Implement 'e,' for table format, old e, is now e:
• Use RCore.help instead of eprintf in more commands under aa
• Implement y- command and some other indentation fixes
• Use : instead of =! in all the io plugin help messages
• Fix autocompletion for :. for r2frida

tests

• Fix total amount count of tests in r2r output
• Add test index progress in default output
• Support REQUIRE in r2r tests
• Add a few tests for cBPF conditional jumps.

tools

• Remove all global variables in rahash2
• Implement native r2pm pkg registry, buffer r2pm -s
• Enable r2pm-native when calling it from r2
• Use R_LOG in libr.main and fix RLogLevelMatch
• Allow rasm2 -f to open files with r_io files
• Fix ragg2 -C for pe64
• Fix memory leak on error path of rabin_do_operation()
• Fix leaks of allocated memory for duplicate plugins
• Check return value of r_list_new()
• Improve pid directive in rarun2, better info reporting

types

• Fix #16492 - Handle - suffix in te and ts, add tests

util

• Tests for the "standard" splist() implementation
• Minor bugfix in strbuf.c
• Add some more asn1 oids from apple
• Check for RGraph in r_graph_free()
• Fix several issues in r_syscmd_join()
• Fix leak of char* in r_table_visual_list()
• Fix leak in some yanking cases
• Fix possible leak of list after each loop iteration
• Move eprintf message to debug log
• Check if RList* is available before calling r_list_get_n()
• Fix leak in r_log_vmessage()

visual

• Add 'pxu' mode to
• Improve visual text editor navigation ('j' moves to next line)
• Fix #20602 - Insert and cursor glitching in hex panel
• Implement interactive text editor mode in VPi command
• Fix insert nibbles in visual hex editor
• Use p8x and remove pcj from visual list

windows

• Implement r_cons_is_tty for w32

write

• Warn when bypassing the word bounds of numeric arguments in wo
• New syntax for wox to differentiate hex and numbers
• Implement wa+ command to assemble + seek

Authors

Adwaith V Gautham Alessandro Carminati Axel Iota ChoobieDesu Denis Ovsienko Dennis Goodlett Ilya Trukhanov Lazula Maurizio Papini Paul B Mahol RHL120 Richard Patel Sergi Àlvarez i Capilla Seunghwan Chun condret mrmacete pancake pancake pluswave

Changes

anal

• Add mnemonic API to pickle arch
• Add last opcodes to pickle assembler
• Add python pickle machine (pypm) dissassembler
• In cBPF jt and jf are unsigned, fix the code
• Handle arm64's BTI instruction as a nop
• • Revert "ARM disassembler: don't compute [pc, reg] memory location
• ARM disassembler: don't compute [pc, reg] memory location
• Updated syscalls for aarch64 to linux 5.19.0-rc1
• Update syscall table for linux-x64 from kernel 5.19-rc1
• Fix leak in wasm opcode disassembly
• • Fix leak in wasm opcode disassembly

analysis

• Handle arm64's BTI instruction as a nop
• • Revert "ARM disassembler: don't compute [pc, reg] memory location
• ARM disassembler: don't compute [pc, reg] memory location

analysis"

• • Revert "ARM disassembler: don't compute [pc, reg] memory location

arch

• Fix riscv left shift bugs and implement archinfo
• Revert "Update capstone which improves the PPC support
• Update capstone which improves the PPC support
• Add pickle assembler

arch"

• Revert "Update capstone which improves the PPC support

asm

• Fix for riscv

bin

• Fix returning imports table
• Fix use-after-free in the macho swizzler
• Add RABIN2_MACHO_NOFUNCSTARTS option for testing purposes
• Expose dbgInfo.LineNum on macho files
• Fix macho swizzle bug by cloning the plugin struct
• Early check to avoid null deref on files with missing buffer
• Workaround for the fatbin slice selection regression
• Refactor wasm custom name parsing

build

• GIT_TAP=$R2_VERSION if no .git is found
• Initial work towards onifying r_util

ci

• Build r2 with muon+samu
• Publish m1 packages automatically on release time
• Add line count history helper scripts

cons

• Speed up rendering by caching context pointer
• Fix picking colors for 256 colors terminals
• Fix display issues with pss visual mode

core

• Add cmd.undo and handles it for w and CC commands

crash

• Fix double free when shrinking vectors
• Fix oobread in iOS arm64 kernel parsing
• Fix FPE crash in p2 visual mode
• Fix buffer overrun in pd reported by durandal_1707
• Fix crash when calling strcmp on NULL
• Fix heap oobread in the macho parser
• Fix asan heap oobread in the tms320 disassembler

disasm

• Dont show asm.describe on strings

doc

• Increase maximum recommended line length

esil

• Fix x86 - ROL RCL ROR RCR with memory locations

fs

• Fix last covs and support mount in ms
• Refactor the RFS.Shell and add the getall command
• Add fs.cwd to define default path in ms

globals

• Remove time_t now global variable for magic

io

• Update the embedded libzip under shlr/zip
• Tiny optimization in RBuffer -0.01s speedup

lint

• Fix a new linting to remove the double error message in RLOG calls

magic

• Add RSA/DSA key magic

panels

• Add Assembler entry in Tools/

print

• Fix color changing for same block and prc=f
• Fix p=F output
• Allow to change entropy bars width with '[]' keys
• Fix p=e output

projects

• Fix two more projects tests with the new onnu

r2pm

• Fix r2pm.sh path resolution issue

refactor

• Refactor a few eprintf to R_LOG_ERROR
• Merge asm.riscv into anal.riscv
• Remove unused daylight logic in magic/mdump
• Remove optyp global variable for magic
• Ignore asm->immdisp
• Merge arc from asm into anal and build it with meson
• Merge v850.np into v850
• Use arch/bits info from anal if asm is not available in r_core_bin_update_arch_bits
• Merge asm_x86_cs into anal_x86_cs
• Merge asm.mips(cs,gnu) into anal.mips
• Merge asm.tms320 into anal.tms320

search

• Fix /rx
• mbr magic is not good for deltified matches
• Remove noisy mail.news magic file
• Fix /as on arm64-linux and add missing tests to cover it
• Improve little and big endian LZMA header magic matching

shell

• Add the infamous command tac
• Implement ~$!! as a tac replacement and clarify the ~$! use
• Handle the s# command as in 's #'
• Partial #19887 - Refactor c[248], add and test c[248]*

tests

• Fix ARC tests and improve r2r.asm output

tools

• Fix #20439 - rafind2 -V search for values like in /v
• Fix #16209 - ragg2 on macOS
• Use of RNum.calc in rax2 to honor error code
• Honor opasm in rasm2 -LL output

util

• Be more strict when parsing numbers
• The RThread.start(true) had racy deadlocks, re-enable the bg http server
• Use R_LIKELY and r_return in the skiplist api
• Optimized implementation of rand for skiplist

view

• Fix r_cons_printf call in calculator
• Add FPU/XMM/YMM panel displays

visual

• Fix recently introduced stack buffer overflow
• Make PageUp/Down keys less laggy
• Allow seek to previous result item when it is at 0 offset

Authors

Alex Bender Baldanos Dennis Goodlett Richard Patel Richard Patel Sergi Àlvarez i Capilla condret gitcolt pancake pancake tbodt

Changes

anal

• Honor syntax cfg in cs anal plugins
• SPARC ignores cfg.bigendian because all instruction fetches are BE
• Add big endian support for arm prelude search

arch

• Re-enable the bpf.mr assembler

asm

• Remove all instances of "ptr " in x86 cs assembly output
• Move the lm32 plugin into the anal

bin

• Fix o-- issue on macho-arm64
• Don't hash files when loading, that's too heavy! 1.2s -> 0.8s
• Fix wasm function offset lookup
• Split wasm imports by types

ci

• Ignore odr-violations by default when running asanified r2r

cleanup

• Lint for x""

cons

• Add r_sys_signable() and use it from r_cons_thready

core

• Fix loading xtr bins without arch dedicated asm plugin loaded

doc

• Correct help msg fro ph command

fs

• Fix mountpoint listing in the rfs shell

io

• Add omu command to create a unique map
• Miniscule optimization of io vread and mapping operations

lint

• Add R_MUSTUSE hint
• Add a linting to avoid R_LOG calls ending with a dot
• Use r_str_startswith() in libr/io/p instead of strncmp

print

• Fix (null) printing on pi command

projects

• Fix #20405 - Multiple fixes and improvements in projects

refactor

• More eprintf -> RLOG here and there
• Merge asm.java into anal.java
• Move asm.sh disassembler into the anal.sh
• Add another source linting to avoid newlines in RCore.cmd()
• Minor simplification of meson build files
• Merge asm_rsp into anal_rsp
• Merge asm_propeller into anal_propeller
• Merge asm_m680x_cs into anal_m680x_cs
• Merge asm gb into anal
• Merge the asm.mcs96 plugin into anal
• Merge asm.cris into anal.cris
• Use more R_LOG instead of eprintfs and add more linting checks
• Add sys/lint.sh and run it in the CI
• Merge asm.8051 into anal.8051
• Merge asm.sparc into anal.sparc
• Merge asm.alpha into anal.alpha

shell

• Fix #16395 - Add open file command to the ms shell

tests

• Remove the -r and -m flags from r2r

tools

• Down with capitalism - lowercase all capitalized strings in r*2 -h
• Add RABIN2_VERBOSE env var to set bin.verbose=true in rabin2
• rabin2 -qqqqqq doesnt swap between simple and simplest now

web

• Few http webserver improvements

Authors

Aleksey Kislitsa Apkunpacker Ben Demick Denis Ovsienko Dennis Goodlett Dennis Goodlett GiulioL GiulioLyons HighW4y2H3ll Lazula RHL120 Richard Patel Richard Patel Sergi Àlvarez i Capilla aemmitt aemmitt-ns colt condret lazymio meme pancake pancake pipothebit rax2 rax64 ypsvlq

Changes

anal

• Add op->cycles for M68K move
• Set data alignment of m68k CPUs
• Use r10 as SP and as an sp alias on arm64
• Fix archinfo for BPF
• Add icg str argument for filtering classes to graph
• Add z vector registers for ARM64 in the register profile
• Add R_REG_TYPE_VEC
• Remove dead code
• Add esil support for VMOVDQU in anal_x86_cs.c
• Fix ARM ujmp op type with rjmp & mjmp
• Fix #20215 - Handle op->direction in XOR x86 instructions
• Reduce LOC of i4004 assembler (only use gperf for 1 byte instructions)
• Move i4004 asm to anal

analysis

• Set data alignment of m68k CPUs
• Use r10 as SP and as an sp alias on arm64
• Fix archinfo for BPF
• Add icg str argument for filtering classes to graph
• Fix ARM ujmp op type with rjmp & mjmp

arch

• Fix reg profile, add archinfo and opinfo for bpf.cs
• Initial import of the asm.bpf plugin from extras
• Add initial anal.bpf.cs plugin + disasm tests

asm

• Support tbz,tbnz,rev16,rev32 instructions in the arm64 assembler
• Support cset and sxt(b,h,w) instructions in the arm64 assembler
• Support mnemonic list for all Capstone-based plugins
• Support ccmn and csel instructions in the arm64 assembler
• Support more arm64 instructions

bin

• Fix #17174 - Add the flagname and real symbol name details in the output of icj
• Better handling of invalid/corrupted wasm files
• Use RPVector for wasm imports
• Use RPVector for wasm data section
• Refactor wasm start section parsing
• Move RBinWasmObj-code to RPVector
• Wasm use rpvector on elements
• WASM use RBinWasmObj in vector parsing
• Update wasm tests for exports
• Fix wasm iE duplicates
• Rename wasm subection index member to sec_i
• Change wasm subsections into RPVectors
• • Use RPVector for wasm tables entries
• • Use RPVector for wasm memmories entries
• • Use RPVector for wasm global entries
• Refactor wasm and add function section parsing
• • Remove unsed buf_read_new from wasm parser
• • Refactor wasm vector sub-section parsing
• • Add wasm function sub-section parsering
• Fix ELF default arch of x86
• Avoid false positives when loading s390 modules
• Refactor wasm function types
• Wasm allow partial custom name parsing
• Wasm iE improvment

build

• Windows builds include debug information by default
• Add macos-m1 GHCI builds
• Update v35arm64 to fix build on riscv
• Massage MAKE_JOBS for sys/debian.sh too
• Remove the r2p symlink on Make purge

cons

• Fix/clarify the use of cons.vtmode/line.vtmode/vmode
• Reduce stack in RLine.histLoad() and early return on windows to fix a crash

core

• Fix fortune file detection
• Make the gnu disassemblers thread safe

crash

• Fix oobread in RTable exposed via an ELF reproducer
• Fix #20336 - wasm bin parser
• Fix oobread in wv
• Fix #20248 - DoubleFree in RCons.pop() triggered via RCore.cmdStr()
• Fix infinite loop in gdbserver =g
• Fix several bugs in the RStack API

disasm

• Fix negative on unsigned value in v850.pseudo
• Update to the latest capstone to fix a bug for BPF
• Fix #17961 - missing flags in asm.reloff=1 + scr.color=0

doc

• Rename doc/crosscompile to doc/cross-compile.md
• Add ABI stability explanation

esil

• Fix SHRD instruction ESIL
• Add ESIL to the anal.bpf.cs plugin

io

• Fix bug in io_ihex
• Optimize io.open() by skipping plugin iteration if no uri found
• Add stdin:// uri handler in the io.malloc plugin

parse

• Make existing types available to r_parse_c_string

print

• Fix #20310 - Handle help suffix on more pd subcommands
• Convert pf d specifier to hex dword

r2pipe

• Fix: pthread_create: Resource temporarily unavailable

r2pm

• Handle R2PM_UNINSTALL on Windows
• Fix environment message for the package manager
• Improvements in the native r2pm, being able to install samu and muon

refactor

• Merge asm.avr into anal.avr
• Merge asm.xap into anal.xap
• Merge asm.i8080 into anal.i8080 and add a test
• Merge asm.xcore_cs into anal.xcore_cs
• Merge asm.amd29k into anal.amd29k
• Merge asm.h8300 into anal.h8300
• Merge asm.lh5801 into anal.lh5801
• Merge asm.cr16 into anal.cr16
• Merge asm.v850 into anal.v850 and add a test
• Merge asm.malbolge into anal.malbolge
• Merge asm.v810 into anal.v810
• Merge asm.pdp11 into anal.pdp11
• Merge asm.6502 into anal.6502
• Remove more R_TH_LOCAL in TCC
• Remove excess zeroing in anal_bpf.c
• Merge asm.riscv.cs into anal.risc.cs
• Move asm.pyc to anal.pyc
• Merge asm.nios2 into anal.nios2

search

• Honor cfg.bigendian in /v subcommands

shell

• Fixes for the R2_FORTUENS system and home paths
• Fix history file path construction
• Fix error message in e- when resetting in debugger
• Remove newline in date and pt. output
• Expose R2_HISTORY in r2 -hh and r2 -H to locate history file

tests

• Add Capstone aoml cases
• Generate r2r.json for profiling the testsuite
• Sort lines in r2r -h
• Use absolute path for r2r -o

tools

• Fix disalignment glitch in rasm2 -L and rasm2 -LL

util

• Compile-time optimization for r_str_startswith()

visual

• Fix arrows in visual prompt on windows cmd V:

windows

• Autoset vtmode=1 or 2 depending on shell or visual
• Detect cmd.exe as vtmode=2
• vmode fixes visual shift issue in cmd.exe
• Support building windbg plugin under mingw

Authors

Aleksey Kislitsa Alex Bender Anton Kochkov Antoni Viciano Dennis Goodlett Dennis Goodlett Elaine Gibson GustavoLCR Jose Antonio Romero Lazula Mario Haustein Mathieu Dolmen Ole André Vadla Ravnås RHL120 Sergi Àlvarez i Capilla Sylvain Pelissier Wadim Mueller condret freddy gogo2464 kakamaika pancake pancake rax2 rhl120 ypsvlq

Changes

anal

• Initial support for op.family on the v850.np plugin
• Add missing =BP for v850
• Fix crash when doing aac in frida://0 which calls 's $S'
• aav output is now cleaner and less verbose
• Implement native r0 relative references in v850
• Fix oobread bugs in the v850.np plugin
• Add missing status registers on v850.np
• Fix missing calling convention when using asm.arch=*.XXX
• Optimize thumb code analysis (4x faster)
• Fix leak in r_anal_get_gperf_cc
• Honor anal.timeout and better ^C handling in aaaa
• Add missing op types to r_anal_optype_to_string
• Remove RAnalPlugin.jmpmid and use ANAL_ARCHINFO_ALIGN instead
• Add r_anal_is_aligned
• Move VAX disassembler to anal
• Fix invalid basic blocks on switch/jmptbl on arm64
• Use @@@F instead of @@f in aaa - fix deadlock in iaito
• Update to the latest v35arm64
• Use RArchConfig in RReg, Add RReg.hasbits() apis
• Improve boundary oobread checks for anal.8051
• Honor anal.calls in aap
• Kill anal.endsize
• Introduce RAnalPlugin.jmpmid and replace some is_x86
• Fix infinite loop when anal.vars on huge empty basic blocks
• Fix a couple of infinite loops in aav
• Do the whitespace thing that pancake wanted me to do
• Add missing Motorola cpu models for m68k.gnu and m68k.cs
• Honor asm.syntax=att in v850.np and handle more op.type
• Better s390 instruction details
• Remove asm.bf, and move its .opasm to the anal.bf
• Add the RAnal.mnemonics() callback in RAnalBind for the arm.v35
• Remove the asm.arm.v35 and move (and fix) the mnemonics cb
• asm.cpu listing fixes for anal plugins
• Remove duplicated register definitions for AVR
• Move asm.xtensa into anal. fix dupplicated symbols linkage bug
• Fix null derefs in anal.avr plugin and improve defaults
• Fix #19990 - Fix aoml for non-x86 targets and add tests
• Fix #7094 - Add direction information in xrefs
• Add =SN and =R0 to 8051
• Add RAnal.use in RAnalBind to use it from RAsm

analysis

• Implement native r0 relative references in v850
• Optimize thumb code analysis (4x faster)
• Fix #19990 - Fix aoml for non-x86 targets and add tests
• Fix #7094 - Add direction information in xrefs
• Add =SN and =R0 to 8051
• Add RAnal.use in RAnalBind to use it from RAsm

api/abi

• Rename REgg.Cfile to REgg.cfile
• Rename corebind fields to coreb, for consistency with analb, iob
• Use RArchConfig in RPrint
• Expose RAnal.opDirection.toString as a public method
• Make CRBTree.foreach() C++ friendly
• RStr.isTrue/isFalse accept NULL argument now
• Use RLog in RCons
• Introduce r_arch.h. Use RArchConfig in RAnal and improve RRef api

arch

• Support '$' in regprofile offset column
• Move tricore from asm to anal

asm

• Move the asm.ppc.gnu into the anal
• Remove the v850.gnu plugin
• Move the asm.pic into anal.pic
• Support cls, clz for 32 and 64 bit registers in the arm64 assembler
• Move asm.snes into anal.snes
• Fix assembling with the arm.v35 plugin
• Move 8051 test into db/tools/rasm2 and fix null deref in asm
• Support 'msub, madd, mneg, ngc, sbc, asr, ror, cls, clz, rev, rbit, rbit16, rbit32, umulh' in the arm64 assembler
• Initial implementation of shared RAsmConfig
• A little better asm directive parsing
• 8051: handle any mov case for reassembling

assembler

• Support assemble for mul, udiv, sdiv, lsl, lsr, mvn, tst arm64 instructions
• Fix endian issue in binary input for rasm2 and add tests
• Support assemble for add, and, eor arm64 instructions

bin

• Better handling of Wasm Names
• Fix large loading times in macho parser for binsz=-1
• Fix off-by-one bound check in wasm format
• Simplify functions in wasm format
• Fix leak in wasm custom names
• Better formating wasm custom name
• Fix parsing LE and COFF on big endian host
• Fix pyc parsing on big endian machines
• Fix leak in wasm sections
• Add bin.maxsymlen to make this symbol name length limit configurable
• Do not accept symbol names in mach0s larger than 2KB
• Fix wasm section parsing
• Remove global from elf parser
• Fix another race condition in the macho parser
• Remove another static global in the sections cache of objc
• Move the local-global cache into the macho object
• Fix allocation peak in macho property parser
• Expose CLR metadata in ih output instead of messy eprintfs
• Add bin.xtr.xalz plugin using the new loadbuf field
• Remove the bin.xalz plugin as its meant to be io or bin.xtr
• Fix null derefs on partially initialized xtr bin plugins
• Fix main detection in x64 elf, after updating condret's machine
• Use the new RBinInfo.charset in bin.s390
• Add headers, sections, symbols and entrypoints to the bin.s390 plugin
• Initial import of the bin.s390 plugin
• Permit RBin plugins to expose a default charset
• Select 'arm' fatmacho slice on -a arm.v35
• Fix #6647 - check map bounds in the pebble bin loader
• RBinFile size must be ut64, not signed int to open > 2GB files

build

• Use meson's gittap command on make
• Fix #13196 - Honor SHARED in configure-plugins
• windows_heap is included in cmd_debug
• Fix meson build with use_sys_openssl
• Leftover for --disable-threads causing runtime problems
• Use longer names in enum to avoid conflicts with the SerenityOS toolchain
• Deshadow some variables, in progress for the full -Wshadow cleanup
• Make capstone include directories consistent
• Add xtensa for the meson (requested for Windows)
• Honor capstone commit in ci
• Fix for --without-pull not working in install.sh

cons

• Add scr.maxpage to remove the CONS_MAX_USER constant
• Fix r_cons_get_cur_line() on windows
• Add ec bgprompt for a colorful shell and visual prompts
• Fix glitch in scr.html when scr.color=1

core

• Introduce R_LIKELY macros and update sdb
• Fix RCons recursive buffer fill causing iaito memory usage problems
• Initial import of the RThreadChannel API with the ::x command
• Deprecate anal.cpu, just use asm.cpu
• Improve RLog API and usage, document R2_LOG_ vars in r2 -hh

crash

• Fix integer overflow in string search causing oobread
• Fix crash in vtable analysis on UB
• Fix 4 byte oobread in msp430 disassembler
• Fix null deref in macho parser
• Fix oobread in java parser
• Fix oobread crash in java parser
• Revert "Prefer memleak over usaf in io.bank's rbtree bug
• Revert "Properly fix the UAF in r_io_bank_map_add_top
• Fix oobread and null deref in symbols file parser
• Revert "Prefer memleak over usaf in io.bank's rbtree bug
• Revert "Properly fix the UAF in r_io_bank_map_add_top

debug

• Cleanup dbg.trace config vars and better error messages
• Software breakpoints fail on m1, lets just enable hwbp by default
• Add d: to run the cmd callback of the debug plugins
• Fix #19966 - Reset seek in r_debug_execute() to real PC

disasm

• Fix disp[ep] regression for v850.np
• Handle comments from analop.ptr, not only for call ops
• Add a parse plugin for tweaking references to r0
• asm.sub.names requires a flagname of strlen > 4
• Honor asm.syntax=att in asm.arch=s390

doc

• Add ubuntu22, kali, haiku and voidlinux as repology badges
• Update ae?? esil keywords help message
• Update README and add doc/devdebug.md

emu

• Fix st.b and stsr esil for v850
• In the V8xx families the R0 is a WTG register
• Make ESIL TODO messages go thru R_LOG_DEBUG instead

emulation

• Fix st.b and stsr esil for v850
• In the V8xx families the R0 is a WTG register

esil

• Fix invalid shifts on esil emulation
• Initial implementation of the v850 prepare/dispose
• Deprecate ESIL's $r and S2D keywords
• Tiny fixes for the v850.np esil

fs

• Implement my command and fix help messages for m subcommands

hash

• Fix argument ... with mismatched bound [-Warray-parameter=] warnings

io

• Fix potential bug in r_io_nread_at
• Fix the io.rbuf plugin (broken since 2017)
• Add the io.xalz plugin
• Honor io.cache in r_io_is_valid_offset()
• Fix some TODOs in libr/io/io_bank.c
• Revert "Fix use-after-free in iobank rbtree usage
• Fix map boundary adjustment in r_io_map_add and r_io_map_add_bottom

io"

• Revert "Fix use-after-free in iobank rbtree usage

json

• Initial support for JSON help messages
• pdrj: change JSON output, group instructions by basic blocks

lang

• Find python3, python2 and python in PATH on #!python

print

• Implement ax, to list xrefs using RTable
• Improve ascii art output of pfb
• Initial implementation of pfb, binary formatting
• Use wx+ instead of wx;s+16 in pc* command

projects

• Create a struct for rvc state
• Fix ax\x00 glitch causing projects to be noisy
• Pc without argument uses prj.name if defined
• Save and restore the register values
• Add P* and P! to dump script and run shell in project dir
• What's bool stays bool, makes eval changes more consistent
• Fix serializing macros (* using ; instead of ,
• Fix #20040 - invalid char bug in afl* when function names contain ';'
• Dont save dir. variables in project scripts
• Make P command follow the r2 philosophy for consistency
• P+ is now an alias for Ps for consistency with P-
• Dirty anal on user comments

r2pipe

• Fix #19606 - Dont route the RCore.cmdstr() when there's a redirection >

refactor

• Move mcore into anal
• Move asm.s390* into anal.s390* and fix aod when not using asm plugins

refactoring

• Move mcore into anal

search

• Implement search.in=flag

shell

• Implement gLj and Lgj for listing egg plugins in JSON
• Implement Llj and #!?j for rlang plugin listing
• Implement Lpj for #19982
• Implement Lmj and mLj to list r_fs plugins loaded
• Implement Lij, Ltj and Lhj (via the new phj)
• Implement LDj command to list decompilers installed in json
• Fix bug when loading an r2 script with '.'
• Don't ignore invalid subcommands of i
• Add help for V?
• Implement and document iz* and izz*
• Add help messages for ms mp mL mo commands
• Handle pd1 and pi1 (imm without space)
• Handle ? in all the dc subcommands
• Add JSON output for r2 -V
• Rename anal.cpp.abi to anal.cxxabi, and add options for dbg.malloc
• Handle Loj and Lij as alias for iLj and oLj
• Add R2_COLOR env var for r2 when setting up scr.color
• Fix help message for the ?= command
• Better error handling in pushd/popd
• Fix #19830 - implement pushd/popd commands
• Implement 'mktemp' syscmd command
• Add missing help for ++, -- and r2pm
• Implement .. as an alias for s..
• Fix #19973 - Add - and + commands as alias for s- and s+
• Initial import of the WIP sh interpreter
• Implement proper dyslexic subcommands for La/aL
• Use more RLog, and add log.origin
• Show proper error when no function found in afv

tests

• Dont let r2r -o overwrite files
• Add test for 'q' return code bug and minor cleanup r2r
• Support gmake in the testsuite (BSD runs)
• Add 8051 disassemble/reassemble checks

tools

• Improve binary input handling in rasm2 with 0b and Bx
• Fix #20030 - Add binary input support for rasm2
• Check for hexpair keyword before adding a null in rafind2

types

• Typedef facility under t for pf support
• Proper use of the SDB api in anal/type.c
• Fix C types parser on unknown archs

util

• Add R_LOG_DISABLE hint for extra debugging
• Fix bug and optimize deletion in new rbtree api

visual

• Improve ec bgprompt in V: shell
• Fix #20049 - '.' in stack panel seeks to SP or BP if unset

webui

• Better material webui disasm defaults
• Fix scr.color=3 glitches in the html filter
• Fix /index missing icon and update project commands used
• Remove broken and outdated graph webui
• Update the www/m webui with latest versions of all the frameworks

write

• wb -> wX, wb = write big endian bits in byte

Authors

Apkunpacker Dennis Goodlett Fernando Domínguez Francesco Tamagni Lazula RHL120 SeanH Sergi Àlvarez i Capilla condret junchao-loongson max-lv mdolmen n01e0 pancake pancake

Changes

analysis

• Fix comma separated args in r_anal_function_format_sig
• Skip more types of call instructions on linear emulation
• Add missing 'direction' field in the output of aoj
• ar command using ->anal, otherwise for non-debug builds that fails
• Allow abt to handle addresses in the middle of basic blocks
• Handle addresses in the middle of basic blocks in abf
• Implement 'abf' command to list incoming bbs
• Run 'aap' before 'aae' on arm64 binaries in 'aaa'

bin

• Hide some dyldcache parsing error messages and improve string filtering
• Fix infinite loop in strings and better use of is_breaked()
• Handle ^C when loading dyldcache binaries
• Show friendly warning when loading without R_DYLDCACHE_FILTER
• Fix two more oobread bugs in the dyldcache plugin
• Fix oobread crash in the rebasing method of dyldcache
• Fix negative allocation attempt in izz that will surely fail
• Fix mach0 class 64bit address sorting bug
• Show 'missing X info' error in rabin2 -H
• Warn the user when no header fields are found
• Fix rebasing Mach-O DYLD_CHAINED_PTR_64
• Add support for parsing swift metadata from macho binaries
• Assume all machos are made by clang
• Honor baddr=0 in RBin, as it's done for RIO
• Fix oobread in symbols header parsing

build

• Add missing loongarch for the meson
• Add support for Visual Studio 2022 (community+enterprise)

ci

• Disable offline builds
• Ignore asan memory leaks when running the tests
• Run the tests for non-debugger builds

crash

• Fix null deref in code meta commands
• Fix oobread bug in NE parser
• Fix null deref in ne parser
• Fix #19940 - infinite loop in x/i on invalid instructions
• Fix oobread and unaligned casts in the NE entrypoint logic
• Fix random segfault happening with wrong null preconditions in iobank
• Fix UAF in aaef
• Fix oobread in NE parser
• Fix null deref in the ne parser
• Fix oobread in dyldcache
• Fix another oobread in the NE parser
• Fix another oobread segfault in the NE bin parser
• Fix oobread segfaults in the NE bin parser
• Fix oobread in the macho parser
• Fix 1 byte oobread in the cris analysis plugin

crypto

• Fix undefined behaviour bugs in serpent crypto algorithm

debugger

• Apple Silicon can hwstep

disasm

• Fix #19876 - Smarter local variable and argument sorting
• Show args before vars in afv summary also in pd

egg

• Initial WIP implementation of the ESIL backend for ragg2

emulation

• Fix aeim on --without-debugger builds

esil

• Fix 'aeb' emulating the right instructions
• Fix PPC ESIL of addis instruction
• Honor esil.maxsteps in more commands and stop earlier when no =PC
• Add esil.maxsteps to avoid infinite emulation loops

json

• Fix aeabj output which returned different information than aeab
• Instruct drrj to not emit ansi escapes to not damage

print

• Fix pief printing N bytes instead of N instructions
• Add psa command to print any kind of string
• Support relative pointer resolution in pxr
• Implement pfP for relative pointer format memory formatting
• Add pfW for signed short format

projects

• Add an error return to r_core_project_cat

r2pm

• Increase commit log from 3 to 10 in

search

• Initial implementation of the aavr command

security

• Add sandbox checks for the debugger io plugins

shell

• Fix infinite loop in -1 command
• Improve wz help and error handling
• Run r2pm from core internally
• Fixes for the Trim.args() for ?e
• Handle ^C in fg and improve ^C in pd
• Lowercase all the help messages for consistency (2)
• Honor escaping semicolons in macro definitions
• Lowercase all the help messages for consistency
• Use standard help api for aeim too
• Add the cmp command to compare two (alias) files
• Implement 'curl' command
• Implement @c: temporal seek operator
• Add r_core_return_code() and use it
• Fix glob matching in several cases
• Use strstr instead of rstr.glob for now in @@
• Fix seek history for the 's..' partial seeks

signatures

• Update byte signature flag name
• Fix autoloading of

tools

• Add rahash2 -J for simplified single object name=hash output
• Allow rahash2 -a to be passed multiple times

types

• Fix #16335 - tp not handling blocksize properly

util

• Add tests for the code tokenizer and fix <<= assignments

visual

• Visual color theme editor available from panels

zign

• Fix bug in z/, that creates misplaced functions

Authors

Dennis Goodlett Dennis Goodlett Jules Maselbas Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aandersonl aemmitt-ns pancake pancake

Changes

anal

• Remove the hexagon from anal
• Save sp,bp,src,dst in heap outside the loop
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Do not perform var/arg analysis on Java/Dalvik
• Add missing eiz/riz registers for x86 and x64
• Add mermaid output to all ag commands
• Add an* and fix many other conceptually broken logics in an

analysis

• Remove the hexagon from anal
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Add missing eiz/riz registers for x86 and x64
• Add an* and fix many other conceptually broken logics in an

asm

• Fix #19489 - Implement assembler for jrcxz

bin

• Add help for the CL command
• Cache file_exists when iterating over the source files
• Complete DWARF4 register mappings

build

• Only build library archives when -Dblob is provided
• Fix some static meson blob dependency leftovers
• Fix sys/release-notes when HEAD a tagged
• Make -Dblob=true statically link all r2 libraries

ci

• Publish r2blob-w64 on release and fix artifact name

crash

• Fix heap OOB read in macho.iterate_chained_fixups
• Fix UAF in aaaa on arm/thumb switching
• Fix buffer overflow in asm.nbytes, add hard limit to 64
• aaef on arm/thumb switches causes uaf
• Break large loops when method name resolution fails

debug

• Improve help message for dd? and autocomplete
• Add 'dd+' to open files in the child process as read-write
• Fix unitialized buffer read bug enumerating process files
• Add ddf command
• Fix dd command and update tests accordingly
• Skip wired-to-ground registers in dr=
• Fix drj in debug mode

disasm

• Fix #19838 - Show pins in the disassembly as comments
• Improve the way asm.nbytes plays with asm.flags.inbytes
• Fix issue in asm.tabs.once causing iaito to trim instructions

doc

• Update the Windows build instructions

esil

• Add ESIL for x86 SSE float instructions
• Implement 'aeb' using APIs instead of commands
• Add aaepa command to set all unknown imports as ret0
• Fix aecs and add test emulating hello world without libc
• Add aaep and extend aep to support pin specific commands
• Implement ESIL for the Stlxr arm64 instructions

fix

• Fix undefined behaviour in RVector, RPVector, RInterval and container_of

print

• Initial import of the code tokenizer

refactor

• Lots of cleanups to reduce the regressions in TCC
• Dont use != NULL as its implicit in C, even for bool casts

shell

• Improve help message for psz, aek, aae, aep, aer and aex commands

tools

• Use R_SYS_BITS by default in rasm2

visual

• Fix back scrolling in the decompiler pane in panels
• Improve panels prompt drawing the bottom box line one line above
• Add scr.notch to blank N lines on top of the screen
• Improve panels interactions with decompiler frame
• Record seek history when cliking around in panels
• Fix blank decompiler issue when clicking randomly in panels

windows

• Add w64-static builds in the CI
• Add 'configure.bat static' argument to build r2blob.static.exe
• Fix meson -Dblob=true builds for static
• Fix r2blob for windows

Authors -------

Dennis Goodlett Dennis Goodlett Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aemmitt aemmitt-ns archcloudlabs pancake pancake pkubaj

Changes

anal

• Handle jump tables in agfm
• Add agfma to get assembly in mermaid graphs
• Add agfm command to print cfg graphs using mermaid syntax

analysis

• Add agfm command to print cfg graphs using mermaid syntax

bin

• Find strings on maddr'd binaries with izz
• Fix wide32 string detection that caused to miss other ascii strings
• Fix large loading times in macho parser
• Fix slow loading times for small ELF sample

build

• Fix #19726 - fix meson definition order issue when using syslz4
• Add rasm2 and rax2 wasi/wapm packages
• Build fixes for wasi/wapm/wasm and update sdb

charset

• Add initial support for katakana

crash

• Fix timeout analyzing a small class reported by clusterfuzz
• Fix DoS in PE/QNX/DYLDCACHE/PSX parsers
• Fix DoS in kernelcache bin parser
• Fix oobread in macho core symbolication
• Fix null deref in bin.symbols
• Fix DoS in the minidump parser
• Fix DoS on macho parser spotted by scan coverity
• Fix heap buffer overflow in dyldcache parser

debug

• Add support for powerpc, powerpc64, powerpc64le and riscv64 on FreeBSD

disasm

• Honor ArchInfo.opalign in pia
• Fix #19610 - Honor minopsz in pia

esil

• Add some sign extend to some v850 st/sst insns

print

• Fix #19729 - Make pswj consistent with psw output
• Fix #19739 - Fix oobread in pv* and fix bug in pvj

shell

• Add aot command to show instruction types (like /atl)

visual

• Restore and revert blocksize in V:
• Fix #19737 - Handle ESC and space in the ascii hex column

Anderson Angel Diaz Anton Kochkov Bernhard M. Wiedemann Dennis Goodlett Florian M Nerijus Bendziunas PauRE Sergi Àlvarez i Capilla nemarci pancake pancake wargio

api

• New r_inflate_lz4 API to reuse LZ4 across all libs
• Support building with system-provided lz4 library

asm

• Support assembling the cmn, teq and tst arm32 instructions
• Fix oobread bugs in cr16 disassembler
• Fix pop [rsp] emulation for x86 

bin/io

• Add ELF reloc patching for R_386_32 and R_386_PC32
• Handle SH, MIPS and ARM in COFF binaries
• Initial support for XALZ binaries from Xamarin
• Fix ihex:// io parser as it was not working

ci

• Partial #19687: Add release github actions workflow
• Publish FreeBSD artifacts and purge the srcdir

cons

• Fix 'disable mouse' ansi code
• Minor rgb.parse optimization and remove the use of sscanf in pal.c
• Fix visibility issue in the bluy theme

crash

• Properly fix the UAF in r_io_bank_map_add_top
• Early break when parsing corrupted DEXs to avoid DoS
• Fix oobread in pxj
• Prefer memleak over usaf in io.bank's rbtree bug
• Fix DoS in MACHO parser spotted by clusterfuzz
• Improve boundary checks to fix oobread segfaults
• Fix DoS when loading a fuzzed DEX file
• Fix UAF in pyc parser
• Fix negative index in anal.arm64.cs
• Fix bins/*/rep8 - UAF crash in pyc parser
• Fix oobread segfault in java arith8.class
• Fix java oobread in id_000000,sig_06,sync_m1,src_000048

panels

• Fix panel focus glitch
• Fix overlapping titles on small frames
• Close menu when a different decompiler is selected

shell

• New 'w+' command, to write a string and seek at the end
• Fix parsing of 'ra?' and 'r0x' subcommands
• Add prgl command to decompress current block using lz4
• Fix Negative Offset in Hexdump Json Output

Authors -------

Adrian Laskowski Apkunpacker Claudemirovsky Dennis Goodlett Francesco Tamagni Lazula RHL120 Roman Valls Guimera Sylvain Pelissier aemmitt-ns gogo2464 junchao-loongson lasek0 meme pancake pancake

Changes

abi

• Move asm/wasm into anal, and add new opasm() callback

anal

• Simpler var counting API
• Add support for x86-32 callpop artifacts
• Add ablc, ab-, Fix and optimize in af- and aafs
• • Add ablc, ab-, Fix and optimize in af- and aafs
• Fix 'afls' and add tests
• Fix heap overread in loongarch when len < 4
• Add axl command for consistency with afl for 'axlc'
• Fix reference order and use the API in sixref (2x faster)
• Initial implementation of the 'aafs' command
• Add support for the new loongarch architecture
• Improve the v850.np analysis, fix all call refs

analysis

• Simpler var counting API
• Add support for x86-32 callpop artifacts
• Add ablc, ab-, Fix and optimize in af- and aafs
• • Add ablc, ab-, Fix and optimize in af- and aafs
• Fix 'afls' and add tests
• Add axl command for consistency with afl for 'axlc'
• Fix reference order and use the API in sixref (2x faster)
• Initial implementation of the 'aafs' command
• Add support for the new loongarch architecture
• Improve the v850.np analysis, fix all call refs

api

• Add r_core_help_match() to get help for a specific command

arch

• Initial import of the evm.cs plugin

asm

• Handle instruction operands in wasm.asm
• Refactor, improve and move chip8 support out of libr/asm

bin

• Parse relocs from Mach-O chained binds if no opcodes
• Add support for rebasing ARM64E_USERLAND24 chained format
• Fix isqq. command
• Fix #19541 - Fix null deref and stack exhaustion bugs in the kernelcache
• Implement iS, command (table query format for section listing)

build

• Fix #18621 - Specify ABI version to be X.Y instead of X.Y.Z
• Add 16GB pagefile for the windows ci
• Simplify meson logic and use ole's PR to fix Windows
• Add CI job to verify builds with system-wide capstone
• Use system capstone if available in sys/install.sh
• Fix ios-sdk compilation
• Bring back the 32bit builds for Cydia
• Use api9 for android-arm builds to bring back Kitkat support

charset

• Add iso8859_1

cleanup

• Remove globals from tcc code

cons

• Use static RThreadLock in cons
• Dont SIGINT in RCons when used in a thready way
• Improve the 'fc' command to unset and get color flags easily
• Add scr.theme and Lt commands as alias for 'eco'
• Improve the basic theme
• Fix all the known issues in the ayu theme
• Honor jmp/call argument colors by type

core

• Fix #19628 - wx+ as an alias for wxs
• Mark all globals (or most of them) as TLS variables
• Make RCons thread-friendly
• Fix race conditions in RCoreTasks
• Rewrite r_list_uniq with a faster algorithm

crash

• Fix null deref in xnu.kernelcache
• Optimize and fix heap overflow in asm.tabs using RStrBuf

debug

• Expose the 32bit arm reg profile on 64bit hosts

disasm

• Workaround to handle seg:off on x86_16 due to a capstone bug
• Fix #15473 - Align meta dwords in the middle of instructions
• Improve reg detection in asm highlighting + add test
• Fix reg/flag detection in disasm colorization
• Initial import of the v850.np plugin
• Handle anal.cpu=? and fallback for asm.cpu when no asm plugin
• Add asm.bytes.opcolor configuration option

doc

• Add 'first session' example in the README

esil

• Disable ESIL macros and add reproducer test
• Add helper function for pending macro handling
• Improve EVM analysis and update tests
• Macrofication of the '+=' and '-=' esil operations
• Add support for list12 logic in the v850.np distillation
• Fix esil for bnd jmp x86 instrs and cmn arm instrs
• Implement ESIL on more instructions for v850.np
• Handle ESIL in more v850.np instructions

help

• Fix helps for aan? aaf? and aes?
• Fix help for the 'aaa' subcommands

io

• Fix use-after-free in iobank rbtree usage

panels

• Autoset cache flag on whitelisted panels on create
• Fix #19410 - Fix cursor mode regression

parse

• Use static RThreadLock in TCC

ports

• Add basic support for loongarch

print

• Add 'pFB' command to use the new BPLIST parser
• Add scr.color.ophex to colorize 'px' with opcode type
• Honor flag colors in 'px' hexdump
• Fix pxa@e:hex.compact=true and add tests
• Improve the way color flags are handled
• Improve pcc output and add a test
• Add 'pcc' command to print block as C char*string
• Fix pdsf?, forbid V? and remove newlines in pxA?

projects

• A better way to check if a project has been saved
• Add prj.sandbox to enable experimental sandboxed project loading

r2pm

• Initial implementation of r2pm.c

refactor

• Use stdint like if there was no yesterday
• Remove asm.hexagon, anal one is enough
• Remove asm.ebc and merge disasm into the anal

search

• Implement /aF and /aFd to search for instructions in functions
• Add Rabin Karp algorythm to
• Add r_search_maps to
• Search adjacent maps together
• Move /e to new search API
• Fix bug in regex searching
• Add longest field to RSearch
• Add r_search_upate_read API

security

• Implement fine grained sandbox control

shell

• Implement rarun2 time=true attribute

tests

• Initial implementation of the dummy benchmark

tools

• Fix R2PM_DEPS handling in r2pm -ci

util

• Fix: Mark r_print_format globals as TLS
• Add atomic primitives for Windows
• Add safe static lock initialization
• Improvements and fixes for the threading APIs
• Introduce r_strf and stop using sdb_fmt

visual

• Fix #19409 - Close menu after creating a new panel from it
• Handle vE as in VE - edit color theme
• Fix fast jump with ahc on register calls

windows

• Use I64x instead of llx format strings for mingw builds too

write

• Add ws1, ws2 and ws4 commands for variable size pascal strings

## Authors

• Claudemirovsky (linking issues)
• Dennis Goodlett (search + signatures)
• Francesco Tamagni (dyldcache)
• Lazula (pD and git pull issues)
• condret (crash in omf command)
• gogo (8051 assembler and AVR disassembler improvements)
• pancake pancake (everything else)

Changes

Architectures support

Changes related to disassembly, assembly and analysis:

• Use cs_disasm_iter in anal.x86.cs to use less heap and speedup analysis and disassembly
• Disable the disassembler logic in the asm plugin for 8051
• Handle jbc [reg] in 8051 assembler
• Handle registers on push on 8051
• Improve pD, reading too many bytes on loop
• Better Analysis plugin handling from the asm module

Binary parsing

• Dont depend on case-sensitive FS to load the DLL sdbs
• Support Mach-O DYLD_CHAINED_PTR_64_OFFSET format

Build/ CI

• Check for an existing upstream remote in install scripts
• Fix libr_lang linking issue (introduced in 5.5.2)
• Do not remake on modules with d/ (faster 'make' builds)

Search

• Cleanup public API for
• Add JSON output to zb commands

Security

• Fix #19476 - heap overflow in aao
• Fix #19478 - null deref in symbols file

Authors -------

Ashwin Kumar Dennis Goodlett Lazula Octavio Gianatiempo Richard Liu Rick de Jager Sergi Àlvarez i Capilla aemmitt-ns aviciano condret gordon-quad meme meme pancake pancake slowhand99

Changes

ARM/THUMB

• Fix #19464 - incorrect assembly for adrp on arm64
• Use null plugin when using unexistent asm plugin
• Handle more ELF relocs for ARM binaries
• Fix #18967 - Fix emulation for the mov-pc thumb instruction

Binary parsing

• Add Plan 9 symbol parsing
• Fix PE Metadata header name parsing (.net related)
• Add bin_xtr.xtr_pemixed for PE user plugin

build

• Use remote URL for git pull in install scripts
• Enable mingw32/mingw64 builds in the CI (new first class platform)

cons/ui

• Improve the snow experience in panels mode
• Add eco! and eco* and sort eco listing
• Show prev nodes in graph.few
• Improve cursor up/down in visual disasm when code is analyzed

crash

• Fix invalid pointer read issue in dwarf parser
• Fix #19455 - Negative tainted offset used in buffer for pyc causing oobread
• Fix #19448 - Fix atoi on non-null terminated string in PE section headers
• Fix #19446 - null derefs in the x509 parser
• Fix #19443 - UAF in marshall null object
• Fix #19442 - Fix heap underflow in pyc marshalling
• Fix #19444 - Null derefs in PE signature logic

Other

• Fix #19463 - io write error reporting regression
• Fix #19473 - Support libc filename w/o version for heap analysis
• Fix Dalvik’s esil conditionals
• Initial support for VLIW on hexagon
• Fix infinite loop in r_str_replace

Diff / Signatures

• Implement symbol name list diffing in radiff2
• Fix zj vars output
• Add binary search alg to pvector

r2pipe

• Fix r2pipe.cmd("Z") when command fails returns no output
• Updated R2pipeSide support for Go and V

Authors

0mhu Abdelrahman Eid Antoni Viciano Dennis Goodlett Fernando Domínguez Francesco Tamagni Jose Antonio Romero Lazula Murphy RHL120 Sergi Àlvarez i Capilla SkUaTeR Sylvain Pelissier aemmitt-ns condret devnull850 dogtopus hot3eed junchao-loongson meme murphy pancake pancake rhl120 thymol0

analysis

• Check if ax[ft] argument is valid before showing xrefs to 0
• Implement axtm, axfm and add helps for axf? and axt?
• Improve debug message when misleading a function name
• Add serialization API for vars
• Improve sixref plugin UX
• Copy the z80.archinfo into the gb plugin
• Honor (min|max)-opsz and buffer bounds in aar
• Hide the 'no calling conventions' warning and add =R0 for x86
• Improve the reg profile for python
• Fix crash when using the pyc disassembler without pyc bin
• avr requires aeim before aaaa to not assert
• New 'avg' command and RAnal.global to manage global variables
• Remove unused enum
• Fix tests for RAnalVar function relocation
• Fix variable relocation on ood (#19219)
• Fix 1 bb function analysis with a2f
• Fix null deref when using anal.a2f
• Improve sixref plugin UX

asm

• Add the first multiarch assembler plugin: vasm
• Initial implementation of the RISCV assembler
• Minor refactors in disasm.c, primarily r_core_print_disasm()

bin

• Use r_str_ndup in another bound check in dwarf
• Fix crash when elf symbol initialization fails
• Always init Mach-O options with defaults
• Add Support For dyld4 Atlas-style Shared Library Caches
• Handle allbins in im, iM, iT, iC, iV, iz
• Implement multidex and proper multibin in apkall://
• Handle allbins for iz, ic, iI, ie and iM
• Implement 'ob *' to select all bins and honor in is,ii,ir,il
• Add MSX rom/bin parser plugin and test
• Fix some null checks around the open_many apis
• Implement 'is,' for table query for symbols
• Handle the ARM32 COFF case
• Improve swift demangler and add bin.demangle.trylib config
• Initial implementation of the HUNK file parser
• Detect canary on statically linked RT and stripped PEs

build

• Generate bin/d the same way as other sdb paths with meson
• Fix wasi builds and update wapm package in the new dist/wapm
• Respect v35 repos for offline builds
• Dont user latest meson because its broken :D
• Initial work towards supporting mingw32/64 again
• Rename MD5 symbols to prevent OpenSSL collision

cons

• Fix buffer overflow in RConsPixel API affecting the braile renderer
• Improve default theme
• Add scr.prompt.tabhelp enabled by default
• Move more context fields out of the globals
• Move the console flushing decision to the console context

core

• Deprecate the file.openmany config variable

crash

• Fix null deref in r2 -c 'oc 3' -
• Fix #19178 - UAF in aaft when anal.detectwrites is enabled
• Wrong bounds initializing dwarf dies (tests_64901)
• Fix oobread in z80 disassembler (tests_65081)
• Fix oobread crash in the ELF parser (tests_64931)
• Fix oobread crash in DWARF's parse_die (tests_64926)
• Save and check the reg arena size when peekpoking (Fix tests_64923)
• Fix oobread crash in DWARF parser (tests_64922)
• Fix oobread crash in dwarf parser with non-null terminated strings
• Fix oobread crash in DWARF parser (tests_64924)
• Fix oobread crash in the analysis loop with corrupted ELFs (tests_64928)
• Fix uaf crash in aaft (tests_64927)
• Fix UAF in aaft (tests_64923)
• Fix oobread in VAX disassembler (tests_64920)
• Fix oobread crash in RAnal.hexagon (tests_64900)

crypto

• Remove global usage in AES encryption
• Add AES Key Wrap Algorithm

debug

• Make the macOS debugger more stable
• Handle PPID on macOS debugger

diff

• Add ci commands to compare two rbinobject data

disasm

• Add disasm+decompiler side by side api for the codemeta api
• Use hints to follow dwords
• Add armv7 to the arm.v35 plugin
• Fix pdi~invalid bug, at least when bbsize > 32
• Add support for the ALPHA disassembler
• Add PDP-11 disassembler support from binutils

esil

• Improvements on the arm64.v35/cs plugins
• Kill esil [], []= and related operations
• Fix r2wars regression with REP cycle detection
• Use sdb_itoa instead of snprintf for emulation

fs

• Always use b64 encoded filepaths on the fs.io calls

help

• Add help for the an command

io

• Add r_io_map_add_bottom
• Fix mapslit in r_io_map_add
• Remove r_io_map_new from public API
• Free maps on r_io_maps_fini
• apk:// is the new apkall:// (add AndroidManifest.xml)
• Use io banks by default
• Speedup repetitive access to the same submap in io banks
• Speedup r_io_map_get (O(2n) => O(2))
• Add iobank support to r_io_read_at_mapped
• Use new rbtree API in io_bank.c
• Fix io bank cmp cb functions
• Refix r_io_submap_set_to (typo)
• Enable io bank support in r_io_map_resize
• Kill r_io_map_location
• Enable io bank support in r_io_nread_at
• Implement r_io_bank_{read_from/write_to}_submap_at
• Enable io bank support in r_io_v{read/write}_at
• Enable io bank support in r_io_map_depriorize
• Implement new r_io_desc_get_byuri() API
• Enable io-bank support in r_io_map_get_paddr
• Enable io-banks for r_io_map_del_for_fd
• Fix return value in io_default close entry
• Fix resource leak and logic bug in r_io_reopen
• Check for access bytes in r_io_bank_{read/write}_at
• Enable io-banks support in r_io_map_remap
• Enable io-bank support in r_io_map_new
• Kill r_io_map_add_batch
• Remove unnecessary return val from r_io_map_del
• Enable io-bank support in r_io_map_del
• Rename r_io_map_next_available to r_io_map_locate and add use_banks support
• Kill r_io_map_next_address
• Improve r_io_bank_locate for replacing r_io_map_get_next_available
• Add alignment support to r_io_bank_locate
• Enable io banks in search; Kill search.in = io.sky.*
• Add 2 comments for clarification
• Improve "om"-command, show '*'-marker for current map
• Implement map depriorization in io banks
• • Add r_io_bank_map_add_bottom and r_io_bank_map_depriorize
• • Fix potential bug in r_io_bank_update_map_boundaries and add some comment for clarification
• Some cleanup and code deduplication
• Fix oob write in r_io_bank_{read/write}_at
• Fix omb-command map ids
• Initial io.banks management commands
• Rename r_io_bank_update_map_location to r_io_bank_update_map_boundaries and make it useable for map resize (siol eternal)
• Some code cleanup (siol eternal)
• Use incremental timestamp on map creation instead of real ones (siol eternal)
• Implement r_io_bank_update_map_location (siol eternal)
• Use r_list_iter_get_prev (siol eternal)
• Implement r_io_bank_delete_map and fix some bugs (siol eternal)
• Add r_io_bank_drain (siol eternal)
• Implement r_io_submap_set{from/to} (siol_eternal) #18476
• Implement r_io_bank_write_at (siol_eternal)
• Implement r_io_bank_read_at (siol eternal)
• Constify bankid and mapid in io-bank api (siol eternal)
• Imnplement r_io_bank_map_priorize (siol eternal)
• Speedup r_io_bank_map_add_top (siol eternal)
• Add missing NULL-check (siol eternal)
• Fix potential segfault (siol eternal)
• Adjust codingstyle in libr/io/io_map.c (siol eternal)
• Implement r_io_bank_locate (siol eternal)
• Implement r_io_bank_map_add_top and r_io_bank_get (siol eternal)

print

• Add lowercase seven-segmented-ascii-art alphabet for ?ea
• Implement ?ef = echo framed text command
• Add pve command to print values on any endianness

projects

• Fix a problem serializing vartypes causing analysis info lost
• Add .rvc_ignore
• Add an rvc clone command

refactor

• free/fini methods should return void
• Cleanup and boolify some more debug apis
• Boolify RIO.close()
• Minor refactors in disasm.c, primarily r_core_print_disasm()

rvc

shell

• Don't check for decompilers in $PATH
• Honor console width in ls and fix lsj,lsq,lse
• Add 'dir' command as an alias for 'ls'
• Permit ending '%' in the env keys for % and @%
• Handle 'git' command (from system PATH)
• Better subcommand error messages for @@, @@@ and @@@@
• Add @@@R to iterate over relocs

signatures

• Add help message for zac
• Fix bugs in types validator
• Fix validation of next sigs
• Fix leak in sig serialization
• Simplify deserialization of byte
• Add more information to var
• Simplify types storage in r_sign
• Refactor r_sign
• Add return type to zj
• Auto-rename name collisions in

tests

• Enable R2_DEBUG_ASSERT=1 in r2r
• Assume tests without FILE= just open -
• Show instruction and bytes when failing asm tests

types

• Optimize 'aaft' command, still far from fully optimized
• Remove ctype.c 2yo deadcode
• Add more types and skip some parse errors in to

util

• New API to get fist hex bytes in str
• Fix signed overflow in r_buf_fread_at
• Fix UAF in new rbtree api and improve a varname
• Port https://github.com/leiless/jw_rbtree to r_util (#19252)
• Implement skip RTable filter
• Implement ternary support for numeric input
• Handle base64: prefix in the wtf command

visual

• Dont loose scroll position when selecting new panels
• Handle the .r2s extension for visual slides
• Implement RCore.visual_slides()
• Fix defining meta backwards in disasm
• Use RUtil.Str.ss in disasm when scr.demo is set
• Fix #18384 - Visual arg/var management not working sometimes
• Fix Vvv output for stackpointer based vars
• Implement ?ea and ~?ea to use the seven segment ascii art text rendering

Authors

Alex Bender Apkunpacker Azox Davide Pizzolotto Dennis Goodlett Enshin Andrey Ilya Trukhanov László Vaskó Maijin Murphy Paul I RHL120 Royos90 Sylvain Pelissier aemmitt-ns gogo hot3eed lasek0 pancake pancake

Changes

anal

• Properly stringify the RAnalOP.type field
• Implement aaff command and improve aaf? help message
• • Extend afj command to handle all jump table parameter options
• Implement 'afs*' command to export function signature info in r2 commands
• Fix afsj, taking signature args instead of fcnargs in json
• Initial import of the arm64v35 disassembler and analysis plugins
• Optimize infinite loop on non-quantum computers
• Avoid assert on avr's null cmpreg test
• Finish the tolowering of anal.noNULL
• Fix aef and aaef to actually find xrefs at least

asm

• Fix #18813 - Cannot assemble cmp w26, 0 in arm64
• Fix #18876 - Check imm bounds for some instructions in the x86.nz assembler
• Add pushf/popf instructions to x86.nz
• Use RAnalBind in RAsm to reuse RAnalPlugins to disassemble
• Update ARM64 arm.sdb.txt opcode descriptions from documentation
• Update the VAX disassembler from binutils

assembler

• Fix #18872 - New command 'wan' to write and nop affected instructions

bin

• Fix #18783 - Support ELFs with phnum > 0xFFFF
• Allow RBinPlugins to use RBinFile at check()
• Initial support for the TIC-80 Fantasy Computer cartridges
• Replace SDB with HtPU in RBin.filter_name()
• Put archinfo.{minopsz,maxopsz,align} in the output of i
• Implement ELF relocs for VAX

build

• Add portability support for Vinix
• Add meson support for the anal.arm.v35 plugin
• Add preconfigure/configure/make batch scripts for Windows
• Initial import of ./preconfigure for packaging purposes
• Improve the macOS packaging scripts
• Import radare2-win-installer files into dist/windows
• Fix meson build and proper use of cgen
• Fix system() on arm64 macOS targets (#18877)
• Initial support for capstone-less compilations
• Build and publish the ZIP with the WASI bins
• Add initial support for building r2 on WASI

ci

• Version the artifacts

cons

• Dont check out of bounds last chars
• Honor faster ^D on interactive execution path
• Fix arrow handling after fixing mouse clicking glitches

core

• Honor bool in io.va, scr.interactive, scr.prompt and cfg.fortunes
• Optimize and improve r_name_filter calls
• Add &w command to wait and run for queued commands
• Implement &: for queue commands
• Implement @@== foreach word iterator operator

debug

• Fix the windows debugger and make it more stable
• Add tests for the improved signal handling messages
• Change the way wait events are handled in the unix-debug backend
• Add 'sigstr' to the 'di' output for verboser stop reasons
• Add RSignal.toHuman() and improve RDebugReason.toString()
• Use DRX APIs to handle breakpoint recoils only on x86-64

disasm

• Support arch.* namings for the parse plugins
• Better x86.pseudo and varsub for strings
• Fix r_str_ansi_len() causing unaligned 'unaligned' words
• Improve invalid address and string parameter issues in emu.str and pd comments
• Improve x86.parse for asm.pseudo

esil

• Fix emulation for AARCH64 ldr,str,stp,ldp instructions
• Fix #18860 - mul and imul for *dx operands and 64 bit widths
• Bring back pins to esil land
• Fix POPF POPFD POPFQ not increasing stack pointer
• Add wide and math instr esil for dalvik, pac esil for arm64
• Initial implementatil of ESIL macros

fs

• Add mwf command to write local files into remote targets

io

• io.plugin.lseek -> .seek for portability (wasi related) (#18840)

panels

• Add xX key descriptions in the help message

print

• Improve the pdc output to allow recompilation
• Initial implementation of the pdo esil2c output

projects

• Dont save projects when no project is used
• Exclude files of nested rvc repos from repo_files()
• Use r_sys_whoami as the author name for r_vc_commit
• rvc add r_vc_find_rp
• Rework r_vc_checkout and fix some mem leaks
• Rework the rvc_commit functions
• Take advantage of prj.vc.type and merge rvc & git
• Fix r_vc_commit and other functions
• Major rvc api refactor to use sdb

rvc

• Fix memory leak and infinite loop in r_vc_find_rp

search

• Implement /ck command to search for crypto constant tables
• Rename /cu UDS CAN table search to /ru command
• Add PGP search for signature and RSA encrypted private keys (#18961)
• Add /cg command to search for GPG artifacts
• Update tests and add /a[?]q for quiet-legacy mode
• Use pdi in /ad output
• Initial implementation of spp, snp, /bp and /pp to find next/prev preludes
• Add /ab to find backward jumps (mostly loops) and handle ^C

shell

• Autocomplete :. command
• wv1,2,4,8 accept many space-separated numbers now
• Remove other useless and incomplete treesitter leftovers and get +400 new commands in the recursive help
• Remove colons in "?" number conversion output
• Honor < and > comparison operators in RNumMath
• Use RNum.math in "?b" to make '?b 1<<1' work
• Add scr.hist.filter to toggle the filtered history up/down search
• Improved reverse-search in command history
• Faster ^D (leave r2 without freeing the core)
• Completely eliminate the deprecated backslash command
• Add some help and better parsing for the anal hints

signatures

• Add r_sign_metric_search to r_sign.h
• Fix bug in zaf creating zignspace
• Expand r_sign API
• • Use r_sign in rasign2
• Support FLIRT v5 file format compression

tools

• Rename rvc2 to ravc2 to follow the ra*2 pattern
• Add rasm2 -LL to list anal plugins loaded

vc

• Integrate rvc in projects and add a default commit message

visual

• Add context in visual xrefs
• Fix #18843 - Implement Vx[+-] to add/delete xrefs
• Fix glitches when clicking in the hud
• Fix asm.hint.imm keystrokes ignored
• Fix #18292 - Clarify the use of Vdn/Vdr and rename VdR to VdX
• Handle 'o' key for options in panels
• Initial implementation of ~.... for hudline prompt
• Add Vi+ Vi- keys for visual insert byte inc/dec
• Add Vi: keystroke to run commands on insert mode

windows

• Use dynamic api resolution on windows builds for better portability

Changes

anal

• Improve aaaa log messages and avoid aaef to run in debugger mode
• Fix many zero cases in some jump table analysis
• Fix disasm alignment of data words in s390x disassembler plugins
• Fix s390.gnu disassembly and add test for 6 byte instructions
• • Better debug messages instead of r_warn in jmptbl analysis
• Better debug messages instead of r_warn in jmptbl analysis
• Use gperf on anal/d and improve build and checks
• Implement afxm command to show an call refs map
• Apply fix in sixref plugin to be in sync with the latest xref
• Type added: "char**" to SDB, ref #18633 (#18636)
• Fix boundary check in aao to parse more refs
• Fix 'Cannot find return type for' calling convention issues when saving a project (#18638)
• Fix 13482 - Remove anal.jmp.after variable (#18629)
• Improved type propagation analysis
• Fix #18323 - honor anal.calls in aa

asm

• Fix #18619 - Wrong assembly generated for: "add x0, x0, 1, lsl #12" (ARM64)
• Fix rasm2 -w in termux (honor R_SYS_ARCH)
• Fix rasm2 -w in termux (honor R_SYS_ARCH)
• Handle je and jne as aliases for jz and jnz in wao
• Rename sysz to s390 and add the s390.gnu plugin from binutils 2.36
• Update sdb and use of SdbGperf in asm.d
• Switch to Capstone5 as default

bin

• Dont trust the unaligned rich PEs
• Add initial toy IBM S390 Object File Format parser
• Fix #18724 - Use RCharset in rabin2 -z
• Always load bin types as pf. format strings
• Add WAD file parsing (#18659)
• Fix #18679 - UAF when parsing corrupted pyc files
• Fix #18667 - division by zero in the macho parser
• Speedup dwarf loading when no files are found in disk

build

• Fix #12335 - ignore system-installed r2 includes
• Add use_cgen meson option
• Add support for acr/musl-gcc static builds
• Improve the xxhash system library detection
• Make meson compatible with older versions (RHEL8 meson 0.49) (#18684)
• Fix --with-rpath and add CI tests (#18668)
• Collapse all opcode_*.c files into opcode_all.c

charset

• Implement IBM EBCDIC 0037 character encoding

cons

• Fix grep cmd with neg (#18763)

debug

• Add missing =SN and zf for the darwin-arm64 native debugger reg profile
• Fix infinite loop in r2 -c 'ood;ood' -
• Fix dmha output after ood (#18710)
• Fix cast issue in ptrace call, waitpid fix
• Show string version of the stop reason in di

diff

• Add byte signature diff zd

disasm

• Fix #18427 - Sort flags by [sections,formats][other][regs]
• Fix multiline comments in 'pd' with asm.cmt.right=0 and 1
• Avoid the use of sscanf, better parsing and error checking, handling negative switch cases
• Fix #16677 - Honor asm.sub.jmp in pd
• Fix #13200 - Honor anal hints in asm.meta=0
• Swap xref and flag comments as suggested in #18427
• Implement asm.hint.imm and integrate it in visual

emu

• Add arm16 ldrd esil tests
• Implement aeis to initialize argc, argv and envp for emulation

esil

• Fix emulation for ARM's ldrd
• Add 'aev' as an alias for VbE and improve esil debugger
• Fix #18736 - Eliminate REPEAT ESIL command, fix BSF/BSR x64 expressions

hash

• Fix #18727 - Support more hashes in ph

io

• Implement socket:// plugin, inspired by radare1
• Rename tcp:// to tcp-slurp:// and improve help message
• Add io.cache.nodup to not write the same bytes in the cache

lang

• Add GO rlang plugin (#18646)

p…

• Properly report error when trying to use an invalid pd subcommand

print

• Fix empty lines in hexdump with multiple comments in one line
• Support multiline comments in px
• Fix #18309 - Better error messages for the pf command
• Fix #18308 - Fix pf parsing issues and support write on enums and bitfields
• Add help messages for pde pdr pdp
• Implement 'px--' context hexdump command
• Remove assertion in pFA
• Fix #4903 - Handle 'w' in x/
• Improve error message in pa command
• Honor cfg.charset in px and support escaped encoding
• Support null bytes in r_print_raw
• Fix oob crash in 'pri' command

projects

• Fix #18641 prevent overwriting projects with Ps

r2pipe

• Add ===errmsg to support the new r2pipe side

search

• Fix rafind2 issue with small or negative blocksize
• Reset certificate search properly (#18664)

shell

• Fix autocompletion for 'e ' and handle cfg.charset=
• Fix #16674 - Kill ' and \ commands, use ':' for the only alias of =!
• Implement @@@e and @@@E to iterate over entries and exports
• Handle aliased files in wff and wtf commands
• Remove tree-sitter and the r2-shell-parser

signatures

• Consider collision
• Fix bug in graph matching
• Create function when z/ finds byte
• Add R_SIGN_BYTES to metric search (#18703)
• Support zignature collisions with the new zac command
• Fix bugs in mergeItem zignatures
• Refactor output and serialization of signatures
• Make z/ search sigs seen in z*
• Refactor signature matching
• Add byte signature diff zd

tools

• Add rafind2 -L to list IO plugins (same as r2 -L)

types

• Fix #16687 - Handle multiple colon separated paths in dir.types

util

• Add r_rbtree_cont_node_{first/last} (siol_eternal)
• Add size parameter to r_magic_load_buffer

visual

• Fix v;! in sync with V;!
• Check if target is writeable in Vc+-
• Add scr.optimize with experimental optimization ansi routine
• Better v!!!!!!! behaviour
• Add noflush guards to fix visual debugger mode

write

• Implement wcf command to patch file with cache changes into a new file

Alexandr Alexandr Alexis Ehret Alucowie Basstorm Dennis Goodlett Florian M"arkl Francesco Tamagni Khairul Azhar Kasmiran Lars Wrenger Murphy Pamplemousse Paul I RHL120 Reviakin Evgeny Roman Valls Guimera Sylvain Pelissier Taggggy condret el-goe gogo gogo2464 intruder-kat ivan tkachenko meme mio mrglm murphy pancake ramikg soroosh-chabi temp1337 valdaarhun wargio

**anal**

• Use =RS 8 for avr
• Add =RS directive in reg profiles to define default value
• Fix jump table analysis issue for r2ghidra.v850 (#18550)
• Test for pcdelta ARM ldr fix
• Fix pcdelta for ARM esil LDR
• V850 jmptable fix, cmpval is almost always -1 and slows anal to a crawl (#18498)
• Add missing v850 calling convention definition file
• Remove unused type FcnTreeIter
• Fix oobread ppc plugin
• handleMidFlags: Reset ds->midflags on entry
• asm.flags.middle: Don't split bb instruction
• aae: Realign on fcn start if not in bb
• Fix duplicate vtable entries after 'aaa'
• af-*: Remove function flags too
• Fix cX command and minor cleanup
• Fix PSW register bits definition for v850
• Add support for jump tables on v850
• Fix #18284 (json command returning empty string)
• Cd1 Cd2, Cd4, Cd8 are aliases for Cd[1248]
• Fix SN register value for linux-arm64
• Improve reg profile parsing and error handling
• Detect shift for the first switch case
• • Fix gcc 9.2.0 kind of x86_64 jumptables
• New command: aaw, flag all words pointing to known flags

android

• Add r_file_binsh() and avoid hardcoding /bin/sh for Termux

api

• Remove some exit() calls in libr
• Rename r_cons_memcat to r_cons_write
• ABI/API break. RAnnotationCode->RCodeMeta
• Use more r_str_ncpy and improve it to not alloc beyond nullbyte
• Add r_vector_flush()
• Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
• Add r_anal_esil_{syscall/interrupt}_{get/del}

bin

• Parse the symbols from the ELF .gnu_debugdata section
• Support x86_64 and macOS dyld caches (#18570)
• Fix wrong demangling of tiff swab16 bit data
• Use r_bin_import_free() as cb for imports list (#893)
• Improve python disassembler and binary parser
• Fix large loading times when parsing encrypted/fuzzed macho
• Do not consider ELFs with .gnu_debugdata section as stripped
• Fix Mach-O related coverity issues
• Fix coverity issues in xnu kernelcache
• Fix ASAN crash when allocating more relocs than the filesize
• Fix long time analyzing oob objc data
• • Fix long time analyzing oob objc data
• Fix asan crash found in r2_hoobr_dex_loadcode
• Fix oobread bug in r_str_(ndup|nlen) APIs spotted by ASAN in SMD parser
• Fix UAF in rz_bin_reset_strings()
• Fix assert in iSj for invalid size sections
• Minor ELF cleanup, using more size_t and ut64.max instead of 0
• Add Support for new CoreSymbolication element format
• Unset io.cache when not needed after bin.cache
• Fix warning message when loading files with relocs

build

• Move shlr/tcc into libr/parse/c
• Fix meson build issues related to grub (#18554)
• Fix the failure in finding the executing user's ID during install (#18508)
• Add the nogpl meson option
• Fix version not being updated after running sys/termux.sh
• Update doc/license for more clarifications
• Add plugins=nogrub option for meson
• Improve sys/termux.sh checks
• Do not run sys/ldconfig on Android
• Add missing use_fork and use_dylink to meson
• Fix #18397 - Be less strict when running sys/install.sh as root
• Fix debian32 in CI
• Allow custom CFLAGS for Debian packaging
• Add meson -Dplugins=a,b,c to build only the specified plugins
• Fixes to make the r2blob shine again
• Add 32bit Debian packaging and bonus CI fixes
• Add use_ssl meson option to be in sync with acr behaviour

charset

• Implement ps, psz, psj and psj with charset support
• Support multi-byte input in charset
• Add more runes to pokered

ci

• Fix linux-static pub action

cmd

• Sync om and omj output

cons

• Fix Ctrl-J issue and remove redundant code in 'Ctrl-J' block
• Implement RConsPixel and RBraile APIs
• Fix #16254 - grep expression parse improvement
• Fix null derefs on RCons when no context is provided

core

• Fix #18412 - Add R2_IGNVER variable to load plugins ignoring the version
• Remove asm.bb (asm.bb.line -> asm.lines.bb, asm.bb.middle -> asm.bbmiddle)

crypto

• Update to use keys that can be programmed onto a CPS2

debug

• Implement drcq and show it in visual debug/emu
• Fix #18502 - dangling pointers issues in dbm
• Revert "dmi commands handle symbols, exports, main, entries too
• dmi commands handle symbols, exports, main, entries too
• Implement dmis command as an alias for .dmi*
• Workaround the dmi issue by using rabin2 in macOS for now
• Add dbg.maxsnapsize to avoid snapping huge maps

debug"

• Revert "dmi commands handle symbols, exports, main, entries too

decompiler

• Detect retdec decompiler (pdz) in cmd.pdc

diff

• Add abstract Levenshtein dist
• Abstract r_diff_levenshtein_path
• Add Levenshtiend path API to

disasm

• Honor asm.cpu for asm.arch=ppc.gnu
• Fix #18511 - Add dwarf info in pdj
• Add the m68k.gnu disassembler plugin
• Show overlapped flags if requested and show them differently (#706)
• Honor cfg.debug in asm.section using dmi.
• Improve asm.meta=false for 16, 32 and 64 words
• Fix #17761 - Do not trim the "ptr " when asm.syntax=masm
• Add pi+ and pi- commands as aliases for 'pi +' and 'pi -'
• Fix asm.lines.bb with asm.sections set

dwarf

• Implement CLj command and improve CL output

emu

• Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
• Add dummy interrupt and syscall handlers

esil

• Add r_anal_esil_{syscall/interrupt}_{get/del}
• Boolify all the ESIL callbacks
• Fix some asserts and nullderef spotted on arm64
• Esil plugin management APIs
• • Add r_anal_esil_{get/del}_op
• • Fix deactivating plugins on r_anal_esil_free
• • Add local getter for active esil plugins

fs

• Fix absolute paths and add r_return guards
• Fix fs.posix.cat and use r_sys_dir instead of reimplement (-48LOC)

graph

• Add support for highlighted edges in graphviz
• Add ageh command to let users define which node links should be highlighted

hash

• Implement ssdeep fuzzy hashing algorithm
• Fix name collision for SHA functions

io

• Close #18257 / Remove RIODescData
• Enable io-plugins to set bin.baddr on launch
• Fix comment
• Implement custom bit size cyclic memory layout and wrap flags in
• Rename r_io_map_get_for_fd to r_io_map_get_by_fd
• Rename r_io_map_resolve to r_io_map_get
• Rename r_io_map_get to r_io_map_get_at
• Implement slurp:// uri handler plugin
• Implement omd command, as a simplified version of om
• Fix infinite loop in r_io_map_next_available
• Fix #17049 - oa whithout filename specify, add oa test
• Add help message for winkd://? and improve desc

json

• iVj must print valid json, not empty output (#18571)
• Add json version output to r2 -vj
• rasm2 -L now shows an array of objects
• Fix #18284 (json command returning empty string)

lang

• Add #!*? command to show rlang plugin examples
• Add support to the V programming language for scripting

print

• Implement pFX command exemplifying the use of r_sys_unxz()
• Android Binary XML support (#18545)
• Improved pdc, added pdco and pdcj, print orphan nodes
• Fix alignment issues in RTable with utf8 fields

reg

• Fix null printf issue in arpi command

search

• Import @siguza's arm64 xref finder
• Show results after pressing ^C in /ad
• Fix /ad of multiple consecutive instructions

shell

• Fix proper hash comments & quotes mix (#18551)
• Implement whoami and uid commands
• rasm2 -Lj works the same way as -jL
• Add variable autocompletion class in !!!
• Add scr.loopnl to add a newline on all the @@ loops

test

• Add R2R_SKIP_ASM env var handling in r2r

tools

• Fix #18391 - Show help in r2pm even before initializing the db

util

• Add r_file_find to recursive list files and subdirectories into a list
• Rename dep in rbtree.c to depth
• Rename d, d2, d3 in rbtree.c to direction ...
• Optimize r_rbtree_cont_{first/last} #18485
• Implement r_rbtree_cont_node_prev (siol eternal)
• Implement r_rbtree_cont_last
• Fix endless loop in r_rbtree_cont_node_next
• Add unit test for r_rbtree_cont_node_next
• Fix segfaults in rbtree.c (parent backlink)
• Add r_rb_cont_tree_node_next (SIOL Eternal)
• Add backlink to parent in RBNode (SIOL Eternal)
• Add r_rb_cont_tree_find_node (SIOL Eternal)

visual

• Add agfb for braile graphs
• Revert "Fix memleaks in agraph by keeping a separated list of dummy nodes
• Fix memleaks in agraph by keeping a separated list of dummy nodes
• Initial implementation of graph edge highlighting

visual"

• Revert "Fix memleaks in agraph by keeping a separated list of dummy nodes

Improved V850 Support

This release comes with several improvements for the V850 (in concret e2) cpu. The default disassembler is not really supporting many of the instructions of this architecture, but you can use r2ghidra as disassembler and analyzer which comes with a bunch of improvements for this architecture. Here's a list of the most relevant changes:

• Add support for cyclic memory layouts, this memory model is only supported in some rare architectures like s390, VAX, old ARMs and some V850. And this is not supported by any other static analysis tool (only by some closed source emulators from what @trufae could find).
• Implemented jump table analysis and pointer table size prediction, requires latest r2ghidra to work
• Add /cu command to find UDS dispatch tables and pointers for CAN BUS handling firmwares
• The new omd command makes creating memory layouts for embedded firmwares much easier, but at the end it's just a simplified version of om.
• Add slurp:// uri handler which does the same as oom to reload the given disk file into a malloc:// which is ideal for loading firmware dumps with ram contents for proper emulation.
• Fix PSW register bits definition for v850
• Added default calling convention for v850e2-gcc

ARM64/Apple support

• Android binary XML decoder available in the new pFa command (thanks @meme)
• Added support for the new CoreSymbolication file format (thanks @mrmacete )
• Support the latest dyldcaches from macOS/arm64 (thanks @meme)
• Add core plugin using @Siguza 's arm64xref search code which is 200x faster than /r with capstone
• Fixed large loading times and segfaults when loading some corrupted mach0 binaries
• Improved ARM32 LDR esil emulation which may fix some missing xrefs

Analysis

• New command: aaw, flag all words pointing to known flags
• Float/Double/LongDouble types supported in pf [fFG] and wv[fFG]
• Better handling errors when parsing invalid register profiles
• Add =RS directive to define the default register size.
• Assign pdc, pdd, pdg, pdz to their respective decompilers
• Honor all asm.cpu values for the powerpc GNU disassembler
• Added levenstein binary diffing path APIs
• Improve pdc pseudo-decompiler output (show orphaned bbs) + pdcj support
• Add support for new crypto keys on CPS2

Search

• Add brand new implementation of ssdeep (by @trufae) under the MIT license.
• Fix /ad command results are now correct and tested.
• New sixref command (see siguza's plugin in the arm64 section)

Shell

• Add lsr, whoami and uid commands
• Move the Vlang rlang plugin from -extras to core. it's now stable and ready to use.
• Add scr.loopnl to add a newline on all the @@ loops
• Improved dmi commands to load more symbols in debugger mode
• Fix #16254 - grep expression parse improvement ##cons
• Add freebsd-x86-32 support for sflib based shellcodes with ragg2

Binaries

• Added bin.cache as a high level value for io.cache
• Add support for loading symbols from .gnu_debugdata sections on ELF binaries
• Support latest dyldcache and coresymbolication files for macos-arm64 and ios
• Fixed segfaults and large loading times on 6502, PYC, DEX, MACHO, ELF, DWARF formats
• Dwarf information is now listed in the output of pdj and other CL listings

Visual

• Add support for highlighting edges in graphviz and ascii graphs
• Honor cfg.charset in w, ps, psz and psj (thanks @gogo2464 )
• Add minigraph support in visual (check graph.mini)
• Support multibyte input conversions in custom charset encodings
• Improved glob expression text filtering (thanks @as0ler )
• Implemented braile-art graph rendering (afbg)
• Show status register bits in visual debugger mode

Build

• Clarify license usage in target build for core modules and installed plugins (
• Fix static builds with meson
• Handle use_ssl, use_fork, use_dylib, nogrub, nogpl and custom plugin builds with meson
• Cleaned up slow tests and make CI run in GHA in 8min
• Import patches from Termux

This is the second release after the fork, we are still putting things in place and optimizing the development for what we had in mind. Probably many people expected a public statement about the events, but this post end up being used as a therapy and focused on spending the time for what it matters: have fun, move fast and code for what matters most for the users and contributors without losing time and nerves in personal conflicts or strict roadmaps, just fixing, improving and keep vibing the amazing community in r2land.

There are frequent back and forth pulls of changes from both projects (see sys/derizin.sh for more details), and future directions of both projects will probably differ enough to lower that pace. If you are curious about other side projects:

About r2ghidra, it was rebranded (previously named r2ghidra-dec), and has been updated with all the changes in rz-ghidra, but adds ACR build support (which works on FreeBSD), removes the need for bison and flex, See https://github.com/radareorg/r2ghidra for more details about the 5.1.0 release.

On r2cutter, the repository, project and icon has been renamed from Cutter to r2Cutter as well as updated the r2 dependency to the latest 5.1.0, but the CI hasnt been massaged yet to do the release builds, so no release of r2cutter is planned until this issue gets fixed.

r2dec is still available and working, just remember to update your package database with r2pm update.

Alexander von Gluck IV Alexis Ehret Allen McIntosh Anton Kochkov Aswin C Briand Djoko Carson McManus ChD1 Dennis Goodlett Eduard Eduard MURESAN Fangrui Song Florian Maerkl Francesco Tamagni Fredrik Fornwall Giovanni GustavoLCR Kamil Rytarowski Khairul Azhar Kasmiran Liumeo Murphy Paul I Qijia Liu RHL120 Riccardo Schirone Riccardo Schirone Sahil Siddiq Sylvain Pelissier aemmitt-ns aemmitt-ns condret eagleoflqj gogo gogo2464 ivan tkachenko laohuai liumeo mrglm pancake pancake pancake ratijas wargio yossizap yossizap

Highlights

This release comes with a large list of bug fixes, many of them you may probably not even noticed, but some of them are important for users and packagers, it has been tested on a large list of platforms, not just in the CI, but also in sparc, mips, powerpc and other funky hardware (Thanks @unixfreaxjp !). We are not forgetting the new Macs, and this release comes with few fixes for fat binaries, kernel caches and arm64 floating point emulation (kudos to @mrmacete and @aemmitt-ns for them!).

Projects: One of the most awaited feature is now finally available for testing, the git support has been enabled by default and some options and backward compatibility transitional code have been removed. Please test this out and let us know if you spot any issue! thanks @trufae for this!

The CI have been rewritten for simplicity and it's now building and publishing Android, iOS, macOS, Linux and Windows artifacts on every commit, ASAN, LGTM and COVERITY are still there, but all jobs run in github actions.

Lots of improvements in the support for JSON have been added by @liumeo also, several memory leaks have been cutted down, which are always welcome.

Support for streaming large files over mg, and added support in r2frida is now available thanks to @as0ler!

r2wars

The r2wars game runs on top of r2, but it needs some tweaks for the esil vm to work, this version optimizes this by checking configuration options outside hot loops.

• Cache cfg.r2wars value outside the eval loop

Those 'hacks' will be eventually removed when r2wars gets able to emulate syscalls, traps and low level stepping for context switching at esil-expression level.

• Support sbfm/ubfm in arm64
• Initial support for arm64 asm extendtype
• Add test and update arm.winedbg (#18117)

The arm64 assembler has been extended support more instructions and be more formal and correct.

• Implement i4004 assembler

It's always great to welcome a new supported architecture for assembling code (disassembler for i4004 was already available). Kudos to Liumeo for this nice addition!

bin

• COFF: handle empty sections (#447)

• Dont demangle with libs unless requested

• Add bin.cache evar to use io.cache when bins need to patch relocs

• Fix Mach-O rebase on fat slices

• Add additional ELF header fields to rz-bin output

• Fix PE Delay Imports for multiple delayed DLLs (rizin)

• Lowercase DEX method attributes and move r_num_bit_count()

• Initial implementation of the DEX annotation parser

The DEX annotation metadata is now parsed in the DEX plugin, this means, that parsing is actually a bit slower (it's parsing more information) but provides more context and information of the application classes and methods. Use bin.verbose=true to get that information.

This metadata must be imported into r2 somehow, but this interface hasnt been defined yet, so only plaintext representation is supported at load time. Probably finding a good tree representation for an Sdb instance could work.

radiff2

• Add more checks on the passed files and fail early.
• Honor graph.font in diffing graphs too
• Remove buggy Levenshtein diff algorithm and rename the original code

Some confusing usage and documentation have been updated and the default diffing algorithm is now faster. (Thanks MaskRay for spotting it and Liumeo for massaging it)

ci

The whole CI scripts have been rewritten to run everything in GithubActions, and adjust the test of PRs to 20min, ASAN is only running in master (takes 1h), and every commit is compiled for linux, macos, windows, ios and android. No breaking commits can be merged. And all artifacts are available to download for every single commit and architecture.

As long as the Sanitized build takes 1h to run the testsuite we decided to make it run only in the master branch, if any regression happens there it's easy to fix with the crash logs in GHA.

This is the setup of jobs in the current CI:

• Add android-arm64 target to build release artifacts
• Add TCC ci task which is able to build and run the testuite
• Added cydia builds for arm64
• Add job to test build and install with spaces in builddir and installdir
• Add job to test install, uninstall, symstall for proper purgation and avoid disasters
• Fix the badge in the README
• Add asan ci job to run all fuzzed bins with a sanitized build (takes 1h)
• linux-test builds with acr and takes about 20min to run all tests
• CoverityScan service find vulnerabilities with advanced source code analysis.
• LGTM service spots static source analysis good practices
• Initial attempt to switch to Capstone 5, needs more

RTable

• Dashes in RTable with X format
• Implement RTable:sql and add RTable.name

You may not know about RTable yet, but it's an api and command modifier that will be used more and more over time. In short, RTable provides an API to create tables with columns with types and rows with data and an api and query syntax to operate over those tables in the same way as you would do in an SQL database but using the cryptic syntax of commands we like in r2land.

This release introduces a new output for SQL. This means that any information stored in r2 can be exported in SQL statements and processed in your favourite SQL database. This is an example usage:

$ r2 -AA /bin/ls
> afl,:sql > functions.sql
> !sqlite3
sqlite> .read functions.sql
sqlite> .tables
fcns
sqlite> select count(name) from fcns;
128

RISCV

• Fix #18212 - Detect RISCV gdb servers
• Add riscv in RSysArch and make it an enum, not a bitmask
• Update RISC-V ESIL with sign extention operator (#18109)

Native support for Linux/RISC-V is now available as well as remote debugging via GDB, the ESIL emulation have been improved a little bit.

disasm

• Fix HUGE bottleneck in the WebAssembly pseudo disassembler and analyzer
• pd, is an alias for pdt (pdt will be removed soon)
• Honor meta size in asm.meta=false and add tests
• Fix #18202 - Large Cd truncates and crashes in pd
• Implement print disasm until optype

ESIL

• Fix x86_cs cmpbs esil
• fix x86-cs rep/repe/repne esil expressions

@condret find out (and fixed) a bug in the way rep instructions were constructed in ESIL in x86.

• Support arm32 esil stmib/ldmib
• Add sign extension assignment operator (#18092)
• Add floating point operations for emulation

Thanks to @aemmitt-ns (Austin Emmitt) for implementing support for floating point arithmetics in ESIL as well as adding support for most FPU instructions for ARM64. That's an important move forward in order to improve the language to handle more instructions and architectures.

A work in progress support for RIOBanks is not yet included in this release. But hopefully in the next release @condret and @trufae will be manage to finish the new API and commands and integrate them into the ESIL to support memory banks in GameBoy emulation for example (as well as add support later for other archs).

• Add support for RAnal.ESIL plugins

Those new types of plugins are right now just a place holder to call init/fini and do whatever you want from there. But in the next release ESIL plugins will provide the ability to expose some functionalities to the ESIL VM, syscall implementations in userland, libc emulation functions, custom esil operations, hardware devices, etc. Join the Discord, Telegram or IRC channels to raise the topic if you are interested on more details.

fs

• Add support to stream files using mg (#18253)

This feature has been added pair to pair with the r2frida implementation, this way enables r2 to download all the files and its contents without any file size limitation from the remote device to your host. All the RFS plugins API has been changed to if you are using custom RFS plugins you may take care of that.

Support for uploading is not yet implemented, but it is planned in the near future.

Thanks Murphy for that great contrib!

io

• Accept rwx argument in onn command
• Add onn command to fix custom map assignments

Those changes and new command are required for the projects to be able to save and restore the status of files, binfile and iomaps in proper order and reference.

• Fix and refactor the ar:// plugin

The refactoring of the io.ar plugin spotted a regression in open_many() which is not yet fixed, brave volunteers are welcome!

Projects

The most requested feature for r2 has been reworked to actually make it work and improved several use cases that weren't handled before:

• prj.git is now enabled by default if git is in path

this means that everytime you run Ps after saving the changes in will prompt you for a commit message. The ability to rollback to any previous state of the project by just calling git reset and Po becomes very handy when bad things happen or you just want to track your progress.

As long as projects are in plain text they are readable in git diff.

Improved support to ease the workflow to support multiple users sharing the same project via git will be implemented in future releases.

• Handle io.maps and bin.segments in o* to handle custom maps in projects
• Add map name information in o* output
• Honor mapaddr for malloc in o*
• Save the write cache in projects

As long as the user can create custom maps on specific files, the projects need to determine if there's any binobject associated with a specific file for processing a map. This puzzle is solved by the o* command which now prints the right commands to reconstruct the same IO environment starting from a clean session.

• Reworked P command with RProject and prj.name integration
• dir.projects becomes abspath when set
• Fix projects by removing code and honoring prj.name
• Save the write cache in projects

The P command is now much more stable and all the subcommands work as expected, some tests have been added and project renaming can be done via command or via evar prj.name. The magic behind this evar-project-action is done by using the RConfig.getter APIs that have been there for a while but barely used, the value is updated at get time from the project instance details. This way it's possible to rename a project like this:

> e prj.name
test
> e prj.name=case1

• Tell the user that debugging projects don't work

Projects are working, but they are far from perfect, one of these missing corners is the debugging support, the main reason for that is the lack of integration of aslr rebasing in projects, this will be eventually implemented, but for now it's better to avoid the user to mess the thing.

In any case, it's always recommended to have your own manually writen scripts to do setup some flags, memory patches or breakpoints, so you are more in control of what you run in a living process.

• Fix calling convention save/restore
• Print call convention once in afi
• Warn once about the missing anal.cc
• Use RConfigNode.getter callback in anal.cc to be in sync with k anal/cc/default.cc

Some improvements in the way calling conventions are handled inside r2 enabled the use of anal.cc like it's done in prj.name, with a 'live' evar. default calling convention is defined by the architecture but can be redefined by the rbin plugin or the analysis information. In addition the user can also specify a custom CC for each function, all those details are preserved with the anal.cc evar and the tc and afc commands.

• Remove transitional projects code
• Remove file.path and file.lastpath and add RProject
• Remove the prj.simple option
• dir.projects becomes abspath when set
• Use UID instead of PID to identify the user to avoid changing projects everytime

Refactor

• Refactor tcc and afcl commands, improve help and JSON
• 25 commits refactoring the code to use the formal PJ api to generate JSON

This includes honoring the settings defined by the user in the cfg.json evars, this nice feature was introduced by @hexploitable in the previous 5.0 release.

[0x00000000]> e cfg.json.num =?
none
string
hex

Rizin

• Added support for regex in test output and stderr
• Massage RRegex to fix codingstyle and a null deref.
• This resulted in a cleanup and refactoring of RRegex

One of the changes introduced in Rizin is the ability to use regexps to check the output of an r2r test, but after doing some cleanup in the regex code some issues were spotted in the logic, so it's not encouraged to write tests using regexps yet. Unit tests has been added, but it still requires to be fixed.

The bugs are logic bugs, not exploitable, but some match expressions won't work. But at least the feature is in sync.

Other commits taken from RZ grouped by author are:

Paul I

• COFF empty sections
• memleaks in ophandlers
• rtable X dashes

xvilka

• part of the improvements for indentation

wargio

• avr anal warning due unpopulated mnemonic and further refactoring
• fix ao rjmp issue

ret2libc

• Fix misusess of r2 commands inside r2
• Use r_core_flag_get_by_spaces() in getFunctionName()

kazarmi

• Fixed AVR anal plugin warning due unpopulated mnemonic
• Fixing clang flow warnings (#321)
• Fix #rizin302 - Fix function modification detection false
• Remove all dead assignment detect by clang sa (#310)

yossizap

• Fix trace crash
• Add regex support in r2r

Florian

• Fix null deref in rbtree
• Implement delay imports in PE parser

shell

• Implement rax2 -I to convert from/to LONG and IP Address

Sometimes a shellcode or a piece of program is doing some operations with IP addresses and it stores the IP address on a 32 bit register value. rax2 now provides a handy commandline option to ease this conversion. This feature was already available as a hint for the disassembly to convert instruction arguments to ip addresses.

$ rax2 -I 192.168.1.32
0x2001a8c0
$ rax2 -I 0x2001a8c0
192.168.1.32
$

• Implement $i and $I numvars

Those two variables have been added in order to ease writing some scripts that navigate thru the code moving forward and backward honoring the instruction boundaries of the current analysis information.

So $i is the address of the next instruction and $I of the previous. Things get more interesting when the braces join the game: Using $i{3} gives you the address of 3 instructions forward. and the same goes for $I{3} to go backward.

• Fix #18171 - Support RNum for syscall-name in asl command

The asl command has been modified to use RNum when parsing the argument, so its possible to

API

• Add RFile.new and RFile.move APIs
• RFSPlugin API has changed

Plugin delegates return int instead of RFSFile to avoid leaks and uafs, needed for streaming largs files over mg.

• New RAnal.ESIL plugins

Add esil.dummy in your plugins.cfg if the build fail with missing R_ESIL_PLUGINS error.

Visual

• Fix ecn (and VR) when no custom theme was set in .rc

In human words: rotating color themes is working again!

• Implement history filtering for dietline
• Initial implementation of r_cons_eprintf

This new API is wrapping eprintf() but its also able to buffer the results and flush them after r_cons_flush().

FUTURE: The need for this API is to improve the r2pipe API and handle a 3rd communication pipe to handle asyncronous error messages. This is a long term plan and should be backward compatible, so no r2pipe scripts may break.

• Fix help rendering: avoid printing trailing whitespaces (#18115)
• Improve str.wrap, add cons.line and fix cons.printat glitch
• Fix #17940 - Show ConfigNode options when selected in Ve
• Box borders in graph and panels are now in yellow
• Update www/t from radare2-webui
• Fix cascading solitaire issue in panels menus
• Fix the 'c' cursor behaviour in disasm

Those commits improve the experience in panels, fixing an anoying bug in the menus, improving the cursor mode. The default color theme for the frames makes it easier the eye.

The heavy webuis were removed in 5.0, but we are still shipping t/iled and p/anel ones, it's known that the webui repo needs some attention

bindings

The bindings have been also updated with some more valadoc documentation that can be read in here:

https://radare.org/vdoc

This documentation and API can be used for any bindings generated by valabind, this is: python, nodejs, ruby, go, v, ... the work to stabilize the apis in this module focused in RConfig, some fixes have been done in this module.

security

As usual, every release of r2 comes with a large list of security vulnerabilities, bugs and crash fixes. The list below sumarizes the most relevant ones:

• Fix #18274 - Fix crash in r2 *.wasm
• Fix crash in XNU kernel parsing (no cache)
• Fix code injection vuln in .ic* with ObjC classes
• Fix trace crash caused by a mismatch between the register profile and op anal
• AVR: Fixed profile, (null) instruction and anal
• Fix potential null-deref in r_rbtree_cont_foreach()
• Fix crash when wasm file contains symbols with large names
• Handle ^C and fix ASAN crash in aeA command

build

• Disable AVR plugin from all static builds because of the duplicated symbols issue introduced in recent refactoring.
• Add r2.1 when installing with symstall
• Fix debugger build problem in android-x86_64
• Remove --without-r2r configure option
• Create dist/ to hold all the distribution build files

Merged some patches coming from Termux to improve the debugger support on android-x86. The r2r testsuite executable is always built and should be available to all the user installations.

Also, some issues has been fixed in sys/install as well as new CI jobs to verify no regressions happen on install/uninstall/spacesinpaths, etc.

config

• Fix some returns to fix initialization issues in evars
• Remove unused cmd.xterm and use * instead of strcmp for ?
• Support evar filtering in eq and check for bool type in RConfig.toggle
• Expose RConfigNode.options APIs to avoid messing with internals
• Count lines is a prefix operator
• Add a progress bar for when scripts are running
• Honor R2_CFG_NEWSHELL=0 to disable it
• Seek command ignores the tmpseek
• Add missing vars from ?$? in ?$ and sort them alphabetically

Authors

• David CARLIER [email protected]
• Florian Märkl [email protected]
• Khairul Azhar Kasmiran [email protected]
• NIRMAL MANOJ C [email protected]
• pancake [email protected]
• phakeobj [email protected]
• Riccardo Schirone [email protected]
• yossizap [email protected]

This release could not be done without the help of several people, who contributed with many fixes and improvements. Above you can only find some short highlights of what was done in this release, but many more important changes have been committed and you can find them in our git log.

Authors

• Alexis Ehret [email protected]
• Anton Kochkov [email protected]
• Aswin C [email protected]
• atodekangae [email protected]
• Azox [email protected]
• condret [email protected]
• Cyrill Leutwiler [email protected]
• David CARLIER [email protected]
• Dennis Goodlett [email protected]
• DharmaCode [email protected]
• Disconnect3d [email protected]
• Eduardo Novella [email protected]
• Eli Schwartz [email protected]
• Fangrui Song [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• FXTi [email protected]
• Giovanni [email protected]
• gkpln3 [email protected]
• GustavoLCR [email protected]
• HoundThe [email protected]
• Ian Huang [email protected]
• Ishi Tatsuyuki [email protected]
• Jerome-PS [email protected]
• karliss [email protected]
• Khairul Kasmiran [email protected]
• Les De Ridder [email protected]
• Liumeo [email protected]
• Maxim Ivanov [email protected]
• mdolmen [email protected]
• meme [email protected]
• meowmeowxw [email protected]
• Michael Scherer [email protected]
• NIRMAL MANOJ C [email protected]
• Ole André Vadla Ravnås [email protected]
• Óscar Carrasco [email protected]
• pancake [email protected]
• Paul I [email protected]
• phakeobj [email protected]
• RHL120 [email protected]
• Riccardo Schirone [email protected]
• Sean Maher [email protected]
• Sergei Trofimovich [email protected]
• Soatok Dreamseeker [email protected]
• Sylvain Pelissier [email protected]
• terrynini [email protected]
• Vane11ope [email protected]
• Yusef Karim [email protected]
• zawwwu [email protected]
• Zi Fan [email protected]

Authors

• Alexis Ehret [email protected]
• Anton Kochkov [email protected]
• Aung Khant Ko [email protected]
• David CARLIER [email protected]
• Disconnect3d [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• Frédéric Tobias Christ [email protected]
• HoundThe [email protected]
• Itay Cohen [email protected]
• Khairul Azhar Kasmiran [email protected]
• Khairul Kasmiran [email protected]
• Khairulmizam Samsudin [email protected]
• Liumeo [email protected]
• Lowly Worm [email protected]
• Maijin [email protected]
• NIRMAL MANOJ C [email protected]
• Paul I [email protected]
• Riccardo Schirone [email protected]
• Rikard Falkeborn [email protected]
• Rishi Bhatt [email protected]
• Robin [email protected]
• Sergey Alirzaev [email protected]
• Sylvain Pelissier [email protected]
• Tigre000 [email protected]
• Zi Fan [email protected]
• aar0nge [email protected]
• curly [email protected]
• davidpolverari [email protected]
• gur111 [email protected]
• karliss [email protected]
• kuqadk3 [email protected]
• luke-goddard [email protected]
• mdolmen [email protected]
• pancake [email protected]
• philoinovsky [email protected]
• yossizap [email protected]
• Óscar Carrasco [email protected]

Changes

anal

• Add initial SuperH and Tricore analysis plugins
• Added option to search all vtables
• Fix infinite loop in aae - check if address is valid
• If possible use symbol name instead of entry name for function name (#16528)
• makes the local variable access detection work on arm64
• Fix asserts when trying to use a unexistant or wrong analysis plugin
• Minor Fixes for XRefs counting (#16546) 
• Fix #16413 - Analyze code refs spotted with aae
• Implement x86 anal.jmp.retpoline switch tables (spectre/meltdown)
• Tweak arm64 ldr ESIL for var access
• Add opaddr field in ab/abj output
• Improve noreturn and aesu times, show it in afi & afij
• Fix dup af+ removing function from hts (#16526)
• Fix #16308 - Add fcn arg in r_core_anal_propagate_noreturn to avoid O(n) in af
• Fix ao~bytes and add test
• Improve aef by skipping calls and improving the logic
• Improve aeg command and add aaef as an alias for aef@@@F
• Fix #16225 - Remove the unused fcn_locs causing an UAF
• Implement Shortest Path between BBs and add tests for abt (#16200)
• Implement aesB command to step until the given basic block
• Implement afsj command to get the JSON definition of the function signature
• Add acvf command and devirtualizing vtable method calls (#16157)
• Implement aeb command to emulate a basic block (#16174)
• Guess a better name for functions when multiple flags point there

asm

• Fix #16433 - Use MOV opcode B8+ for MOV r64, <0x80000000 to 0xffffffff> #16572
• Fix #16433 - Support movabs for x86_64's MOV r64, imm64 (#16527)
• x86_64: Use MOV opcode C7 for MOV r64, -<1 to 0x80000000> (#16551)
• Fix arm64 branch assemble (#16205) 
• Support asm.cpu for Tricore architecture (#16161)

bin

• Fix infinite loop in macho commands parser (#16562)
• Fix heap overflow in the relocs ELF parser
• Improve COFF symbol info (#16523)
• Fix crash issue induced by an integer overflow in the mach0 parser
• Fix #16455 - iij asserts for ld-uclibc with a null import
• • Fix asserts in iij for ld-uclibc with a null import
• Add rust lang support to iD command (#16490)
• Fix #16418 - Implement blind main detection on endbr+mov files
• Fix COFF symbols/imports info (#16446)
• When computing ELF relocations, use DYNAMIC segment if available (#16419)
• Make dyldcache accelerator info optional
• • Make dyldcache accelerator info optional
• Do not use r_buf_data in DEX results in 1.5x faster parsing (22s vs 33s)
• Implement icc*, in sync with ic* to get C strcuts from mach0 classes into r2
• Add mach0 class fields with padding and sorted by offset
• WIP: Improve ObjC's IVAR fields support
• Fix #16265 - Segfault in rabin2 -O e/123 with ELF
• Fix memory leak in RBin. NE relocations
• This allows to open dyld cache files from iOS 13.4 for which
• Idea for fixing id? and idp? etc commands (#16244)
• Fix PE endian and alignment issues spotted by ASAN
• Strip minuses from the hash names for sha256 PE signatures (#16156)
• Fix heap overflow in the relocs ELF parser
• Fix crash issue induced by an integer overflow in the mach0 parser
• Fix #16455 - iij asserts for ld-uclibc with a null import
• Make dyldcache accelerator info optional
• Fix memory leak in RBin. NE relocations
• Fix PE endian and alignment issues spotted by ASAN