UNIX-like reverse engineering framework and command-line toolset

Overview

screenshot

Radare2: The Libre Unix-Like Reverse Engineering Framework

Latest packaged version Tests Status build tcc CII Best Practices Build Status Total alerts TODO GLOBALSXXX Discord

See the Releases page for downloads. The current git master branch is 5.7.7, next will be 5.7.8.

  • Since r2-5.6.0 all the patch releases are abi stable
  • Odd patch versions are used in git builds only, releases use even numbers
  • No need to recompile the plugins, bindings or tools if the major and minor version are the same

Description

r2 is a complete rewrite of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks. Distributed mostly under LGPLv3, each plugin can have different licenses (see r2 -L, rasm2 -L, ...).

The radare project started as a simple command-line hexadecimal editor focused on forensics. Today, r2 is a featureful low-level command-line tool with support for scripting. r2 can edit files on local hard drives, view kernel memory, and debug programs locally or via a remote gdb server. r2's wide architecture support allows you to analyze, emulate, debug, modify, and disassemble any binary.

screenshot

Installation

  • r2 can be installed from git or via pip using r2env.
  • Run sys/install.sh for the default acr+make+symlink installation
  • meson/ninja (muon/samu also works) and make builds are supported.
  • Windows builds require meson and msvc or mingw as compilers
  • To uninstall the current build of r2 run make uninstall
  • To uninstall ALL the system installations of r2 do: sudo make purge
git clone https://github.com/radareorg/radare2
radare2/sys/install.sh

Default Windows builds use MSVC, so run those .bat:

preconfigure.bat       REM setup python, meson, ninja
configure.bat          REM run meson b + vs project
make.bat               REM run ninja -C b
prefix\bin\radare2.exe

Alternatively you can use r2env to switch between different versions.

pip install -U r2env
r2env init
r2env add radare2@git

Usage

These are the first steps to use r2, read the book or find tutorials for more details

$ r2 /bin/ls   # open the binary in read-only mode
> aaa          # same as r2 -A, analyse the binary
> afl          # list all functions (try aflt, aflm)
> px 32        # print 32 byte hexdump current block
> s sym.main   # seek to the given offset (by flag name, number, ..)
> f~foo        # filter flags with ~grep (same as |grep)
> iS;is        # list sections and symbols (same as rabin2 -Ss)
> pdf; agf     # print function and show control-flow-graph in ascii-art
> oo+;w hello  # reopen in rw mode and write a string in the current offset
> ?*~...       # interactive filter all command help messages
> q            # quit

Resources

Plugins

Many plugins are included in r2 by default. But you can extend its capabilities by using the r2pm package manager.

r2pm -s <word> # search package by word
r2pm -ci <pkg> # install a package

Most popular packages are:

  • esilsolve: The symbolic execution plugin, based on esil and z3
  • iaito: The official Qt graphical interface
  • radius2: A fast symbolic execution engine based on boolector and esil
  • r2dec: A decompiler based on r2 written in JS, accessed with the pdd command
  • r2ghidra: The native ghidra decompiler plugin, accessed with the pdg command
  • r2frida: The frida io plugin. Start r2 with r2 frida://0 to use it

Contributing

There are many ways to contribute to the project. Contact the community, check out the github issues, or grep for TODO/FIXME/XXX comments in the source.

To contribute code, push your changes to a branch on your fork of the repository. Please ensure that you follow the coding and style guidelines and that your changes pass the testing suite, which you can run with the r2r tool. If you are adding significant code, it may be necessary to modify or add additional tests in the test/ directory.

For more details, see CONTRIBUTING.md and DEVELOPERS.md.

Documentation

To learn more about r2 we encourage you to watch youtube talks from r2con. In addition to reading blogposts, slides or the official radare2 book, here are some methods to contact us:

Community

Supported Platforms

Operating Systems

Windows (since XP), Linux, Darwin, GNU/Hurd, Apple's {Mac,i,iPad,watch}OS, Android, [Dragonfly, Net, Free, Open] BSD, Z/OS, QNX, SerenityOS, Solaris, Haiku, Vinix, FirefoxOS.

Architectures

i386, x86-64, ARM, BPF, MIPS, PowerPC, SPARC, RISC-V, SH, m68k, m680x, AVR, XAP, S390, XCore, CR16, HPPA, ARC, Blackfin, Z80, H8/300, V810, V850, CRIS, XAP, PIC, LM32, 8051, 6502, i4004, i8080, Propeller, EVM, Tricore, CHIP-8, LH5801, T8200, GameBoy, SNES, SPC700, MSP430, Xtensa, NIOS II, Java, Dalvik, WebAssembly, MSIL, EBC, TMS320 (c54x, c55x, c55+, c64x), Hexagon, Brainfuck, Malbolge, whitespace, DCPU16, LANAI, MCORE, mcs96, RSP, SuperH-4, VAX, KVX, Am29000, LOONGARCH, JDH8.

File Formats

ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, QNX, WAD, OFF, TIC-80 Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems.

Packaging Status

  • Termux package
  • Alpine Linux Edge package Alpine Linux 3.13 package Alpine Linux 3.12 package
  • Arch package AUR package
  • Fedora Dev Fedora 36 Fedora 34
  • FreeBSD port OpenBSD port pkgsrc current package
  • Homebrew package MacPorts package
  • Haiku Ports Void Linux
  • Ubuntu 22.10 package Ubuntu 20.04 package Ubuntu 18.04 package
  • Debian Unstable package Raspbian Stable package Kali Linux Rolling package
Comments
  • User defined labels do not replace addresses in 68k disassembly

    User defined labels do not replace addresses in 68k disassembly

    Mirroring issue #3841 that I opened back in December, I am having trouble getting the 68k backend to honor manual labels that I create in the disassembled output. The use case was to fill in the Sega Genesis I/O addr space with easy-to-read names, such as the z80 Bus Request register at 0xa11100, as shown below:

    C:\W2CUTILS\radare2-w32-0.10.2-git>radare2.exe -e -a68k "F:\Legacy\Genesis\ROMS\
    ShiningInTheDarkne.2103\ShiningInTheDarkne2103.bin"
    Copyright: SEGA MEGA DRIVE (C)SEGA 1991.JUL
    DomesticName: SHINING AND         THE DARKNESS
    OverseasName: SHINING IN          THE DARKNESS
    ProductCode: GM MK-1310  00
    Checksum: 0x0321
    Peripherials: J
    SramCode:  UE
    ModemCode:  UE
    CountryCode:  UE
     -- nothing personal, just bitness
    [0x00000200]> s 0x354
    [0x00000354]> f sym.z80BusReq @ 0x00a11100
    [0x00000354]> pd
                ;-- Reset:
                0x00000354      4e71           nop
                0x00000356      4e71           nop
                0x00000358      4e71           nop
                0x0000035a      4e71           nop
                0x0000035c      4e71           nop
                0x0000035e      4e71           nop
                0x00000360      4e71           nop
                0x00000362      4e71           nop
                0x00000364      4e71           nop
                0x00000366      4e71           nop
                0x00000368      4e71           nop
                0x0000036a      4e71           nop
            ,=< 0x0000036c      6000030a       bra.w 0x678
            |   0x00000370      4ff900fffff0   lea 0xfffff0.l,sp
           ,==< 0x00000376      4eb9000011b2   jsr 0x11b2.l
          ,===< 0x0000037c      61005f32       bsr.w 0x62b0
          |||   0x00000380      4eba01ee       jsr 0x570(pc)
          |||   0x00000384      4e71           nop
         ,====< 0x00000386      4ef900002ebe   jmp 0x2ebe.l
         ||||   ;-- BusErr:
         ||||   ;-- InvOpCode:
         ||||   0x0000038c      23ef000a00ff.  move.l 0xa(sp),0xff3a54.l
         ||||   0x00000394      48e7fffe       movem.l d0-d7/a0-a6,-(sp)
        ,=====< 0x00000398      4eb900018034   jsr 0x18034.l
        |||||   0x0000039e      303c0200       move.w 0x200,d0
       ,======< 0x000003a2      4eb900018018   jsr 0x18018.l
       ||||||   0x000003a8      4cdf7fff       movem.l (sp)+,d0-d7/a0-a6
      ,=======< 0x000003ac      60000022       bra.w 0x3d0
      |||||||   ;-- DivBy0:
      |||||||   ;-- Check:
      |||||||   ;-- TrapV:
      |||||||   ;-- GPF:
      |||||||   ;-- Trace:
      |||||||   ;-- Reserv0:
      |||||||   ;-- Reserv1:
      |||||||   ;-- Reserv2:
      |||||||   ;-- Reserv3:
      |||||||   ;-- Reserv4:
      |||||||   ;-- BadInt:
      |||||||   ;-- Reserv10:
      |||||||   ;-- Reserv11:
      |||||||   ;-- Reserv12:
      |||||||   ;-- Reserv13:
      |||||||   ;-- Reserv14:
      |||||||   ;-- Reserv15:
      |||||||   ;-- Reserv16:
      |||||||   ;-- Reserv17:
      |||||||   ;-- BadIRQ:
      |||||||   ;-- IRQ1:
      |||||||   ;-- EXT:
      |||||||   ;-- IRQ3:
      |||||||   ;-- HBLANK:
      |||||||   ;-- VBLANK:
      |||||||   ;-- Trap7:
      |||||||   ;-- Trap8:
      |||||||   ;-- Trap9:
      |||||||   ;-- Trap10:
      |||||||   ;-- Trap11:
      |||||||   ;-- Trap12:
      |||||||   ;-- Trap13:
      |||||||   ;-- Trap14:
      |||||||   ;-- Trap15:
      |||||||   ;-- Reserv30:
      |||||||   ;-- Reserv31:
      |||||||   ;-- Reserv32:
      |||||||   ;-- Reserv33:
      |||||||   ;-- Reserv34:
      |||||||   ;-- Reserv35:
      |||||||   ;-- Reserv36:
      |||||||   ;-- Reserv37:
      |||||||   ;-- Reserv38:
      |||||||   ;-- Reserv39:
      |||||||   ;-- Reserv3A:
      |||||||   ;-- Reserv3B:
      |||||||   ;-- Reserv3C:
      |||||||   ;-- Reserv3D:
      |||||||   ;-- Reserv3E:
      |||||||   ;-- Reserv3F:
      |||||||   0x000003b0      23ef000200ff.  move.l 0x2(sp),0xff3a54.l
      |||||||   0x000003b8      48e7fffe       movem.l d0-d7/a0-a6,-(sp)
      ========< 0x000003bc      4eb900018034   jsr 0x18034.l
      |||||||   0x000003c2      303c0200       move.w 0x200,d0
      ========< 0x000003c6      4eb900018018   jsr 0x18018.l
      |||||||   0x000003cc      4cdf7fff       movem.l (sp)+,d0-d7/a0-a6
      `-------> 0x000003d0      4e71           nop
       ||||||   0x000003d2      4e71           nop
      ,=======< 0x000003d4      60fa           bra.b 0x3d0
      |||||||   ;-- Trap0:
      |||||||   0x000003d6      4e71           nop
      ========< 0x000003d8      60fc           bra.b sym.Trap0
      |||||||   ;-- Trap1:
      |||||||   0x000003da      33fc010000a1.  move.w section.header,0xa11100.l
      |||||||   0x000003e2      0839000000a1.  btst 0,0xa11100.l
      ========< 0x000003ea      66f6           bne.b 0x3e2
      |||||||   0x000003ec      0c0000fb       cmpi.b -0x5,d0
      ========< 0x000003f0      663a           bne.b 0x42c
      |||||||   0x000003f2      4a3900ff001b   tst.b 0xff001b.l
      ========< 0x000003f8      671e           beq.b 0x418
      |||||||   0x000003fa      48e70180       movem.l d7/a0,-(sp)
      |||||||   0x000003fe      41f900ff001c   lea 0xff001c.l,a0
      |||||||   0x00000404      7e08           moveq 0x8,d7
      |||||||   0x00000406      10e80001       move.b 0x1(a0),(a0)+
      |||||||   0x0000040a      51cffffa       dbf d7,0x406
      |||||||   0x0000040e      4cdf0180       movem.l (sp)+,d7/a0
      |||||||   0x00000412      533900ff001b   subq.b 0x1,0xff001b.l
      --------> 0x00000418      13f900ff001c.  move.b 0xff001c.l,0xa01fff.l
      |||||||   0x00000422      33fc000000a1.  move.w 0,0xa11100.l
      |||||||   0x0000042a      4e73           rte
      --------> 0x0000042c      0c0000fd       cmpi.b -0x3,d0
      ========< 0x00000430      6510           bcs.b 0x442
      |||||||   0x00000432      13c000a01fff   move.b d0,0xa01fff.l
      |||||||   0x00000438      33fc000000a1.  move.w 0,0xa11100.l
      |||||||   0x00000440      4e73           rte
      --------> 0x00000442      0c0000f0       cmpi.b -0x10,d0
      ========< 0x00000446      6610           bne.b 0x458
      |||||||   0x00000448      103900a01283   move.b 0xa01283.l,d0
      |||||||   0x0000044e      33fc000000a1.  move.w 0,0xa11100.l
      |||||||   0x00000456      4e73           rte
    [0x00000354]>
    

    I would expect, for instance, address 0x0000044e to be move.w 0, sym.z80BusReq.l and not move.w 0,0xa11100.l. The only symbols that properly replace addresses are those that are autodetected when the ROM is loaded (address 0x000003d8 correctly references sym.Trap0).

    The solution to issue #3841 was to include "." in the labels. Yet when I do so here, nothing happens. Is this perhaps another Genesis/68k backend bug?

    test-required 
    opened by cr1901 81
  • make fails in latest release if git is not installed

    make fails in latest release if git is not installed

    "/bin/sh" capstone.sh "https://github.com/aquynh/capstone.git" "next" "3722c74f69ffa5b705d36cd49c19acdf958a9b7a" ""
    [capstone] release with no git?
    cd capstone ; git reset --hard
    /bin/sh: git: not found
    make[1]: *** [capstone-sync] Error 127
    
    enhancement buildsystem 
    opened by rofl0r 72
  • doc/syntax: improve coding style

    doc/syntax: improve coding style

    I think we should start to accept patches after the code style has been followed. Otherwise we will have (like we already have actually) hard to read code, without any consistency.

    opened by ret2libc 62
  • Pre-release fuzz-a-ton

    Pre-release fuzz-a-ton

    The purpose of this issue is to organize the fuzzing efforts in order to find bugs in r2 before the release:

    • [x] RBin
      • [x] ELF
      • [x] PE (jvoisin)
      • [x] Java class ← this will yield a lot of things quickly
      • [x] MACH0
      • [ ] FATMACH0
      • [x] OMF
      • [x] ObjectiveC classes
      • [x] Demangling
      • [x] XBE
    • [ ] RCore
      • [x] libmagic
      • [ ] regex
      • [ ] feeds invalid commands to produce crash
    • [x] RAnal
      • [x] af - provide bytes with wx and analyze with various archs
      • [x] test various e anal. options

    NOTE Recommended build for fuzzing: 32bit x86 asan (sys/asan.sh)

    fuzzing 
    opened by radare 58
  • Analysis: After end of BB consider it as data

    Analysis: After end of BB consider it as data

    Hello,

    I would like to ask if a specific behavior of radare is a bug or not an implemented feature. So basically what I am doing is to run radare's analysis on a executable which contains obfuscated code. The analysis works fine but with a catch. It doesn't stop the analysis after an unconditional jump, so it considers the following code (junk code) as a part of the function. But I think that's just a side effect of the actual problem. Please see the code above as explanation.

    0x00560e67   0      56                    push esi
    0x00560e68   4+     e9 10 00 00 00        jmp 0x560e7d ;[1]
    
    0x00560e6d   4      51                    push ecx
    0x00560e6e   8+     e5 d6                 in eax, 0xd6
    0x00560e70   8      1d 31 ea ce 05        sbb eax, 0x5ceea31
    0x00560e75   8      06                    push es
    0x00560e76  12+     3b d4                 cmp edx, esp
    0x00560e78  12      d4 1b                 aam 0x1b
    0x00560e7a  12   3  00 85 96 5e 50 52     add byte [ebp + 0x52505e96], al ; *middle* -1
    0x00560e80  12      e9 11 00 00 00        jmp 0x560e96 ;[2]
    

    As you can see the last instruction of the first basic block is doing a jump straight into the "middle" of the instruction. IDA on the other hand gives us this code:

    push    esi
    jmp     loc_560E7D
    ; END OF FUNCTION CHUNK FOR Blah
    
    ; ---------------------------------------------------------------------------
    db 51h, 0E5h, 0D6h
    dd 0CEEA311Dh, 0D43B0605h, 85001BD4h
    ; ---------------------------------------------------------------------------
    
    xchg    eax, esi
    
    ; START OF FUNCTION CHUNK FOR Blah
    loc_560E7D:
    pop     esi
    

    Is it possible to get the same analysis behavior just like IDA ?

    Note: I tried setting these settings for false but still got the old results:

    e anal.hasnext = false
    e anal.afterjump = false
    e asm.middle = false
    
    FEEDBACK WANTED RAnal test-required 
    opened by cynecx 51
  • WIP: Unconventional code char encoding ##print

    WIP: Unconventional code char encoding ##print

    New draft pull request to show changes from https://github.com/radareorg/radare2/pull/16357. I have implemented the function r_charset_encode_str().

    Now I need to modify the structure used in r_charset_encode_str() with pst by the command pse.

    PAD https://hackmd.io/axFbkdadQ3qML85nDgFzHQ

    Your checklist for this pull request

    • [x] I've read the guidelines for contributing to this repository
    • [x] I made sure to follow the project's coding style
    • [ ] I've added tests that prove my fix is effective or that my feature works (if possible)
    • [ ] I've updated the documentation and the radare2 book with the relevant information (if needed)

    Detailed description

    My modifications permit to: -list plugins -load char encoding plugin -use the plugin to print a string with a different char encoding

    The command pse lists all the plugin on the specific folder for char encoding plugins. The plugin works by using the command k. Once the plugin is loaded we can convert and see encoding with pst.

    Some new folders have been added in the project with the makefile to handle plugins.

    I did not have upated the documentation of radare2 yet my plugin does not handle special chars and does not handle spaces. I use - instead

    ...

    Test plan

    First download the gameboy rom from https://github.com/MrCheeze/pokered-self-replicator radare2 sav.dat pse to list plugins pse pokered to load pokemon game boy red char encoding plugin pst @ 0x2528 to read a string on the gameboy rom. The charset will not be loaded from pse yet. You should see

    Selfreplicating----arbitrary-code------by-MrCheeze-:)---------------------\\AvvJOHN\\]V

    Then the test is OK. ...

    Closing issues

    will close https://github.com/radareorg/radare2/issues/414 ...

    command API RUtil waiting-for-author ready-to-merge 
    opened by gogo2464 50
  • Create script to apply style to diffs

    Create script to apply style to diffs

    I copied the clang-format-diff.py script from the clang project, as it provides a way to apply clang-format to diffs only. The license is University of Illinois Open Source. Is that ok?

    Moreover, this patch restores the tab size to 8 char.

    opened by ret2libc 49
  • Analysis isn't finished

    Analysis isn't finished

    Try to analyse library:

    $ r2 /usr/lib/firefox/libxul.so
     — All your base are belong to r2
    [0x009df2d0]> aaa
    [x] Analyze all flags starting with sym. and entry0 (aa)
    [x] Analyze len bytes of instructions for references (aar)
    [ ] Analyze function calls (aac)
    

    I were waiting about 14 hours... And analysis wasn't finished

    Env: r2 from git, Mint 17.3 x64, firefox from apt-get

    RAnal 
    opened by dukebarman 49
  • File write does not work in windows

    File write does not work in windows

    using packaged radare2 0.9.6 in win7

    radare2 myfile.exe works

    radare -w myfile.exe says:

    PRIV ENABLED
    CreateFile: Le processus ne peut pas accÚder au fichier car ce fichier est utilisÚ par un autre processus.
    
    CreateFile: Le processus ne peut pas accÚder au fichier car ce fichier est utilisÚ par un autre processus.
    
    CreateFile: Le processus ne peut pas accÚder au fichier car ce fichier est utilisÚ par un autre processus.
    
    CreateFile: Le processus ne peut pas accÚder au fichier car ce fichier est utilisÚ par un autre processus.
    
    PRIV ENABLED
     -- Sniff your favorite libusb-based application with LD_PRELOAD=/usr/lib/libusbsniff.so ./your-program
    [0x00000000]>
    

    The message is: the process cannot access the file because it is used by another process.

    using radare2 -w win32://file

    PRIV ENABLED
    PRIV ENABLED
     -- Set e bin.dwarf=true to load dwarf information at startup
    [0x00000000]>
    

    No messages, but it does not work either.

    I suspect that in https://github.com/radare/radare2/blob/master/libr/io/p/io_w32.c , around line 50 in function w32__open, FILE_SHARE_WRITE is probably not really working, nor useful, when opening in write mode. I cannot recompile easily right now, but would be happy to try an updated binary.

    blocker regression Windows 
    opened by f4grx 49
  • Refactoring RBinXtr API - work in progress, draft

    Refactoring RBinXtr API - work in progress, draft

    Hey,

    The current implementation of "struct RBinXtrData", has a Rbuffer* which contains the contents of the sub binary. The rest of the xtr plugin functions use this buffer for extraction and loading. As a fat binary could be huge in size and have a lot of sub-bins, the buffers could take up a lot of memory. I was thinking of nuking the buffer from RBinXtrData. And using sdb for caching the binaries instead of the heap.

    I am just trying out an idea I had. This isn't supposed to be the final PR. Comments welcome.

    Thanks -Aneesh

    RBin iOS fat bin 
    opened by lionaneesh 46
  • Fix node and edge overlapping issue in graph mode

    Fix node and edge overlapping issue in graph mode

    For a simple graph without any loop (backedges), it will not have any kind of node/edge overlapping to the best of my knowledge. Code is in its worst condition since I have not removed the part of the code that is not required anymore (need to review it before making it available for merge).

    TODO:

    • [x] fix overlapping issue for backedges in loop
    • [x] code cleaning

    If you test it out and find any issue, please let me know 😄

    EDIT:

    • This will overlap/merge more than one branch of same type (true/false/unconditional edge) that have same destination node - but this will happen mainly just above the destination node and not anywhere in between.
    • There might come a place where two different type of vertical edges overlap each other in a small part. Again this will only happen after/before edge crossing between two layers.
    opened by r-jenish 42
  • Cleanup in libr/anal/op.c ##analysis

    Cleanup in libr/anal/op.c ##analysis

    • [x] Mark this if you consider it ready to merge
    • [ ] I've added tests (optional)
    • [ ] I wrote some lines in the book (optional)

    • Make r_anal_optype_{to,from}_string use the same optypes array ##analysis
    • Balance spacings in braces ##indent
    • Use R_ARRAY_SIZE in r_anal_op_family_from_string
    • Use R_ANAL_OP_DIR* enum value instead of hardcoded values
    opened by jmaselbas 5
  • How radare2 handles packed samples?

    How radare2 handles packed samples?

    Description

    Dear All,

    Recently I did some comparative experiments on packed sample and unpacked sample.

    I use UPX to pack the sample, it is a compressed packing tool.

    Then, I used radare2 to reverse them and extract the opcode sequence, since I want to know how rich the opcode sequence can be extracted by radare2 when the sample is packed, and compare it with the unpacked sample.

    The results show that there are three cases:

    • Unpacked samples's opcode sequence are longer than packed samples's opcode sequence, which makes sense because packed samples should provide less opcodes then unpacked samples.
    • Packed samples's opcode sequence are longer than unpacked samples's opcode sequence, this confuses me, how packed samples provide more opcodes then the original samples, the only explanation I think is that the extra opcodes belong to UPX and not to the sample itself.
    • Packed samples's opcode sequence are as longer as unpacked samples's opcode sequence, fortunately, the opcode sequence is not exactly the same.

    So could you please explain how radare2 handles packed samples? Can radare2 extract the opcode from the compressed section? And how radare2 did it? This will let me know more about the process of radare2 reverse engineering, or there are other materials that can be used for my reference and study.

    I sincerely appreciate it.

    opened by jasonma1127 0
  • sys/static.sh duplicate symbol

    sys/static.sh duplicate symbol

    Environment

    macOS Monterey
    Version 12.6
    Mac mini(M1, 2020)
    Chip Apple M1
    
    and the same behavior on 
    
    MacOS Ventura
    13.0 (22A380)
    MacBook Pro X86_64
    
    git clone https://github.com/radareorg/radare2
    cd radare2
    git checkout 5.8.0
    make purge
    sys/static.sh
    

    At the end it produces this error

    ar q libr_main.a main.o ravc2.o rax2.o r2pm.o rasm2.o ragg2.o rarun2.o rabin2.o rasign2.o rafind2.o r2agent.o radiff2.o radare2.o rahash2.o
    ar: creating archive libr_main.a
    ranlib libr_main.a
    ld: warning: linking with (/usr/lib/libr_lang.dylib) but not using any symbols from it
    ld: warning: linking with (/usr/lib/libr_esil.dylib) but not using any symbols from it
    /Users/admin/Xcode.app/Contents/Developer/usr/bin/make libr.a
    Makefile:192: target `core' given more than once in the same rule.
    gcc -r -nostdlib -all_load -o libr.o anal/libr_anal.a arch/libr_arch.a asm/libr_asm.a bin/libr_bin.a bp/libr_bp.a config/libr_config.a cons/libr_cons.a core/libr_core.a crypto/libr_crypto.a debug/libr_debug.a egg/libr_egg.a esil/libr_esil.a flag/libr_flag.a fs/libr_fs.a hash/libr_hash.a io/libr_io.a lang/libr_lang.a magic/libr_magic.a main/libr_main.a parse/libr_parse.a reg/libr_reg.a search/libr_search.a socket/libr_socket.a syscall/libr_syscall.a util/libr_util.a ../shlr/libr_shlr.a
    duplicate symbol '_r_parse_filter' in:
        asm/libr_asm.a(filter.o)
        parse/libr_parse.a(filter.o)
    duplicate symbol '_tcc_sym_push' in:
        anal/libr_anal.a(cparse.o)
        parse/libr_parse.a(code.o)
    duplicate symbol '_vpush' in:
        anal/libr_anal.a(cparse.o)
        parse/libr_parse.a(code.o)
    duplicate symbol '_dump_type' in:
    
    opened by peroksid90 0
  • rasm2 - Disassembly works for m68k but not assembly

    rasm2 - Disassembly works for m68k but not assembly

    Environment

    Wed Dec 28 03:22:07 PM EST 2022
    radare2 5.8.1 29769 @ linux-x86-64 git.5.7.8-780-g99b72288bf
    commit: 99b72288bf01b736e69ea5271935ec8b1cc2d495 build: 2022-12-28__14:38:38
    Linux x86_64
    

    Description

    Can not assemble with the m68k plugin

    Test

    Hello, I have the Motorolla 68000 plugin installed as shown by rasm2

    The disassembly works fine but the assembler does not work.

     rasm2 -L
    _de 8           6502        LGPL3   6502/NES analysis plugin
    _de 32          amd29k      BSD     AMD 29k decoder
    a__ 16 32 64    any.as      LGPL3   Uses system gnu/clang 'as' assembler (by pancake)
    a__ 8 16 32 64  any.vasm    MIT     Use -a arm.vasm, 6502.vasm, 6809, c16x, jagrisc, m68k, pdp11, ppc, qnice, tr3200, vidcore, x86, z80 (by http://sun.hasenbraten.de/vasm/ (r2pm -ci vasm))
    a__ 16 32 64    arm         LGPL3   custom thumb, arm32 and arm64 assembler (by pancake)
    ade 4           i4004       LGPL3   i4004 decoder plugin (by pancake, condret)
    _de 16          jdh8        LGPL3   jdh-8 toy architecture
    _de 8 16 32 64  null        LGPL3   Fallback/Null archysis plugin
    ade 8           pickle      BSD     Python Pickle Machine Disassembler
    ade 32 64       riscv       GPL     RISC-V analysis plugin
    _de 32          rsp         LGPL3   RSP code analysis plugin
    _de 32          sh          LGPL3   SH-4 code analysis plugin
    _de 8 16        snes        LGPL3   SNES analysis plugin (by pancake)
    _de 32          v810        LGPL3   V810 code analysis plugin
    ade 32          v850        MIT     V850 code analysis plugin
    a__ 16 32 64    x86.nasm    LGPL3   X86 nasm assembler
    a__ 16 32 64    x86.nz      LGPL3   x86 handmade assembler (by pancake)
    _de 16          xap         LGPL3   XAP code analysis plugin (by pancake)
    
    rasm2 -d -a m68k '10 39 00 A1 00 01'
    move.b 0xa10001.l, d0
    
    rasm2 -a m68k 'move.b 0xa10001.l, d0'
    ERROR: Cannot assemble 'move.b 0xa10001.l, d0' at line 3
    
    rasm2 -a m68k -b 16 'move.b 0xa10001.l, d0'
    ERROR: Cannot assemble 'move.b 0xa10001.l, d0' at line 3
    
     rasm2 -a m68k -b 32 'move.b 0xa10001.l, d0'
    ERROR: Cannot assemble 'move.b 0xa10001.l, d0' at line 3
    

    x86 works fine:

    rasm2 -a x86 'push ebp'
    55
    
    rasm2 -a x86 'push esp'
    54
    

    The -w feature does seem to work:

     rasm2 -a m68k -w tst
    test operand
    

    Thank you, thank you, THANK YOU!

    opened by lavedon 1
  • install failed on mac os 13.0.1

    install failed on mac os 13.0.1

    Environment

    Macbook Pro 16, 2019
    MacOS: 13.0.1
    Darwin x86_64
    

    Description

    install failed, encountered the following error

    LD libr_util.dylib
    ld: warning: ignoring file /Users/bossp/hack/radare2/libr/../shlr/zip/librz.a, building for macOS-x86_64 but attempting to link with file built for macOS-x86_64
    Undefined symbols for architecture x86_64:
      "_inflate", referenced from:
          _r_inflatew in zip.o
         (maybe you meant: _r_inflate_lz4, _r_inflate_raw , _r_inflate )
      "_inflateEnd", referenced from:
          _r_inflatew in zip.o
      "_inflateInit2_", referenced from:
          _r_inflatew in zip.o
    ld: symbol(s) not found for architecture x86_64
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    make[2]: *** [libr_util.dylib] Error 1
    make[1]: *** [all] Error 2
    make: *** [all] Error 2
    

    Test

    doing radare2/sys/install.sh

    opened by paulhsu 2
Releases(5.8.0)
  • 5.8.0(Dec 22, 2022)

    Release Notes

    Version: 5.8.0 Previous: 5.7.8 Commits: 745 Contributors: 36

    Highlights

    More details

    Authors

    0x8ff Alex Bender Anton Kochkov Axel Iota DaKnig Dennis Goodlett Dennis Goodlett Ernest Deák (Tino) Francesco Tamagni HighW4y2H3ll Hors Lars Haukli Lazula Matthias MewtR Miles Liu Mohamed Lemine Ould El-Hadj Murphy Ole André Vadla Ravnås Paul B Mahol Peter Meerwald-Stadler Quentin Kaiser RHL120 Sylvain Pelissier Sylvain Pelissier TheAllSeeingOwl condret iTrooz_ meme pancake pancake rax2 rhl120 schrotthaufen schrotthaufen singurty

    Changes

    abi

    • RAnalOp.srcs,dsts are not pointers

    anal

    • Working apt and add apl to list function preludes
    • Rename axj to axlj, because axj is for jmp refs
    • Introduce anal.tailcall.delta and use flags for better metrics
    • Improve the tailcall detection logic
    • Improve warning that only seems to happen when anal.nopskip is set
    • Always show all the archinfo, even when not provided by the plug
    • Dont show analysis progress on non-interactive shells
    • Add esil.dfg.mapinfo and esil.dfg.maps config vars
    • Some more improvements to esil_dfg
    • Fix size returned from r_anal_op
    • Fix warning in aflj when parsing vargarg signatures
    • Add register computed const pointer support for esil dfg
    • Add memory computed const pointer support for esil dfg
    • Introduce R_ANAL_ESIL_DFG_TAG_{REG,MEM}
    • Use treebuf io plugin as memory access backed for esil_dfg
    • Fix pickle asm rejecting empty strings
    • Do not recurse noreturn inspection when !addr or -1
    • Generalize vector instruction types instead of following intel-specific
    • Add /au to search for unknown destination jmp/call
    • Add anal.noret and refactor anal.noret.refs
    • Fix #20827 - Show srcs/dsts in aoj
    • Fix aae argument parsing regression in and improve help
    • Add support for stack-computed const pointers in esil_dfg
    • Fix anal.a2f in aac
    • Increase default anal.depth from 64 to 128
    • Clarify which commands are used on each aaaa line
    • Fix anal.depth usage when analyzing one basic block
    • Loongarch analysis bug fixes (bl, race condition)
    • Implement aflxv and aflx? commands
    • Run /azq in aaaa
    • Fix long1,long4 pickle opcodes
    • Fix #20798 - Fix bx after add lr,pc,0 in arm32
    • Fix null pointer in aflxj
    • Implement aflxj
    • Add noreturn column in afll
    • Use RPVector in RAnalOp src/dst to support ldm/stm/simd
    • Fix pickle arch thinking 0 is 64 bit
    • Don't show the linearsize in the afl output
    • Add anal.vars.newstack - configurable improved stack-relative var

    analysis

    • Working apt and add apl to list function preludes
    • Rename axj to axlj, because axj is for jmp refs
    • Introduce anal.tailcall.delta and use flags for better metrics
    • Improve the tailcall detection logic
    • Improve warning that only seems to happen when anal.nopskip is set
    • Always show all the archinfo, even when not provided by the plug
    • Dont show analysis progress on non-interactive shells
    • Do not recurse noreturn inspection when !addr or -1
    • Generalize vector instruction types instead of following intel-specific
    • Add /au to search for unknown destination jmp/call
    • Add anal.noret and refactor anal.noret.refs
    • Fix #20827 - Show srcs/dsts in aoj
    • Fix aae argument parsing regression in and improve help
    • Fix anal.a2f in aac
    • Increase default anal.depth from 64 to 128
    • Clarify which commands are used on each aaaa line
    • Loongarch analysis bug fixes (bl, race condition)
    • Implement aflxv and aflx? commands
    • Run /azq in aaaa
    • Add noreturn column in afll
    • Add anal.vars.newstack - configurable improved stack-relative var

    api

    • Make RReg refcounted
    • Implement {ctz|clz}{32|64} RNum
    • Define RPluginMeta and RPluginStatus
    • Add new RCore.cmdCallf() helper function
    • Merge RParse into RAsm
    • Refactor RLang api to use the new design
    • Fix null deref on wrong api usage for RCore.cmdStr
    • Moving more logic between asm, arch, parse and anal
    • RAnalEsil -> REsil api refactor
    • Deprecate reil and sysarch defines
    • More refactorings and api redesigns in r_arch
    • Remove eprintf calls in favor of R_LOG
    • Implement RReg.clone()
    • Deprecate r_str_dup() - related to #20959
    • Rename RVector.len to RVector.length for consistency
    • Remove the unnecessary RThread.CpuAffinity()
    • Add portable NaN and INF defines for different float sizes
    • Deprecate r_cons_eprintf and use R_LOG instead
    • Rename RStr.home() to RFile.home() as part of the Plan
    • Rename r_mem_memzero to r_mem_zero
    • Prefer _tostring() instead of _to_string()
    • Improve r_ref implementation with debugging support
    • R_BIN_NM -> R_BIN_LANG
    • Implement thread-safe refcounting - but disabled by default
    • Deprecate the unused RFList
    • Implement r_str_ntrim() and speedup r_str_trim() with it
    • Initial implementation of RString (30% faster than RStrBuf)
    • Implement r_sys_getenv_asint
    • Add r_cons_is_initialized
    • Boolify r_core_yank_file_all() and fix shadow var bug
    • Add r_file_is_executable and r_file_extension apis
    • Fix UB bug when using r_vector random access
    • Change R_LOG_INFO to R_LOG_TODO where suitable
    • Merge rhash into rcrypto and improve apis
    • Fix memory leak in r_str_list_join()
    • Boolify and rename some methods and fields from RFS
    • Add .author field in all the RLang plugins
    • Add a public api for the yank-unset action
    • Constify the help

    arch

    • Add the arch.preludes() callback and new RSearchKeyword constructor
    • Move anal.v850 to arch
    • Fix counted string bug in pickle
    • Fix negative unsigned cast in the xtensa disassembler
    • Add RAnalOp.weakbytes() and move more analop apis to arch
    • Move anal.xap into the arch
    • Update tests and better arch.patch/modify callback
    • Move anal.{6502,snes} into arch
    • Kill RAsmOp, we can reuse RAnalOp in here
    • Improve pickle disasm on invalid instructions
    • Remove RAsmPlugin struct and add the 'aia' command to show archinfo
    • Move the remaining asm plugins into the arch
    • Minor plugin selection improvements
    • Move asm.nasm into the arch
    • Move asm.vasm into arch.any_vasm
    • Assemble large pickle instructions
    • Fix and move failing tests, reorder lib build
    • Move the arm assembler plugin from asm to arch
    • Temporary add RAnal as dependency for REgg
    • Improve x86.nz assembler parsing and other bugs in rnum
    • Initial implementation of the arch.any.as plugin
    • Better handle of RNum errors for egg and arch.x86.nz
    • Support reg+idx and idx+reg in x86.nz assembler
    • Move the x86.nz plugin
    • Fix asm.acur supporting arch, anal and asm plugins
      • Fix asm.acur supporting arch, anal and asm plugins
    • Move anal_riscv to arch_riscv
    • Fix rasm2 -LLL using the new multi-bits macros
    • Introduce RSysBits and its packing/checking macros
    • Implement archinfo() in RAnal.Plugin.tms320
    • Deprecate the unused RArchPlugin.esil field
    • Use PJ to return the list of mnemonics aoml in arm.v35
    • Move anal.rsp to the new home
    • Move anal.v810 into arch.v810
    • Move pickle from anal to arch and add it to meson
    • Remove anal.malbolge and fix CI r_esil issues
    • Move the 'sh' plugin to the new home
    • Honor plugin name in rate matching for RArch.use
    • Move jdh8 from asm/anal to arch
    • Unify RArchOp into RAnalOp using common include files
    • Fix RArchOp.refptr from bool to int
    • Bump cs5 to support FNOP on m68k
    • Wire-up RArch into RAnalOp
    • Fix arm64 plugin to work well with latest arm64 changes in capstone
    • Use the latest capstone5-next with updated aarch64 support
    • Copy anal_amd29k.c to rarch
    • Change arch plugin definition
    • Add some more arch config vars
    • Introduce arch.endian config var
    • Instantiate RArch in anal
    • Introduce RArchConfig->decoder
    • Add R_LIB_TYPE_ARCH and i4004 arch-plugin
    • First arch plugin (arch.null), implement basic lib api
    • Start moving EVM analysis from extras to core
    • First implementation of r_arch decoder api
    • Introduce the new r_arch library, just the skeleton
    • Add some r_arch api declarations
    • Initial commit on RArch structs

    asm

    • Deprecate more unused fields from RAsmPlugin
    • Fix the parse.z80.pseudo plugin and add a test
    • Remove the unused RAsm.binb
    • Internal cleanup of asm.c, deprecate the disassembly callback
    • Load cpu descriptions for multiarch plugins
    • Fix rasm2 x86.nz for "xchg eax,eax" and add tests

    bin

    • Fix JSON encoding of section addresses
    • Add test for cwd source listing, CLL and list
    • Add warning when loading DWARF5 files (not supported)
    • Add test for the obm with CL, support noncwd paths
    • Use obm when spotting a companion dwarf file on macOS
    • Implement RBinFile.merge() and obm command to use it
    • Initial implementation of the ob-- command to close the last binobj
    • Autoload the dwarf companion file on macOS systems if available
    • Use rabin2 -rO for raw dump operations
    • Use glob expressions to specify section name to dump
    • Fix #14540 - klass->super must be an RList instead of char*
    • Support for Xbox 360 PE32 architecture (PPC BE)
    • Fix wrong detection of main in elf-arm32
    • Fix rabin2 -gj and add tests
    • Add bin.types and disable by default for CI reasons
    • Support loading Plan 9 kernels
    • Use API instead of commands to autoload a pdb
    • Fix #21020 - fix json format for rabin2 -jM when no main is found
    • Expose section type for coff, elf and macho formats
    • Fix #18375 - Only patch arm64 relocs when not initialized
    • Add experimental bin.str.nofp config for less false positives
    • Parse the PT_DYNAMIC elf section for the preinit pointers
    • Fix validation check in xnu
    • Initialize macho header pf definitions
    • Speedup class bin loading with bin.filter=false
    • Implement 'ic.' command
    • Fix initial seek for Rosetta2 aot binaries
    • Silent noisy warning in dwarfprocess
    • Expose klass->super details for objc categories
    • Include fields in the ic output
    • Enable the swift metadata parser by default and import classinfo
    • Add lang field for classes, symbols and methods, expose it via ic
    • Warn about unpatched relocs when no bin.cache is set for macho fixups
    • Add support for 32bit Mach-O fixups
    • Expose the macho reloc fixups and use internal buffer for parsing
    • Fix obf and add tests for it
    • Fix Cd4[ invalid syntax used in macho _const section
    • Expose the id_dylib macho command info into the bin kv
    • Enlarge the c++ demangler stack limit to solve a warning
    • Implement Dwarf.register identifier mapping for v850
    • Infuse asm.cpu from the elf flags for v850 ELFs
    • Remove asm.features, improve RBinInfo with flags and abi details
    • Improve brainfuck detection to reduce false positives
    • Implement dwarf.regName() for arm64
    • Import the free pascal symbol demangler from rizin

    build

    • Double lowerdash defines should be defined only by the compiler
    • Fix and improve static build, faster libr.a with libtool if available
    • Improve libr.a creation with ar -rcT instead of ar -x
    • Speedup tcc builds by not using -g
    • Move esil one level up in libs.mk
    • Update sdb to remove double include paths
    • Fix compilation with -lcrypto
    • Do not use macos-latest (macos-11 is fine for LTS)
    • Update the capstone4 support to 4.0.2
    • Fix zig's @cInclude of r_th.h
    • Add crosscompiling support with sys/zig.sh
    • Do not install the v35 archives (-50MB) in make install
    • Fix capstone dynamic memory allocation setup issue
    • Support sys/debian.sh crossbuilds
    • Remove unused lc-printscan-long-double wasi flag
    • Check if CWD contain spaces in sys/install.sh
    • Add the acr --enable-threadsafety flag and the same for meson
    • Fix meson infinite loop
    • Disable libuv by default on meson and acr
    • Change build order as long as now bin depends on fs

    ci

    • Test r2 build with all sysdependencies enabled
    • Upgrade al-cheb/configure-pagefile-action to the v1.3
    • Run unit tests in parallel
    • Upgrade github actions/checkout from v2 to v3
    • Upgrade actions/upload-artifact from v2 to v3

    cmd

    • Fix bugs in aeg command parser

    config

    • Deprecate the use of comma in e: as stated in the r2580 prophecy
    • Deprecate graph.web eval config var
    • Remove the file.offset unused config variable

    cons

    • Fix static themes listing
    • Add support for statically compiled themes
    • Fix Ctrl+Arrow dietline shortcut for word cursor
    • Fix console history log path regression

    core

    • Enable cmd.undo by default
    • Rename many bin.str evars into bin.str.
    • Use XDG instead of R2_HOME_CACHEDIR and R2_HOME_HISTORY
    • Initial support for XDG env vars and paths
    • Fix RConfig.setB when the key doesnt exist
    • Deprecate scr.seek configuration variable
    • Initial implementation of R_LOG_TODO

    crash

    • Fix segfault in poa 1
    • Fix integer overflow in fuzzed dwarf rendering in graphs
    • Fix use-after-free after @@@e spotted by meme
    • Fix UAF in aaft when the BB is removed during the loop
    • Fix UAF on quit exposed by r2frida

    crypto

    • Initial abi breaking changes in RCrypto/RHash
    • Fix rahash2 -L listing full hash
    • Initial work on the way RCrypto handles plugins
    • Separate SM4 algorithm from plugin
    • Implement the SIP hash algorithm

    debug

    • Bring back the 'dms' command
    • Fixed incorrect thread arena output
    • IO uses PID to read from child, tid is just for regs
    • Fix r2 -d foo\bar.exe and r2 -d bar.exe on windows
    • Make RDebug.regRead() and regWrite() return bool

    decompiler

    • Improve the outpuf of pdc by trimming the addresses of inline nops and colorize numbers
    • Add colorization support to pdc output

    disasm

    • Implement asm.bytes.align to justify them to the right
    • Fix char auto-comment in cmp instructions
    • Improve pseudodisasm for arm64
    • Improve arm.pseudo when no function information is available
    • Fix mips.pseudo shortpath when function is null
    • Fix x86.pseudo shortpath when function is null
    • Fix NULL function xrefs in pd
    • Implement asm.flags.right option
    • Add dummy parse.evm plugin to fix portability of test
    • Add a dummy bpf pseudo plugin
    • Add RParse.justify() to easily fix commas and spaces
    • Better spacing in arm.pseudo parse plugin

    esil

    • Initial support for threads in esil
    • Fix #21052 - wrong emulation for pop rsp
    • Move anal.esil into the new esil
    • Add aegb command as an alias for 'aeg pieq $Fi'
    • Add aegn command to combine N esil instructions into one dfg
    • Use a function instead for the spaguetti code in all cmp esil opcodes -30LOC

    globals

    • Remove one global variable in RCore.cmdEval()
    • Remove two globals from RCons.cpipe
    • Remove the 3 globals in anal.xtensa
    • Remove 3 globals from anal.tricore
    • Remove the 3 globals from anal.vax
    • Remove 3 globals from anal.nios2
    • Remove 3 globals from anal.arc
    • Remove 3 globals from anal.sparc.gnu
    • Remove 3 globals from anal.sh
    • Remove 3 globals from anal.alpha
    • Remove 3 globals from anal.lanai.gnu
    • Remove 3 more globals from anal.pdp11
    • Remove 3 globals from anal.hppa
    • Remove 3 globals from anal.m68k.gnu
    • Remove the 3 globals in anal.ppc.gnu
    • Remove 3 globals from anal.cris
    • Remove 4 globals from anal.mips.gnu
    • Deglob 4 vars in the arm.gnu disassembler
    • Remove 3 globals in s390.gnu
    • Remove 10 more globals from analysis and capstone
    • Remove 3 globals in ccarg analysis
    • Remove all global variables from RCrypto
    • Move colortable global into the RConsContext
    • Remove global from utf8
    • Remove the last global variable in libmagic
    • Remove in_log_process global
    • Remove global in bin.obj.reloc_patch
    • Remove global variable in esil loop

    graph

    • Initial work in graph.bubble for custom bg color in nodes
    • Honor graph.layout in aegv too, instead of harcoding horizontal one
    • Deprecate aegi and aggi, those were dupes for aegv and aggv
    • Fix null deref in agg and avoid destructive manners of 'V ,'

    help

    • Make the anal.depth warning more useful

    indent

    • Balance spacings in braces

    io

    • Initial implementation of the generic io-stream api
    • Fix UAF in streaming io plugins when used with io.va=1
    • Remove invocation of v layer cache in r_io_desc_read
    • Start rewriting io_cache.c
    • Kill r_io_read_at_mapped
    • Initial import of the serial plugin
    • Kill io->buffer
    • Remove unused fcn declarations
    • omfg runs omm if no map is set
    • New o++ command to create and open a new file
    • Add "reset" system command to treebuf io plugin
    • Minor bugfix in treebuf io plugin
    • Add treebuf io plugin
    • Fix free-before-use on r_io_reopen of a rbuf:// fd/desc
    • Handle reloc maps properly in r_io_map_remap and r_io_map_resize
    • Fix reloc map memleak
    • Add rio reloc maps
    • [5.8.0] Disable the default io.basemap

    json

    • Fix tj ttj tfj outputs
    • Fix invalid json in tj command
    • Fix #20772 - ihj rendering an invalid json because of pfj

    lang

    • Make r2 -j work as a hashbang handler for qjs
    • Enable BigNum in qjs
    • Use r2papi 0.0.4 with base64 and R2Api is now known as R2Papi
    • Add requirejs, simplify compilation and add js_ prefix to all the c files
    • Add typescript support
    • Minor improvements for js: with r2.call() and r2.cmdj
    • Enable Bignum support to the QJS interpreter
    • Import the alpha r2papi 0.0.2 api for qjs
    • Integrate the qjs repl into the js: command
    • Initial import of the interactive QJS repl
    • Import the quickjs rlang plugin
    • Implement py command and add stdin slurp support for js- too
    • Add 'js' and 'js:' commands, as well as improve help for #!?
    • Fix null deref in rlang
    • Add "lua" as an alias for "#!lua"

    leaks

    • Fix leaks in pdc
    • Fix more memory leaks in rbin and ranal for arm64
    • Patch more leaks in the analysis and rbin
    • Some safe memleaks related to analysis and registers refcounting
    • Fix memory leak in dietline

    lint

    • Enable the leading spaces linter rule and fix them all
    • Use more tabs and add a (disabled for now) linter for it

    logs

    • Redirect RLog messages into the Corelog
    • Add base64 support to the T and T* commands

    panels

    • Add ve command to set fg/bg colors for current panel

    print

    • New RPrint.spinBar() API used from scr.demo for now
    • Fix pcc trifids confussion issue
    • New command CLL (aka list) show function source using addrline (dwarf) info
    • Fix #21080 - Add cfg.codevar to change the buffer varname from pc
    • ASN.1 and x509: correct OCTET_STRING and Public key info parsing
    • Add ASN1 Algorithm Identifiers for Edwards curves
    • Fix #20993 - Correct ASN.1 BIT_STRING parsing
    • Implement pcn command to print bytes as space separated numbers
    • Add support for the swatch dot-beat internet time
    • Workaround for "too large buffer" in formats
    • px* is an alias for pc*
    • Implement pFoj command
    • Implement pFaj for asn1 json decoding
    • Initial refactoring/cleanup of ASN1 parser api
    • Add pFxj command to print x509 certificates in JSON format
    • Add pFpj command to print PKCS7 files as JSON
    • Fix issue in 'pdc' that was showing empty orphan nodes
    • Implement new 'pcq' command, like pc, but inline-include-friendly
    • Implement the new pieb command as an alias for pie $Fi
    • Fix read buffer overflow in pxq -272
    • Implement pFbJ command with quiet and verbose json formats
    • Implemen pFbj for json printing of protobuf
    • Set hex.hdroff=true by default
    • Implement pFAj to render android xml in JSON (abi break)
    • Implement TSV output format for RTable

    projects

    • Fix some problems when renaming projects
    • Fix some bugs in projects
    • Quote commit message to avoid git error when saving project
    • @radare Do changes in Px->Pc, Pc->PS* as planned

    r2pipe

    • Check magic header before assuming an interpreted file is executable

    r2pm

    • Fix assert in Str.Trim() when r2 is not installed
    • Add support for tarball and zip packages
    • Honor EDITOR in r2pm -e
    • Remove all the references to the old r2pm.sh
    • Implement R2PM_FAIL and mark it as deprecation for r2-5.9.x
    • Implement r2pm -cp like it was in r2pm.sh
    • Fix clean installations with r2pm -c
    • Expose R2PM_SUDO and list R2PM_PREFIX in -H
    • Handle -HH in r2pm for verbose env listing and remove unused R2PM_GITSKIP
    • Fixes pull/install/uninstall on windows
    • r2pm -Ui can be combined now and fix extras package building
    • Honor R2PM_DBDIR env var
    • Honor -f in r2pm -U to force clean the r2pm db
    • Support XDG on r2pm and expose the PKG_CONFIG_PATH
    • Expose R2_LIBEXT for r2pm packages
    • Update r2pm manpage and add -q and -a flags
    • Show package source with r2pm -d
    • Implement r2pm -H to make more packages build
    • Fixes parsing the GIT URL on some packages
    • Test the new default native r2pm fix flushing and using RLOG
    • Make R2PM_NATIVE the default and provide R2PM_LEGACY

    r2r

    • Fix rvector assert when indexing empty ones

    refactor

    • Move the RParse.cparse into RAnal.cparse
    • Stop aeg from abusing agg
    • Rename R_ANAL_ESIL_DFG_BLOCK_ to R_ANAL_ESIL_DFG_TAG_
    • Rename EsilDFGRegVar to EsilDFGVar and introduce EsilDFGVarType
    • Avoid using RArchConfig->big_endian
    • Add addr_bits to RArchPlugins and make info and decode cbs cfg aware
    • Add archcond api to rarch, some small cleanup in anal
    • Make bitness, endianess and esil-support fields of RArchPlugin again
    • Copy value.c and op.c from anal to arch
    • Copy switch.c from anal to arch
    • Add some more typedefs and enums to r_arch
    • Rename r_arch_set_ to r_arch_config_set_
    • Rename R_ASM_SYNTAX to R_ARCH_SYNTAX
    • Simplify x86_cs BSR and BSF esil
    • Use r_strbuf_replacef in anal_mips_gnu esil generation
    • Use r_strbuf_replacef in anal_mips_cs esil generation

    rvc

    • Initial refactoring of the version control api
    • Move rvc from core to util
    • Fix rvc.commit when non-interactive with a default message

    scan

    • Fix crash in the swift metadata parser spotted by coverity

    search

    • Fix JSON encoding of unsigned search values
    • Fix /au after aeim
    • Fix /w and /wi, add tests, minor code cleanup
    • Add r_anal_optype_index to make /atl and /at use full listings of optypes
    • Support space separated instruction types and family in /at and /af
    • Improve json output for /asj and /atj
    • Fix calling /re twice after ^C
    • /az uses anal.in instead of search.in to improve scan results
    • Make /az faster after aeim, skipping unrelated regions
    • Fix last char bug in swift strings found with /az
    • Add x86-64 support to /az
    • Add flags under the asm.str flag prefix when doing /az
    • Honor bin.minsz in /az is no argument is provided
    • Implement /azq to search for assembly strings and add tests
    • Implement the new /az command to find assembly constructed strings
    • Superseed #20447 - remove some magic globals

    shell

    • Fix ?vi:123 and ?v:123 commands
    • Print whatever is taken from io_system to rcons
    • Fix runtime warning after leaving an rlang session
    • Add "" command to run RCore.cmdCall()
    • Fix #21136 - o <tab> autocompletion not working
    • Show help when using invalid subcommand of afi
    • Implement abo and afbo commands to list opcode offsets in function or bb
    • Implement o-. command, add help for future o-$
    • Expose RCore.cmdCall() and fix b64: command + add tests
    • Show number conversion error messages in ?v command
    • Fixes for the line editor using live save/load with new RFile apis
    • Implement oe command to open a file using cfg.editor
    • Add quiet and table listing for lang plugins
    • Implement Ll, Llq and #!?q commands for better rlang listing
    • Fix r2 /directory behaviour
    • Support $r:REGNAME syntax and document it
    • Implement cmd.usr1 and cmd.usr2 to handle signals on unix
    • Add #!qjs and #!tiny for autocompletion
    • Fix behaviour of -a and -b flags (no arg= show current, append? for help)
    • Rename the drm command to drv for consistency
    • Add -s -i -f r2 commands
    • Implement -a, -b, -c and -e commands in r2
    • Add tabhelp exception for pf.
    • Add r2 -LL to list core plugins
    • Improve help message for f subcommands
    • Take into account static themes when listing
    • Add ot command as an alias for touch
    • Implement the ji: command as an alternative to ~{} without cons filtering
    • Also handle (j) and (*), more syntax-consistent and add a test
    • Implement (j for json output of macro commands
    • Initial implementation of ?ie
    • Add missing help for the '?i?' command
    • Use RCoreHelp for /ca?
    • Fix #20760 - Implement native gron via ~{=}
    • Remove RPrintRowlog and use R_LOG isntead
    • Allow changing number of saved input lines
    • Implement log.source and log.origin
    • Add the new ucu and ucd commands using the new core-undo apis
    • Rename asm.{off} variables to asm.offset

    syntax

    • Move the preincrement and void arg from tests to lint.sh

    threads

    • Initial ref-counted RRegItems, needed for threadsafety
    • Move the readahead logic to a local variable
    • Guard more critical sections in cons and core
    • Analysis now waits in background for the bin parsing to finish
    • Add some RThreadLocks and start to use the critical sections

    thready

    • Dont call RCore.seek() and read a new buffer in disasm

    tools

    • rax2: corrects base64 encoding for null bytes
    • Fix r2 -2
    • Fix broken tests for long number conversion
    • Fix base64 null byte decoding bug in rax2
    • Implement rasm2 -LLL to list arch plugins
    • Add Ls to list assemblers, and LA to list analysis plugins
    • Bring back the r2 -t for parsing bin and analysing in background
    • rarun2 supports multiple preload directives

    util

    • Fix the XML parser
    • shlr/yxml -> libr/util/rxml - fork the abandoned yxml parser and expose it
    • Add RStr.ansiStrip() and RStr.insert()
    • Improve internal RBuffer API checks
    • Add log error when pj depth limit reached
    • Add R_SYS_BITS_12
    • Introduce R_SYS_BITS_4
    • Add :header and :noheader in RTable
    • Fix crash in r_vector_shrink
    • Minor COV fix in r_str_char_count
    • Fix return type of r_str_char_count
    • Add new RStr.replaceAll() api
    • Use R_PRINTF_CHECK for r_strbuf_replacef
    • Add r_strbuf_replace{f}

    vc

    • Initial rvc refactoring and cleanup of the api
    • Move rvc apis into callbacks
    • Make ravc2 accessible via blob and r2 shell

    visual

    • Use RAnalOp instead of RAsmOp in r_core_visual_bit_editor
    • Fix issue with cursor disappearing towards the bottom of the screen
    • Don't draw two cursors when too many bytes are on disasm panels
    • Make j/k movement in panels' cursor mode more consistent with it's visual counterpart
    • Don't skip byte when moving left/right in cursor mode (disassembly panel)
    • Fix pdc glitching in panels
    • Handle arrow keys in VT
    • Handle JK0 keys in VT
    • Honor cmd.vprompt and scr.notch in VT
    • RStr.wrap() supports ansi and use it in VT
    • Implement Tv command and use it from VT
    • Fix the cache and other bugs in panels
    • Override scr.maxpage in panels to avoid undesired prompts

    wasm

    • Upgrade to the latest wasi16 sdk

    Source code(tar.gz)
    Source code(zip)
    r2ios-sdk-5.8.0.zip(103.39 MB)
    radare2-5.8.0-android-aarch64.tar.gz(22.85 MB)
    radare2-5.8.0-android-arm.tar.gz(22.95 MB)
    radare2-5.8.0-static.tar.xz(135.70 MB)
    radare2-5.8.0-w32.zip(9.63 MB)
    radare2-5.8.0-w32.zip.old.zip(9.41 MB)
    radare2-5.8.0-w64.zip(10.32 MB)
    radare2-5.8.0-w64.zip.old.zip(10.02 MB)
    radare2-5.8.0-wasi.zip(55.72 MB)
    radare2-arm32_5.8.0_iphoneos-arm.deb(48.06 MB)
    radare2-dev_5.8.0_amd64.deb(191.20 KB)
    radare2-dev_5.8.0_i386.deb(191.21 KB)
    radare2-m1-5.8.0.pkg(9.25 MB)
    radare2-x64-5.8.0.pkg(9.44 MB)
    radare2_5.8.0_amd64.deb(6.72 MB)
    radare2_5.8.0_i386.deb(7.12 MB)
    radare2_5.8.0_iphoneos-arm.deb(48.62 MB)
  • 5.7.8(Sep 13, 2022)

    Release Notes

    Version: 5.7.8 Previous: 5.7.6 Commits: 307 Contributors: 17

    Highlights

    More details

    Authors

    Axel Iota Ben L Denis Ovsienko Dennis Goodlett Dennis Goodlett Francesco Tamagni Nikhil Saxena Paul B Mahol Richard Patel Seunghwan Chun Sylvain Pelissier adwait1-g condret erfur pancake pancake rax64

    Changes

    anal

    • Define =SN for the sparc register profile and improve warning message
    • Include bb instruction addresses in an array for abj
    • Fix more tests to run outside x86-64
    • Implement aflx and aflx* commands to re-analyze function callers
    • Implement aflm. and aflm? to print the makefile-style function call summary
    • Fix bug in esil_cfg
    • Implement r_anal_esil_dfg_reg_is_const
    • Fix quotes in pickle assembly
    • Improve aab results by using section size
    • Refactor esil new in cmd_anal
    • Refactor ar set command to static func
    • Fix '/gg' output
    • Fix duplicate aarch64 syscalls
    • Fix leak in 'aex' command.
    • Fix compilation warning
    • Silence compilation warning in show_reg_args()
    • Fix leak in r_core_esil_step()
    • Check list allocation return value
    • Fix leak of RAnalBlock in false return code path
    • Check that vector length is not 0
    • Fix leak of list when using asj command
    • Fix leaks caused by not calling r_anal_op_fini()
    • Add pickle descriptions

    analysis

    • Define =SN for the sparc register profile and improve warning message
    • Include bb instruction addresses in an array for abj
    • Implement aflx and aflx* commands to re-analyze function callers
    • Fix duplicate aarch64 syscalls

    arch

    • Support assembler plugin resolution by aproximated name
    • Rename asm.arm_cs to asm.arm
    • Merge asm.sparc_gnu into anal.sparc_gnu
    • Lowercase all pickle instructions
    • Upgrade to the latest capstone-next for ppc purposes

    asm

    • Fix integer overflow in match_c_lui()

    bin

    • Fix boundary check in mach0 fixups reconstruction
    • Fix two oobreads in coresymbolication and dyldcache
    • Update coresymbolication cache parser
    • Add table's :help and ignore commas in i subcommand parsing
    • Fix incorrect relocs=false in macho
    • Fix regressions affecting dyldcache parsing
    • Fix #20624 - Implement ic, command to query klass information
    • Fix oba $$ in frida://0 global
    • Add support for REL file format plugin
    • Support powerpc coffs
    • Handle RABIN2_MACHO_SKIPFIXUPS env var in the macho parser
    • Add wasm globals to symbols
    • Fix leak in bin_sections

    build

    • if != ifdef on msvc
    • Add lint for C++ include support

    ci

    • Fix #20655 - Zip the blob for windows

    config

    • Fix prj.alwasyprompt description text

    cons

    • Fix a couple of coverities in canvas and dietline
    • Fix 'num' display with gentoo theme on 256 term
    • Add to all themes 'ecd' at start
    • Remove duplicate entry for basic theme
    • Fix background color for dark theme
    • Simplify ansi color mapping
    • Fix several bugs when interacting in VE mode
    • Fix leak in nextpal()
    • Fix leaks in VE mode
    • Fix leak of memory returned by r_str_ansi_crop()

    core

    • Fix leaks when calling r_flag_all_list()
    • Fix leak in error path of r_core_anal_search_xrefs()
    • Fix leak of pointer left behind

    crash

    • Fix stack exhaustion bug in the c++ gnu demangler
    • Fix oobread in protobuf parser
    • Fix oobread in r_str_is_printable_limited
    • Fix UB bug in afi command causing random segfaults
    • Harden swift demangler
    • Harden msvc demangler
    • Fill null deref check in the x509 parser
    • Fix two more bugs in pdb found by libfuzzer
    • Some safe fixes in rbin
    • More r_run_parseline fixes
    • Fix #9782 - r_run_parseline OOB read
    • Fix oob write in dyldcache
    • Fix null deref on non-capstone builds

    crypto

    • Add SM4 block cipher

    debug

    • Add new 'drp*' 'arp*' commands to flag the reg arena
    • Fix build for 32bit iOS debugger
    • Fix process detach in the xnu debugger
    • Fix arm64 register access in xnu debugger
    • Initial blind support for io.self for serenity

    diff

    • Implement radiff2 -B to specify base address
    • Emit json when radiff2 is run with -Cj

    disasm

    • Fix #20202 - pd-55 showing invalid instructions

    esil

    • Fix tests and emulation for x86_cs BSR and BSF instructions
    • Add warning for esil op $$ deprecation
    • Tag dfg nodes that are vars with constant values properly in esil_dfg.c

    fs

    • Implement mdd, mdq and ms's ls -l
    • Add initial fs.zip plugin, listing only for now

    fuzz

    • Fix another crash in the protobuf parser
    • Fix too much time spent loading corrupted dyldcaches
    • Fix negative allocation in the dex parser
    • Fix infinite loop in dyldcache parser
    • Fix large allocation bug in wasm parser
    • Fuzz pdb
    • Fuzz protobuf
    • Fuzz pkcs7, punycode, x509
    • libFuzzer demangler target
    • libFuzzer bin target
    • add libFuzzer integration, r_run_parseline test

    globals

    • Remove two global variables in the anal.ppc.cs plugin
    • Remove global in cons.rgb
    • Remove globals in bin.sms
    • Remove globals in flirt and apply some extra cleanups

    graph

    • Implement new toyish visualization command agt
    • Implement aggb command, like agfb but for agn/age
    • Add cmd.bbgraph to use a different command to render the basic blocks
    • Remove hack fixing a bug that is now gone for agn

    io

    • Initial implementation of the reg:// io plugin
    • Fix #20616 - Fix analysis when using io.cache
    • Implement wcu command to undo cached writes
    • Initial implementation of the xattr io plugin
    • Fix leaks on error path in r_io_zip_open_many()

    lint

    • Enable linting for trailing tabs

    panels

    • Fix #20651 - Decompiler panel was disapearing after clicking

    print

    • Implement pxu{1,2,4,8} like pxd but unsigned
    • Fix w6e and w6d, Add w6x, p6[e|d][s|z] + tests
    • Fix #20540 - pc should use an unsigned char buffer
    • Implement p8x and p8* similar to y*

    refactor

    • Add linting to spot misuses of r_strbuf_appendf and fix them all
    • Minor optimization of generated esil expressions
    • Remove some unused macros in anal_riscv_cs
    • Remove occurences of $$ in riscv esil
    • Remove occurences of $$ in mips_gnu esil
    • Remove occurences of $$ in bf and mips_cs esil
    • Move the asm.m68k.gnu into the anal
    • move asm.arm_windebg to anal.arm_wd
    • Remove occurences of $$ in v810/v850 esil
    • Minor optimization of generated esil in anal_arm_cs.c
    • Minor optimization of esil generation in anal_arm_cs.c
    • Avoid =[*] in arm_cs esil
    • Remove occurences of $$ in arm_cs esil
    • Move lanai from asm to anal
    • Move the hppa plugin from asm to anal
    • Use more R_LOG in cmd.open
    • Merge asm.arm.gnu into anal.arm.gnu
    • Move asm.ppc.cs into anal.ppc.cs
    • Merge asm_arm_cs disassembler into anal_arm_cs

    search

    • Add help message for /at?
    • /at accepts a comma separated list of optypes
    • Enable emulation in /as, it's fast enough and results are better
    • Test and benchmark --with-sysmagic in the CI

    shell

    • Add open command as a wrapper for the system launcher
    • Fix #20387 - woa 1 confusing error message
    • Honor autocompletion in the of command
    • Use RCoreHelp for j? and uc? to fix a lint
    • Add |E |D |J pipe aliases for base64 command execution and encoding
    • Support interpreting executable binaries with r2 -i or '.'
    • Don't print eol chars for now to fix an r2pipe issue
    • Make command repeat behave as expected with the foreach operator
    • Improve the yank command and help
    • Honor : table modifiers in om,
    • omt->om, and make omr print map size with no args
    • Implement s** for proper seek history parseable output
    • Implement ics command to list address of class methods
    • Protect ms shell with scr.interactive
    • Fix null deref crash in RTable and improve C,
    • Implement 'e,' for table format, old e, is now e:
    • Use RCore.help instead of eprintf in more commands under aa
    • Implement y- command and some other indentation fixes
    • Use : instead of =! in all the io plugin help messages
    • Fix autocompletion for :. for r2frida

    tests

    • Fix total amount count of tests in r2r output
    • Add test index progress in default output
    • Support REQUIRE in r2r tests
    • Add a few tests for cBPF conditional jumps.

    tools

    • Remove all global variables in rahash2
    • Implement native r2pm pkg registry, buffer r2pm -s
    • Enable r2pm-native when calling it from r2
    • Use R_LOG in libr.main and fix RLogLevelMatch
    • Allow rasm2 -f to open files with r_io files
    • Fix ragg2 -C for pe64
    • Fix memory leak on error path of rabin_do_operation()
    • Fix leaks of allocated memory for duplicate plugins
    • Check return value of r_list_new()
    • Improve pid directive in rarun2, better info reporting

    types

    • Fix #16492 - Handle - suffix in te and ts, add tests

    util

    • Tests for the "standard" splist() implementation
    • Minor bugfix in strbuf.c
    • Add some more asn1 oids from apple
    • Check for RGraph in r_graph_free()
    • Fix several issues in r_syscmd_join()
    • Fix leak of char* in r_table_visual_list()
    • Fix leak in some yanking cases
    • Fix possible leak of list after each loop iteration
    • Move eprintf message to debug log
    • Check if RList* is available before calling r_list_get_n()
    • Fix leak in r_log_vmessage()

    visual

    • Add 'pxu' mode to
    • Improve visual text editor navigation ('j' moves to next line)
    • Fix #20602 - Insert and cursor glitching in hex panel
    • Implement interactive text editor mode in VPi command
    • Fix insert nibbles in visual hex editor
    • Use p8x and remove pcj from visual list

    windows

    • Implement r_cons_is_tty for w32

    write

    • Warn when bypassing the word bounds of numeric arguments in wo
    • New syntax for wox to differentiate hex and numbers
    • Implement wa+ command to assemble + seek

    Source code(tar.gz)
    Source code(zip)
    r2ios-sdk-5.7.8.zip(155.72 MB)
    radare2-5.7.8-android-aarch64.tar.gz(24.79 MB)
    radare2-5.7.8-android-arm.tar.gz(25.15 MB)
    radare2-5.7.8-static.tar.xz(116.86 MB)
    radare2-5.7.8-w32.zip(8.78 MB)
    radare2-5.7.8-w64.zip(9.29 MB)
    radare2-5.7.8-wasi.zip(52.65 MB)
    radare2-5.7.9-w64.zip(9.70 MB)
    radare2-arm32_5.7.8_iphoneos-arm.deb(42.91 MB)
    radare2-dev_5.7.8_amd64.deb(184.16 KB)
    radare2-dev_5.7.8_i386.deb(184.20 KB)
    radare2-m1-5.7.8.pkg(11.51 MB)
    radare2-x64-5.7.8.pkg(11.45 MB)
    radare2_5.7.8_amd64.deb(6.34 MB)
    radare2_5.7.8_i386.deb(6.74 MB)
    radare2_5.7.8_iphoneos-arm.deb(43.18 MB)
  • 5.7.6(Aug 1, 2022)

    Release Notes

    Version: 5.7.6 Previous: 5.7.4 Commits: 167 Contributors: 19

    Highlights

    More details

    Authors

    Adwaith V Gautham Alessandro Carminati Axel Iota ChoobieDesu Denis Ovsienko Dennis Goodlett Ilya Trukhanov Lazula Maurizio Papini Paul B Mahol RHL120 Richard Patel Sergi Àlvarez i Capilla Seunghwan Chun condret mrmacete pancake pancake pluswave

    Changes

    anal

    • Add mnemonic API to pickle arch
    • Add last opcodes to pickle assembler
    • Add python pickle machine (pypm) dissassembler
    • In cBPF jt and jf are unsigned, fix the code
    • Handle arm64's BTI instruction as a nop
      • Revert "ARM disassembler: don't compute [pc, reg] memory location
    • ARM disassembler: don't compute [pc, reg] memory location
    • Updated syscalls for aarch64 to linux 5.19.0-rc1
    • Update syscall table for linux-x64 from kernel 5.19-rc1
    • Fix leak in wasm opcode disassembly
      • Fix leak in wasm opcode disassembly

    analysis

    • Handle arm64's BTI instruction as a nop
      • Revert "ARM disassembler: don't compute [pc, reg] memory location
    • ARM disassembler: don't compute [pc, reg] memory location

    analysis"

      • Revert "ARM disassembler: don't compute [pc, reg] memory location

    arch

    • Fix riscv left shift bugs and implement archinfo
    • Revert "Update capstone which improves the PPC support
    • Update capstone which improves the PPC support
    • Add pickle assembler

    arch"

    • Revert "Update capstone which improves the PPC support

    asm

    • Fix for riscv

    bin

    • Fix returning imports table
    • Fix use-after-free in the macho swizzler
    • Add RABIN2_MACHO_NOFUNCSTARTS option for testing purposes
    • Expose dbgInfo.LineNum on macho files
    • Fix macho swizzle bug by cloning the plugin struct
    • Early check to avoid null deref on files with missing buffer
    • Workaround for the fatbin slice selection regression
    • Refactor wasm custom name parsing

    build

    • GIT_TAP=$R2_VERSION if no .git is found
    • Initial work towards onifying r_util

    ci

    • Build r2 with muon+samu
    • Publish m1 packages automatically on release time
    • Add line count history helper scripts

    cons

    • Speed up rendering by caching context pointer
    • Fix picking colors for 256 colors terminals
    • Fix display issues with pss visual mode

    core

    • Add cmd.undo and handles it for w and CC commands

    crash

    • Fix double free when shrinking vectors
    • Fix oobread in iOS arm64 kernel parsing
    • Fix FPE crash in p2 visual mode
    • Fix buffer overrun in pd reported by durandal_1707
    • Fix crash when calling strcmp on NULL
    • Fix heap oobread in the macho parser
    • Fix asan heap oobread in the tms320 disassembler

    disasm

    • Dont show asm.describe on strings

    doc

    • Increase maximum recommended line length

    esil

    • Fix x86 - ROL RCL ROR RCR with memory locations

    fs

    • Fix last covs and support mount in ms
    • Refactor the RFS.Shell and add the getall command
    • Add fs.cwd to define default path in ms

    globals

    • Remove time_t now global variable for magic

    io

    • Update the embedded libzip under shlr/zip
    • Tiny optimization in RBuffer -0.01s speedup

    lint

    • Fix a new linting to remove the double error message in RLOG calls

    magic

    • Add RSA/DSA key magic

    panels

    • Add Assembler entry in Tools/

    print

    • Fix color changing for same block and prc=f
    • Fix p=F output
    • Allow to change entropy bars width with '[]' keys
    • Fix p=e output

    projects

    • Fix two more projects tests with the new onnu

    r2pm

    • Fix r2pm.sh path resolution issue

    refactor

    • Refactor a few eprintf to R_LOG_ERROR
    • Merge asm.riscv into anal.riscv
    • Remove unused daylight logic in magic/mdump
    • Remove optyp global variable for magic
    • Ignore asm->immdisp
    • Merge arc from asm into anal and build it with meson
    • Merge v850.np into v850
    • Use arch/bits info from anal if asm is not available in r_core_bin_update_arch_bits
    • Merge asm_x86_cs into anal_x86_cs
    • Merge asm.mips(cs,gnu) into anal.mips
    • Merge asm.tms320 into anal.tms320

    search

    • Fix /rx
    • mbr magic is not good for deltified matches
    • Remove noisy mail.news magic file
    • Fix /as on arm64-linux and add missing tests to cover it
    • Improve little and big endian LZMA header magic matching

    shell

    • Add the infamous command tac
    • Implement ~$!! as a tac replacement and clarify the ~$! use
    • Handle the s# command as in 's #'
    • Partial #19887 - Refactor c[248], add and test c[248]*

    tests

    • Fix ARC tests and improve r2r.asm output

    tools

    • Fix #20439 - rafind2 -V search for values like in /v
    • Fix #16209 - ragg2 on macOS
    • Use of RNum.calc in rax2 to honor error code
    • Honor opasm in rasm2 -LL output

    util

    • Be more strict when parsing numbers
    • The RThread.start(true) had racy deadlocks, re-enable the bg http server
    • Use R_LIKELY and r_return in the skiplist api
    • Optimized implementation of rand for skiplist

    view

    • Fix r_cons_printf call in calculator
    • Add FPU/XMM/YMM panel displays

    visual

    • Fix recently introduced stack buffer overflow
    • Make PageUp/Down keys less laggy
    • Allow seek to previous result item when it is at 0 offset

    Source code(tar.gz)
    Source code(zip)
    r2blob-5.7.6-w64.zip(20.79 MB)
    r2ios-sdk-5.7.6.zip(155.32 MB)
    radare2-5.7.6-android-aarch64.tar.gz(27.45 MB)
    radare2-5.7.6-android-arm.tar.gz(28.14 MB)
    radare2-5.7.6-freebsd.tgz(25.00 MB)
    radare2-5.7.6-static.tar.xz(117.31 MB)
    radare2-5.7.6-w32.zip(9.67 MB)
    radare2-5.7.6-w64.zip(10.19 MB)
    radare2-5.7.6-wasi.zip(52.55 MB)
    radare2-arm32_5.7.6_iphoneos-arm.deb(42.80 MB)
    radare2-dev_5.7.6_amd64.deb(183.84 KB)
    radare2-dev_5.7.6_i386.deb(183.92 KB)
    radare2-m1-5.7.6.pkg(12.42 MB)
    radare2-x64-5.7.6.pkg(12.36 MB)
    radare2_5.7.6_amd64.deb(7.05 MB)
    radare2_5.7.6_i386.deb(7.45 MB)
    radare2_5.7.6_iphoneos-arm.deb(43.06 MB)
  • 5.7.4(Jul 6, 2022)

    Release Notes

    Version: 5.7.4 Previous: 5.7.2 Commits: 79 Contributors: 11

    Highlights

    More details

    Authors

    Alex Bender Baldanos Dennis Goodlett Richard Patel Richard Patel Sergi Àlvarez i Capilla condret gitcolt pancake pancake tbodt

    Changes

    anal

    • Honor syntax cfg in cs anal plugins
    • SPARC ignores cfg.bigendian because all instruction fetches are BE
    • Add big endian support for arm prelude search

    arch

    • Re-enable the bpf.mr assembler

    asm

    • Remove all instances of "ptr " in x86 cs assembly output
    • Move the lm32 plugin into the anal

    bin

    • Fix o-- issue on macho-arm64
    • Don't hash files when loading, that's too heavy! 1.2s -> 0.8s
    • Fix wasm function offset lookup
    • Split wasm imports by types

    ci

    • Ignore odr-violations by default when running asanified r2r

    cleanup

    • Lint for x""

    cons

    • Add r_sys_signable() and use it from r_cons_thready

    core

    • Fix loading xtr bins without arch dedicated asm plugin loaded

    doc

    • Correct help msg fro ph command

    fs

    • Fix mountpoint listing in the rfs shell

    io

    • Add omu command to create a unique map
    • Miniscule optimization of io vread and mapping operations

    lint

    • Add R_MUSTUSE hint
    • Add a linting to avoid R_LOG calls ending with a dot
    • Use r_str_startswith() in libr/io/p instead of strncmp

    print

    • Fix (null) printing on pi command

    projects

    • Fix #20405 - Multiple fixes and improvements in projects

    refactor

    • More eprintf -> RLOG here and there
    • Merge asm.java into anal.java
    • Move asm.sh disassembler into the anal.sh
    • Add another source linting to avoid newlines in RCore.cmd()
    • Minor simplification of meson build files
    • Merge asm_rsp into anal_rsp
    • Merge asm_propeller into anal_propeller
    • Merge asm_m680x_cs into anal_m680x_cs
    • Merge asm gb into anal
    • Merge the asm.mcs96 plugin into anal
    • Merge asm.cris into anal.cris
    • Use more R_LOG instead of eprintfs and add more linting checks
    • Add sys/lint.sh and run it in the CI
    • Merge asm.8051 into anal.8051
    • Merge asm.sparc into anal.sparc
    • Merge asm.alpha into anal.alpha

    shell

    • Fix #16395 - Add open file command to the ms shell

    tests

    • Remove the -r and -m flags from r2r

    tools

    • Down with capitalism - lowercase all capitalized strings in r*2 -h
    • Add RABIN2_VERBOSE env var to set bin.verbose=true in rabin2
    • rabin2 -qqqqqq doesnt swap between simple and simplest now

    web

    • Few http webserver improvements

    Source code(tar.gz)
    Source code(zip)
    r2blob-5.7.4-w64.zip(20.77 MB)
    r2ios-sdk-5.7.4.zip(155.70 MB)
    radare2-5.7.4-android-aarch64.tar.gz(27.65 MB)
    radare2-5.7.4-android-arm.tar.gz(28.32 MB)
    radare2-5.7.4-freebsd.tgz(25.21 MB)
    radare2-5.7.4-static.tar.xz(117.10 MB)
    radare2-5.7.4-w32.zip(9.70 MB)
    radare2-5.7.4-w64.zip(10.22 MB)
    radare2-5.7.4-wasi.zip(52.81 MB)
    radare2-5.7.4.pkg(12.39 MB)
    radare2-arm32_5.7.4_iphoneos-arm.deb(42.82 MB)
    radare2-dev_5.7.4_amd64.deb(184.23 KB)
    radare2-dev_5.7.4_i386.deb(184.08 KB)
    radare2-m1-5.7.4.pkg(12.46 MB)
    radare2_5.7.4_amd64.deb(7.04 MB)
    radare2_5.7.4_i386.deb(7.43 MB)
    radare2_5.7.4_iphoneos-arm.deb(43.09 MB)
  • 5.7.2(Jun 22, 2022)

    Release Notes

    Twitter thread: https://twitter.com/radareorg/status/1539561234453987328?s=21&t=RMA5QEUIJoG6tdVvPCc-Cg

    Version: 5.7.2 Previous: 5.7.0 Commits: 192 Contributors: 26

    Highlights

    More details

    Authors

    Aleksey Kislitsa Apkunpacker Ben Demick Denis Ovsienko Dennis Goodlett Dennis Goodlett GiulioL GiulioLyons HighW4y2H3ll Lazula RHL120 Richard Patel Richard Patel Sergi Àlvarez i Capilla aemmitt aemmitt-ns colt condret lazymio meme pancake pancake pipothebit rax2 rax64 ypsvlq

    Changes

    anal

    • Add op->cycles for M68K move
    • Set data alignment of m68k CPUs
    • Use r10 as SP and as an sp alias on arm64
    • Fix archinfo for BPF
    • Add icg str argument for filtering classes to graph
    • Add z vector registers for ARM64 in the register profile
    • Add R_REG_TYPE_VEC
    • Remove dead code
    • Add esil support for VMOVDQU in anal_x86_cs.c
    • Fix ARM ujmp op type with rjmp & mjmp
    • Fix #20215 - Handle op->direction in XOR x86 instructions
    • Reduce LOC of i4004 assembler (only use gperf for 1 byte instructions)
    • Move i4004 asm to anal

    analysis

    • Set data alignment of m68k CPUs
    • Use r10 as SP and as an sp alias on arm64
    • Fix archinfo for BPF
    • Add icg str argument for filtering classes to graph
    • Fix ARM ujmp op type with rjmp & mjmp

    arch

    • Fix reg profile, add archinfo and opinfo for bpf.cs
    • Initial import of the asm.bpf plugin from extras
    • Add initial anal.bpf.cs plugin + disasm tests

    asm

    • Support tbz,tbnz,rev16,rev32 instructions in the arm64 assembler
    • Support cset and sxt(b,h,w) instructions in the arm64 assembler
    • Support mnemonic list for all Capstone-based plugins
    • Support ccmn and csel instructions in the arm64 assembler
    • Support more arm64 instructions

    bin

    • Fix #17174 - Add the flagname and real symbol name details in the output of icj
    • Better handling of invalid/corrupted wasm files
    • Use RPVector for wasm imports
    • Use RPVector for wasm data section
    • Refactor wasm start section parsing
    • Move RBinWasmObj-code to RPVector
    • Wasm use rpvector on elements
    • WASM use RBinWasmObj in vector parsing
    • Update wasm tests for exports
    • Fix wasm iE duplicates
    • Rename wasm subection index member to sec_i
    • Change wasm subsections into RPVectors
      • Use RPVector for wasm tables entries
      • Use RPVector for wasm memmories entries
      • Use RPVector for wasm global entries
    • Refactor wasm and add function section parsing
      • Remove unsed buf_read_new from wasm parser
      • Refactor wasm vector sub-section parsing
      • Add wasm function sub-section parsering
    • Fix ELF default arch of x86
    • Avoid false positives when loading s390 modules
    • Refactor wasm function types
    • Wasm allow partial custom name parsing
    • Wasm iE improvment

    build

    • Windows builds include debug information by default
    • Add macos-m1 GHCI builds
    • Update v35arm64 to fix build on riscv
    • Massage MAKE_JOBS for sys/debian.sh too
    • Remove the r2p symlink on Make purge

    cons

    • Fix/clarify the use of cons.vtmode/line.vtmode/vmode
    • Reduce stack in RLine.histLoad() and early return on windows to fix a crash

    core

    • Fix fortune file detection
    • Make the gnu disassemblers thread safe

    crash

    • Fix oobread in RTable exposed via an ELF reproducer
    • Fix #20336 - wasm bin parser
    • Fix oobread in wv
    • Fix #20248 - DoubleFree in RCons.pop() triggered via RCore.cmdStr()
    • Fix infinite loop in gdbserver =g
    • Fix several bugs in the RStack API

    disasm

    • Fix negative on unsigned value in v850.pseudo
    • Update to the latest capstone to fix a bug for BPF
    • Fix #17961 - missing flags in asm.reloff=1 + scr.color=0

    doc

    • Rename doc/crosscompile to doc/cross-compile.md
    • Add ABI stability explanation

    esil

    • Fix SHRD instruction ESIL
    • Add ESIL to the anal.bpf.cs plugin

    io

    • Fix bug in io_ihex
    • Optimize io.open() by skipping plugin iteration if no uri found
    • Add stdin:// uri handler in the io.malloc plugin

    parse

    • Make existing types available to r_parse_c_string

    print

    • Fix #20310 - Handle help suffix on more pd subcommands
    • Convert pf d specifier to hex dword

    r2pipe

    • Fix: pthread_create: Resource temporarily unavailable

    r2pm

    • Handle R2PM_UNINSTALL on Windows
    • Fix environment message for the package manager
    • Improvements in the native r2pm, being able to install samu and muon

    refactor

    • Merge asm.avr into anal.avr
    • Merge asm.xap into anal.xap
    • Merge asm.i8080 into anal.i8080 and add a test
    • Merge asm.xcore_cs into anal.xcore_cs
    • Merge asm.amd29k into anal.amd29k
    • Merge asm.h8300 into anal.h8300
    • Merge asm.lh5801 into anal.lh5801
    • Merge asm.cr16 into anal.cr16
    • Merge asm.v850 into anal.v850 and add a test
    • Merge asm.malbolge into anal.malbolge
    • Merge asm.v810 into anal.v810
    • Merge asm.pdp11 into anal.pdp11
    • Merge asm.6502 into anal.6502
    • Remove more R_TH_LOCAL in TCC
    • Remove excess zeroing in anal_bpf.c
    • Merge asm.riscv.cs into anal.risc.cs
    • Move asm.pyc to anal.pyc
    • Merge asm.nios2 into anal.nios2

    search

    • Honor cfg.bigendian in /v subcommands

    shell

    • Fixes for the R2_FORTUENS system and home paths
    • Fix history file path construction
    • Fix error message in e- when resetting in debugger
    • Remove newline in date and pt. output
    • Expose R2_HISTORY in r2 -hh and r2 -H to locate history file

    tests

    • Add Capstone aoml cases
    • Generate r2r.json for profiling the testsuite
    • Sort lines in r2r -h
    • Use absolute path for r2r -o

    tools

    • Fix disalignment glitch in rasm2 -L and rasm2 -LL

    util

    • Compile-time optimization for r_str_startswith()

    visual

    • Fix arrows in visual prompt on windows cmd V:

    windows

    • Autoset vtmode=1 or 2 depending on shell or visual
    • Detect cmd.exe as vtmode=2
    • vmode fixes visual shift issue in cmd.exe
    • Support building windbg plugin under mingw

    Source code(tar.gz)
    Source code(zip)
    r2blob-5.7.2-w64.zip(20.67 MB)
    r2ios-sdk-5.7.2.zip(156.00 MB)
    radare2-5.7.2-android-aarch64.tar.gz(27.98 MB)
    radare2-5.7.2-android-arm.tar.gz(28.63 MB)
    radare2-5.7.2-freebsd.tgz(25.39 MB)
    radare2-5.7.2-static.tar.xz(117.01 MB)
    radare2-5.7.2-w32.zip(9.69 MB)
    radare2-5.7.2-w64.zip(10.19 MB)
    radare2-5.7.2-wasi.zip(52.80 MB)
    radare2-5.7.2.pkg(12.45 MB)
    radare2-arm32_5.7.2_iphoneos-arm.deb(42.88 MB)
    radare2-dev_5.7.2_amd64.deb(184.10 KB)
    radare2-dev_5.7.2_i386.deb(183.56 KB)
    radare2-m1-5.7.2.pkg(12.50 MB)
    radare2_5.7.2_amd64.deb(7.07 MB)
    radare2_5.7.2_i386.deb(7.48 MB)
    radare2_5.7.2_iphoneos-arm.deb(43.16 MB)
  • 5.7.0(May 31, 2022)

    Release Notes

    Version: 5.7.0 Previous: 5.6.8 Commits: 355 Contributors: 26

    Highlights

    More details

    Authors

    Aleksey Kislitsa Alex Bender Anton Kochkov Antoni Viciano Dennis Goodlett Dennis Goodlett Elaine Gibson GustavoLCR Jose Antonio Romero Lazula Mario Haustein Mathieu Dolmen Ole André Vadla Ravnås RHL120 Sergi Àlvarez i Capilla Sylvain Pelissier Wadim Mueller condret freddy gogo2464 kakamaika pancake pancake rax2 rhl120 ypsvlq

    Changes

    anal

    • Initial support for op.family on the v850.np plugin
    • Add missing =BP for v850
    • Fix crash when doing aac in frida://0 which calls 's $S'
    • aav output is now cleaner and less verbose
    • Implement native r0 relative references in v850
    • Fix oobread bugs in the v850.np plugin
    • Add missing status registers on v850.np
    • Fix missing calling convention when using asm.arch=*.XXX
    • Optimize thumb code analysis (4x faster)
    • Fix leak in r_anal_get_gperf_cc
    • Honor anal.timeout and better ^C handling in aaaa
    • Add missing op types to r_anal_optype_to_string
    • Remove RAnalPlugin.jmpmid and use ANAL_ARCHINFO_ALIGN instead
    • Add r_anal_is_aligned
    • Move VAX disassembler to anal
    • Fix invalid basic blocks on switch/jmptbl on arm64
    • Use @@@F instead of @@f in aaa - fix deadlock in iaito
    • Update to the latest v35arm64
    • Use RArchConfig in RReg, Add RReg.hasbits() apis
    • Improve boundary oobread checks for anal.8051
    • Honor anal.calls in aap
    • Kill anal.endsize
    • Introduce RAnalPlugin.jmpmid and replace some is_x86
    • Fix infinite loop when anal.vars on huge empty basic blocks
    • Fix a couple of infinite loops in aav
    • Do the whitespace thing that pancake wanted me to do
    • Add missing Motorola cpu models for m68k.gnu and m68k.cs
    • Honor asm.syntax=att in v850.np and handle more op.type
    • Better s390 instruction details
    • Remove asm.bf, and move its .opasm to the anal.bf
    • Add the RAnal.mnemonics() callback in RAnalBind for the arm.v35
    • Remove the asm.arm.v35 and move (and fix) the mnemonics cb
    • asm.cpu listing fixes for anal plugins
    • Remove duplicated register definitions for AVR
    • Move asm.xtensa into anal. fix dupplicated symbols linkage bug
    • Fix null derefs in anal.avr plugin and improve defaults
    • Fix #19990 - Fix aoml for non-x86 targets and add tests
    • Fix #7094 - Add direction information in xrefs
    • Add =SN and =R0 to 8051
    • Add RAnal.use in RAnalBind to use it from RAsm

    analysis

    • Implement native r0 relative references in v850
    • Optimize thumb code analysis (4x faster)
    • Fix #19990 - Fix aoml for non-x86 targets and add tests
    • Fix #7094 - Add direction information in xrefs
    • Add =SN and =R0 to 8051
    • Add RAnal.use in RAnalBind to use it from RAsm

    api/abi

    • Rename REgg.Cfile to REgg.cfile
    • Rename corebind fields to coreb, for consistency with analb, iob
    • Use RArchConfig in RPrint
    • Expose RAnal.opDirection.toString as a public method
    • Make CRBTree.foreach() C++ friendly
    • RStr.isTrue/isFalse accept NULL argument now
    • Use RLog in RCons
    • Introduce r_arch.h. Use RArchConfig in RAnal and improve RRef api

    arch

    • Support '$' in regprofile offset column
    • Move tricore from asm to anal

    asm

    • Move the asm.ppc.gnu into the anal
    • Remove the v850.gnu plugin
    • Move the asm.pic into anal.pic
    • Support cls, clz for 32 and 64 bit registers in the arm64 assembler
    • Move asm.snes into anal.snes
    • Fix assembling with the arm.v35 plugin
    • Move 8051 test into db/tools/rasm2 and fix null deref in asm
    • Support 'msub, madd, mneg, ngc, sbc, asr, ror, cls, clz, rev, rbit, rbit16, rbit32, umulh' in the arm64 assembler
    • Initial implementation of shared RAsmConfig
    • A little better asm directive parsing
    • 8051: handle any mov case for reassembling

    assembler

    • Support assemble for mul, udiv, sdiv, lsl, lsr, mvn, tst arm64 instructions
    • Fix endian issue in binary input for rasm2 and add tests
    • Support assemble for add, and, eor arm64 instructions

    bin

    • Better handling of Wasm Names
    • Fix large loading times in macho parser for binsz=-1
    • Fix off-by-one bound check in wasm format
    • Simplify functions in wasm format
    • Fix leak in wasm custom names
    • Better formating wasm custom name
    • Fix parsing LE and COFF on big endian host
    • Fix pyc parsing on big endian machines
    • Fix leak in wasm sections
    • Add bin.maxsymlen to make this symbol name length limit configurable
    • Do not accept symbol names in mach0s larger than 2KB
    • Fix wasm section parsing
    • Remove global from elf parser
    • Fix another race condition in the macho parser
    • Remove another static global in the sections cache of objc
    • Move the local-global cache into the macho object
    • Fix allocation peak in macho property parser
    • Expose CLR metadata in ih output instead of messy eprintfs
    • Add bin.xtr.xalz plugin using the new loadbuf field
    • Remove the bin.xalz plugin as its meant to be io or bin.xtr
    • Fix null derefs on partially initialized xtr bin plugins
    • Fix main detection in x64 elf, after updating condret's machine
    • Use the new RBinInfo.charset in bin.s390
    • Add headers, sections, symbols and entrypoints to the bin.s390 plugin
    • Initial import of the bin.s390 plugin
    • Permit RBin plugins to expose a default charset
    • Select 'arm' fatmacho slice on -a arm.v35
    • Fix #6647 - check map bounds in the pebble bin loader
    • RBinFile size must be ut64, not signed int to open > 2GB files

    build

    • Use meson's gittap command on make
    • Fix #13196 - Honor SHARED in configure-plugins
    • windows_heap is included in cmd_debug
    • Fix meson build with use_sys_openssl
    • Leftover for --disable-threads causing runtime problems
    • Use longer names in enum to avoid conflicts with the SerenityOS toolchain
    • Deshadow some variables, in progress for the full -Wshadow cleanup
    • Make capstone include directories consistent
    • Add xtensa for the meson (requested for Windows)
    • Honor capstone commit in ci
    • Fix for --without-pull not working in install.sh

    cons

    • Add scr.maxpage to remove the CONS_MAX_USER constant
    • Fix r_cons_get_cur_line() on windows
    • Add ec bgprompt for a colorful shell and visual prompts
    • Fix glitch in scr.html when scr.color=1

    core

    • Introduce R_LIKELY macros and update sdb
    • Fix RCons recursive buffer fill causing iaito memory usage problems
    • Initial import of the RThreadChannel API with the ::x command
    • Deprecate anal.cpu, just use asm.cpu
    • Improve RLog API and usage, document R2_LOG_ vars in r2 -hh

    crash

    • Fix integer overflow in string search causing oobread
    • Fix crash in vtable analysis on UB
    • Fix 4 byte oobread in msp430 disassembler
    • Fix null deref in macho parser
    • Fix oobread in java parser
    • Fix oobread crash in java parser
    • Revert "Prefer memleak over usaf in io.bank's rbtree bug
    • Revert "Properly fix the UAF in r_io_bank_map_add_top
    • Fix oobread and null deref in symbols file parser
    • Revert "Prefer memleak over usaf in io.bank's rbtree bug
    • Revert "Properly fix the UAF in r_io_bank_map_add_top

    debug

    • Cleanup dbg.trace config vars and better error messages
    • Software breakpoints fail on m1, lets just enable hwbp by default
    • Add d: to run the cmd callback of the debug plugins
    • Fix #19966 - Reset seek in r_debug_execute() to real PC

    disasm

    • Fix disp[ep] regression for v850.np
    • Handle comments from analop.ptr, not only for call ops
    • Add a parse plugin for tweaking references to r0
    • asm.sub.names requires a flagname of strlen > 4
    • Honor asm.syntax=att in asm.arch=s390

    doc

    • Add ubuntu22, kali, haiku and voidlinux as repology badges
    • Update ae?? esil keywords help message
    • Update README and add doc/devdebug.md

    emu

    • Fix st.b and stsr esil for v850
    • In the V8xx families the R0 is a WTG register
    • Make ESIL TODO messages go thru R_LOG_DEBUG instead

    emulation

    • Fix st.b and stsr esil for v850
    • In the V8xx families the R0 is a WTG register

    esil

    • Fix invalid shifts on esil emulation
    • Initial implementation of the v850 prepare/dispose
    • Deprecate ESIL's $r and S2D keywords
    • Tiny fixes for the v850.np esil

    fs

    • Implement my command and fix help messages for m subcommands

    hash

    • Fix argument ... with mismatched bound [-Warray-parameter=] warnings

    io

    • Fix potential bug in r_io_nread_at
    • Fix the io.rbuf plugin (broken since 2017)
    • Add the io.xalz plugin
    • Honor io.cache in r_io_is_valid_offset()
    • Fix some TODOs in libr/io/io_bank.c
    • Revert "Fix use-after-free in iobank rbtree usage
    • Fix map boundary adjustment in r_io_map_add and r_io_map_add_bottom

    io"

    • Revert "Fix use-after-free in iobank rbtree usage

    json

    • Initial support for JSON help messages
    • pdrj: change JSON output, group instructions by basic blocks

    lang

    • Find python3, python2 and python in PATH on #!python

    print

    • Implement ax, to list xrefs using RTable
    • Improve ascii art output of pfb
    • Initial implementation of pfb, binary formatting
    • Use wx+ instead of wx;s+16 in pc* command

    projects

    • Create a struct for rvc state
    • Fix ax\x00 glitch causing projects to be noisy
    • Pc without argument uses prj.name if defined
    • Save and restore the register values
    • Add P* and P! to dump script and run shell in project dir
    • What's bool stays bool, makes eval changes more consistent
    • Fix serializing macros (* using ; instead of ,
    • Fix #20040 - invalid char bug in afl* when function names contain ';'
    • Dont save dir. variables in project scripts
    • Make P command follow the r2 philosophy for consistency
    • P+ is now an alias for Ps for consistency with P-
    • Dirty anal on user comments

    r2pipe

    • Fix #19606 - Dont route the RCore.cmdstr() when there's a redirection >

    refactor

    • Move mcore into anal
    • Move asm.s390* into anal.s390* and fix aod when not using asm plugins

    refactoring

    • Move mcore into anal

    search

    • Implement search.in=flag

    shell

    • Implement gLj and Lgj for listing egg plugins in JSON
    • Implement Llj and #!?j for rlang plugin listing
    • Implement Lpj for #19982
    • Implement Lmj and mLj to list r_fs plugins loaded
    • Implement Lij, Ltj and Lhj (via the new phj)
    • Implement LDj command to list decompilers installed in json
    • Fix bug when loading an r2 script with '.'
    • Don't ignore invalid subcommands of i
    • Add help for V?
    • Implement and document iz* and izz*
    • Add help messages for ms mp mL mo commands
    • Handle pd1 and pi1 (imm without space)
    • Handle ? in all the dc subcommands
    • Add JSON output for r2 -V
    • Rename anal.cpp.abi to anal.cxxabi, and add options for dbg.malloc
    • Handle Loj and Lij as alias for iLj and oLj
    • Add R2_COLOR env var for r2 when setting up scr.color
    • Fix help message for the ?= command
    • Better error handling in pushd/popd
    • Fix #19830 - implement pushd/popd commands
    • Implement 'mktemp' syscmd command
    • Add missing help for ++, -- and r2pm
    • Implement .. as an alias for s..
    • Fix #19973 - Add - and + commands as alias for s- and s+
    • Initial import of the WIP sh interpreter
    • Implement proper dyslexic subcommands for La/aL
    • Use more RLog, and add log.origin
    • Show proper error when no function found in afv

    tests

    • Dont let r2r -o overwrite files
    • Add test for 'q' return code bug and minor cleanup r2r
    • Support gmake in the testsuite (BSD runs)
    • Add 8051 disassemble/reassemble checks

    tools

    • Improve binary input handling in rasm2 with 0b and Bx
    • Fix #20030 - Add binary input support for rasm2
    • Check for hexpair keyword before adding a null in rafind2

    types

    • Typedef facility under t for pf support
    • Proper use of the SDB api in anal/type.c
    • Fix C types parser on unknown archs

    util

    • Add R_LOG_DISABLE hint for extra debugging
    • Fix bug and optimize deletion in new rbtree api

    visual

    • Improve ec bgprompt in V: shell
    • Fix #20049 - '.' in stack panel seeks to SP or BP if unset

    webui

    • Better material webui disasm defaults
    • Fix scr.color=3 glitches in the html filter
    • Fix /index missing icon and update project commands used
    • Remove broken and outdated graph webui
    • Update the www/m webui with latest versions of all the frameworks

    write

    • wb -> wX, wb = write big endian bits in byte

    Source code(tar.gz)
    Source code(zip)
    r2blob-5.7.0-w64.zip(15.69 MB)
    r2ios-sdk-5.7.0.zip(155.71 MB)
    radare2-5.7.0-android-aarch64.tar.gz(28.28 MB)
    radare2-5.7.0-android-arm.tar.gz(28.89 MB)
    radare2-5.7.0-android-x86_64.tar.gz(60.28 MB)
    radare2-5.7.0-freebsd.tgz(25.68 MB)
    radare2-5.7.0-static.tar.xz(117.72 MB)
    radare2-5.7.0-w32.zip(9.66 MB)
    radare2-5.7.0-w64.zip(10.16 MB)
    radare2-5.7.0-wasi.zip(52.80 MB)
    radare2-5.7.0.pkg(12.47 MB)
    radare2-arm32_5.7.0_iphoneos-arm.deb(42.80 MB)
    radare2-dev_5.7.0_amd64.deb(182.95 KB)
    radare2-dev_5.7.0_i386.deb(182.96 KB)
    radare2_5.7.0_amd64.deb(7.11 MB)
    radare2_5.7.0_i386.deb(7.03 MB)
    radare2_5.7.0_iphoneos-arm.deb(43.08 MB)
  • 5.6.8(Apr 18, 2022)

    Release Notes

    Version: 5.6.8 Previous: 5.6.6 Commits: 137 Contributors: 15

    Highlights

    More details

    Authors

    Apkunpacker Dennis Goodlett Fernando Domínguez Francesco Tamagni Lazula RHL120 SeanH Sergi Àlvarez i Capilla condret junchao-loongson max-lv mdolmen n01e0 pancake pancake

    Changes

    analysis

    • Fix comma separated args in r_anal_function_format_sig
    • Skip more types of call instructions on linear emulation
    • Add missing 'direction' field in the output of aoj
    • ar command using ->anal, otherwise for non-debug builds that fails
    • Allow abt to handle addresses in the middle of basic blocks
    • Handle addresses in the middle of basic blocks in abf
    • Implement 'abf' command to list incoming bbs
    • Run 'aap' before 'aae' on arm64 binaries in 'aaa'

    bin

    • Hide some dyldcache parsing error messages and improve string filtering
    • Fix infinite loop in strings and better use of is_breaked()
    • Handle ^C when loading dyldcache binaries
    • Show friendly warning when loading without R_DYLDCACHE_FILTER
    • Fix two more oobread bugs in the dyldcache plugin
    • Fix oobread crash in the rebasing method of dyldcache
    • Fix negative allocation attempt in izz that will surely fail
    • Fix mach0 class 64bit address sorting bug
    • Show 'missing X info' error in rabin2 -H
    • Warn the user when no header fields are found
    • Fix rebasing Mach-O DYLD_CHAINED_PTR_64
    • Add support for parsing swift metadata from macho binaries
    • Assume all machos are made by clang
    • Honor baddr=0 in RBin, as it's done for RIO
    • Fix oobread in symbols header parsing

    build

    • Add missing loongarch for the meson
    • Add support for Visual Studio 2022 (community+enterprise)

    ci

    • Disable offline builds
    • Ignore asan memory leaks when running the tests
    • Run the tests for non-debugger builds

    crash

    • Fix null deref in code meta commands
    • Fix oobread bug in NE parser
    • Fix null deref in ne parser
    • Fix #19940 - infinite loop in x/i on invalid instructions
    • Fix oobread and unaligned casts in the NE entrypoint logic
    • Fix random segfault happening with wrong null preconditions in iobank
    • Fix UAF in aaef
    • Fix oobread in NE parser
    • Fix null deref in the ne parser
    • Fix oobread in dyldcache
    • Fix another oobread in the NE parser
    • Fix another oobread segfault in the NE bin parser
    • Fix oobread segfaults in the NE bin parser
    • Fix oobread in the macho parser
    • Fix 1 byte oobread in the cris analysis plugin

    crypto

    • Fix undefined behaviour bugs in serpent crypto algorithm

    debugger

    • Apple Silicon can hwstep

    disasm

    • Fix #19876 - Smarter local variable and argument sorting
    • Show args before vars in afv summary also in pd

    egg

    • Initial WIP implementation of the ESIL backend for ragg2

    emulation

    • Fix aeim on --without-debugger builds

    esil

    • Fix 'aeb' emulating the right instructions
    • Fix PPC ESIL of addis instruction
    • Honor esil.maxsteps in more commands and stop earlier when no =PC
    • Add esil.maxsteps to avoid infinite emulation loops

    json

    • Fix aeabj output which returned different information than aeab
    • Instruct drrj to not emit ansi escapes to not damage

    print

    • Fix pief printing N bytes instead of N instructions
    • Add psa command to print any kind of string
    • Support relative pointer resolution in pxr
    • Implement pfP for relative pointer format memory formatting
    • Add pfW for signed short format

    projects

    • Add an error return to r_core_project_cat

    r2pm

    • Increase commit log from 3 to 10 in

    search

    • Initial implementation of the aavr command

    security

    • Add sandbox checks for the debugger io plugins

    shell

    • Fix infinite loop in -1 command
    • Improve wz help and error handling
    • Run r2pm from core internally
    • Fixes for the Trim.args() for ?e
    • Handle ^C in fg and improve ^C in pd
    • Lowercase all the help messages for consistency (2)
    • Honor escaping semicolons in macro definitions
    • Lowercase all the help messages for consistency
    • Use standard help api for aeim too
    • Add the cmp command to compare two (alias) files
    • Implement 'curl' command
    • Implement @c: temporal seek operator
    • Add r_core_return_code() and use it
    • Fix glob matching in several cases
    • Use strstr instead of rstr.glob for now in @@
    • Fix seek history for the 's..' partial seeks

    signatures

    • Update byte signature flag name
    • Fix autoloading of

    tools

    • Add rahash2 -J for simplified single object name=hash output
    • Allow rahash2 -a to be passed multiple times

    types

    • Fix #16335 - tp not handling blocksize properly

    util

    • Add tests for the code tokenizer and fix <<= assignments

    visual

    • Visual color theme editor available from panels

    zign

    • Fix bug in z/, that creates misplaced functions

    Source code(tar.gz)
    Source code(zip)
    r2blob-5.6.8-w64.zip(15.43 MB)
    r2ios-sdk-5.6.8.zip(155.40 MB)
    radare2-5.6.8-android-aarch64.tar.gz(29.24 MB)
    radare2-5.6.8-android-arm.tar.gz(29.94 MB)
    radare2-5.6.8-android-x86_64.tar.gz(59.16 MB)
    radare2-5.6.8-freebsd.tgz(28.59 MB)
    radare2-5.6.8-static.tar.xz(116.35 MB)
    radare2-5.6.8-w32.zip(9.46 MB)
    radare2-5.6.8-w64.zip(9.97 MB)
    radare2-5.6.8-wasi.zip(52.53 MB)
    radare2-5.6.8.pkg(12.55 MB)
    radare2-arm32_5.6.8_iphoneos-arm.deb(42.35 MB)
    radare2-dev_5.6.8_amd64.deb(182.71 KB)
    radare2-dev_5.6.8_i386.deb(182.76 KB)
    radare2_5.6.8_amd64.deb(7.20 MB)
    radare2_5.6.8_i386.deb(7.17 MB)
    radare2_5.6.8_iphoneos-arm.deb(42.63 MB)
    WIP-radare2-5.6.9-mingw64.zip(27.23 MB)
  • 5.6.6(Mar 22, 2022)

    Release Notes

    Version: 5.6.6 Previous: 5.6.4 Commits: 130 Contributors: 10

    Highlights

    More details

    Authors

    Dennis Goodlett Dennis Goodlett Jules Maselbas Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aandersonl aemmitt-ns pancake pancake

    Changes

    anal

    • Remove the hexagon from anal
    • Save sp,bp,src,dst in heap outside the loop
    • Add afiq for quiet functino info and refactor the anal/abi.inc
    • Add help for 'pie?', add pieq and add ninstr in afi[j]
    • Sanitize function names for prototypes
    • Unify asm.z80 into anal.z80
    • Restrict local vars and args in a 8KB range, otherwise skip
    • Adds afva in all fcns flags (if any)
    • Skip afva on functions with signature registered
    • Do not perform var/arg analysis on Java/Dalvik
    • Add missing eiz/riz registers for x86 and x64
    • Add mermaid output to all ag commands
    • Add an* and fix many other conceptually broken logics in an

    analysis

    • Remove the hexagon from anal
    • Add afiq for quiet functino info and refactor the anal/abi.inc
    • Add help for 'pie?', add pieq and add ninstr in afi[j]
    • Sanitize function names for prototypes
    • Unify asm.z80 into anal.z80
    • Restrict local vars and args in a 8KB range, otherwise skip
    • Adds afva in all fcns flags (if any)
    • Skip afva on functions with signature registered
    • Add missing eiz/riz registers for x86 and x64
    • Add an* and fix many other conceptually broken logics in an

    asm

    • Fix #19489 - Implement assembler for jrcxz

    bin

    • Add help for the CL command
    • Cache file_exists when iterating over the source files
    • Complete DWARF4 register mappings

    build

    • Only build library archives when -Dblob is provided
    • Fix some static meson blob dependency leftovers
    • Fix sys/release-notes when HEAD a tagged
    • Make -Dblob=true statically link all r2 libraries

    ci

    • Publish r2blob-w64 on release and fix artifact name

    crash

    • Fix heap OOB read in macho.iterate_chained_fixups
    • Fix UAF in aaaa on arm/thumb switching
    • Fix buffer overflow in asm.nbytes, add hard limit to 64
    • aaef on arm/thumb switches causes uaf
    • Break large loops when method name resolution fails

    debug

    • Improve help message for dd? and autocomplete
    • Add 'dd+' to open files in the child process as read-write
    • Fix unitialized buffer read bug enumerating process files
    • Add ddf command
    • Fix dd command and update tests accordingly
    • Skip wired-to-ground registers in dr=
    • Fix drj in debug mode

    disasm

    • Fix #19838 - Show pins in the disassembly as comments
    • Improve the way asm.nbytes plays with asm.flags.inbytes
    • Fix issue in asm.tabs.once causing iaito to trim instructions

    doc

    • Update the Windows build instructions

    esil

    • Add ESIL for x86 SSE float instructions
    • Implement 'aeb' using APIs instead of commands
    • Add aaepa command to set all unknown imports as ret0
    • Fix aecs and add test emulating hello world without libc
    • Add aaep and extend aep to support pin specific commands
    • Implement ESIL for the Stlxr arm64 instructions

    fix

    • Fix undefined behaviour in RVector, RPVector, RInterval and container_of

    print

    • Initial import of the code tokenizer

    refactor

    • Lots of cleanups to reduce the regressions in TCC
    • Dont use != NULL as its implicit in C, even for bool casts

    shell

    • Improve help message for psz, aek, aae, aep, aer and aex commands

    tools

    • Use R_SYS_BITS by default in rasm2

    visual

    • Fix back scrolling in the decompiler pane in panels
    • Improve panels prompt drawing the bottom box line one line above
    • Add scr.notch to blank N lines on top of the screen
    • Improve panels interactions with decompiler frame
    • Record seek history when cliking around in panels
    • Fix blank decompiler issue when clicking randomly in panels

    windows

    • Add w64-static builds in the CI
    • Add 'configure.bat static' argument to build r2blob.static.exe
    • Fix meson -Dblob=true builds for static
    • Fix r2blob for windows

    Source code(tar.gz)
    Source code(zip)
    r2blob-5.6.6-w64.zip(15.33 MB)
    r2ios-sdk-5.6.6.zip(154.92 MB)
    radare2-5.6.6-android-aarch64.tar.gz(29.23 MB)
    radare2-5.6.6-android-arm.tar.gz(29.92 MB)
    radare2-5.6.6-android-x86_64.tar.gz(58.97 MB)
    radare2-5.6.6-freebsd.tgz(28.55 MB)
    radare2-5.6.6-static.tar.xz(115.13 MB)
    radare2-5.6.6-w32.zip(9.71 MB)
    radare2-5.6.6-w64.zip(10.23 MB)
    radare2-5.6.6-wasi.zip(52.38 MB)
    radare2-5.6.6.pkg(12.54 MB)
    radare2-arm32_5.6.6_iphoneos-arm.deb(42.22 MB)
    radare2-dev_5.6.6_amd64.deb(182.21 KB)
    radare2-dev_5.6.6_i386.deb(182.15 KB)
    radare2_5.6.6_amd64.deb(7.19 MB)
    radare2_5.6.6_i386.deb(7.16 MB)
    radare2_5.6.6_iphoneos-arm.deb(42.52 MB)
  • 5.6.4(Mar 1, 2022)

    Release Notes

    Version: HEAD Previous: 5.6.2 Commits: 67 Contributors: 11

    Highlights

    More details

    Authors -------

    Dennis Goodlett Dennis Goodlett Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aemmitt aemmitt-ns archcloudlabs pancake pancake pkubaj

    Changes

    anal

    • Handle jump tables in agfm
    • Add agfma to get assembly in mermaid graphs
    • Add agfm command to print cfg graphs using mermaid syntax

    analysis

    • Add agfm command to print cfg graphs using mermaid syntax

    bin

    • Find strings on maddr'd binaries with izz
    • Fix wide32 string detection that caused to miss other ascii strings
    • Fix large loading times in macho parser
    • Fix slow loading times for small ELF sample

    build

    • Fix #19726 - fix meson definition order issue when using syslz4
    • Add rasm2 and rax2 wasi/wapm packages
    • Build fixes for wasi/wapm/wasm and update sdb

    charset

    • Add initial support for katakana

    crash

    • Fix timeout analyzing a small class reported by clusterfuzz
    • Fix DoS in PE/QNX/DYLDCACHE/PSX parsers
    • Fix DoS in kernelcache bin parser
    • Fix oobread in macho core symbolication
    • Fix null deref in bin.symbols
    • Fix DoS in the minidump parser
    • Fix DoS on macho parser spotted by scan coverity
    • Fix heap buffer overflow in dyldcache parser

    debug

    • Add support for powerpc, powerpc64, powerpc64le and riscv64 on FreeBSD

    disasm

    • Honor ArchInfo.opalign in pia
    • Fix #19610 - Honor minopsz in pia

    esil

    • Add some sign extend to some v850 st/sst insns

    print

    • Fix #19729 - Make pswj consistent with psw output
    • Fix #19739 - Fix oobread in pv* and fix bug in pvj

    shell

    • Add aot command to show instruction types (like /atl)

    visual

    • Restore and revert blocksize in V:
    • Fix #19737 - Handle ESC and space in the ascii hex column

    Source code(tar.gz)
    Source code(zip)
    r2ios-sdk-5.6.4.zip(154.54 MB)
    radare2-5.6.4-android-aarch64.tar.gz(29.42 MB)
    radare2-5.6.4-android-arm.tar.gz(30.03 MB)
    radare2-5.6.4-android-x86_64.tar.gz(37.75 MB)
    radare2-5.6.4-freebsd.tgz(28.54 MB)
    radare2-5.6.4-static.tar.xz(115.52 MB)
    radare2-5.6.4-w32.zip(9.49 MB)
    radare2-5.6.4-w64.zip(10.01 MB)
    radare2-5.6.4-wasi.zip(51.59 MB)
    radare2-5.6.4.pkg(12.59 MB)
    radare2-arm32_5.6.4_iphoneos-arm.deb(42.09 MB)
    radare2-dev_5.6.4_amd64.deb(182.37 KB)
    radare2-dev_5.6.4_i386.deb(182.35 KB)
    radare2_5.6.4_amd64.deb(7.22 MB)
    radare2_5.6.4_i386.deb(7.17 MB)
    radare2_5.6.4_iphoneos-arm.deb(42.38 MB)
  • 5.6.2(Feb 15, 2022)

    Release Notes

    Version: 5.6.2 (from 5.6.0) Commits: 63 (from 13 contributors)

    Highlights

    • Fixed 12 critical vulnerabilities (Thanks NowSecure, Google, Synopsys and HuntrDev! for reporting)
    • Support new file fileformat used by Xamarin to pack .NET libraries (XALZ)
    • ihex:// (intel hexadecimal object files) are working again (it was broken for a while)
    • lz4 deflating is now supported at API and commandline levels
    • FreeBSD is now part of the CI, improved stability and fixed all related warnings
    • The new w+ (wx+) commands write and seek to the end of the written chunk
    • Panels fixed a couple of glitches and improved usability with decompilers
    Authors

    Anderson Angel Diaz Anton Kochkov Bernhard M. Wiedemann Dennis Goodlett Florian M Nerijus Bendziunas PauRE Sergi Àlvarez i Capilla nemarci pancake pancake wargio

    Changelog

    api

    • New r_inflate_lz4 API to reuse LZ4 across all libs
    • Support building with system-provided lz4 library

    asm

    • Support assembling the cmn, teq and tst arm32 instructions
    • Fix oobread bugs in cr16 disassembler
    • Fix pop [rsp] emulation for x86 

    bin/io

    • Add ELF reloc patching for R_386_32 and R_386_PC32
    • Handle SH, MIPS and ARM in COFF binaries
    • Initial support for XALZ binaries from Xamarin
    • Fix ihex:// io parser as it was not working

    ci

    • Partial #19687: Add release github actions workflow
    • Publish FreeBSD artifacts and purge the srcdir

    cons

    • Fix 'disable mouse' ansi code
    • Minor rgb.parse optimization and remove the use of sscanf in pal.c
    • Fix visibility issue in the bluy theme

    crash

    • Properly fix the UAF in r_io_bank_map_add_top
    • Early break when parsing corrupted DEXs to avoid DoS
    • Fix oobread in pxj
    • Prefer memleak over usaf in io.bank's rbtree bug
    • Fix DoS in MACHO parser spotted by clusterfuzz
    • Improve boundary checks to fix oobread segfaults
    • Fix DoS when loading a fuzzed DEX file
    • Fix UAF in pyc parser
    • Fix negative index in anal.arm64.cs
    • Fix bins/*/rep8 - UAF crash in pyc parser
    • Fix oobread segfault in java arith8.class
    • Fix java oobread in id_000000,sig_06,sync_m1,src_000048

    panels

    • Fix panel focus glitch
    • Fix overlapping titles on small frames
    • Close menu when a different decompiler is selected

    shell

    • New 'w+' command, to write a string and seek at the end
    • Fix parsing of 'ra?' and 'r0x' subcommands
    • Add prgl command to decompress current block using lz4
    • Fix Negative Offset in Hexdump Json Output

    Source code(tar.gz)
    Source code(zip)
    r2ios_sdk-5.6.2.zip(152.56 MB)
    radare2-5.6.2-android-aarch64.tar.gz(29.40 MB)
    radare2-5.6.2-android-arm.tar.gz(30.02 MB)
    radare2-5.6.2-fbsd13.tgz(28.55 MB)
    radare2-5.6.2-mingw32.zip(34.25 MB)
    radare2-5.6.2-mingw64.zip(34.66 MB)
    radare2-5.6.2-w32.zip(9.50 MB)
    radare2-5.6.2-w64.zip(10.03 MB)
    radare2-5.6.2.pkg(12.58 MB)
    radare2-android-x86_64.tar.gz(37.73 MB)
    radare2-dev_5.6.2_amd64.deb(182.44 KB)
    radare2-dev_5.6.2_i386.deb(182.34 KB)
    radare2_5.6.2_amd64.deb(7.23 MB)
    radare2_5.6.2_i386.deb(7.20 MB)
    radare2_5.6.2_iphoneos-arm.deb(42.36 MB)
  • 5.6.0(Feb 2, 2022)

    Release Notes

    Version: 5.6.0 Previous: 5.5.4 Commits: 254 Contributors: 16

    Highlights

    • ABI breaks - RAnal api is the new home for the RAsm plugins, reduce installation size
    • Add an initial and working native reimplementation of r2pm in plain C (no posix shell required)
      • Windows support will come later, needs more testing and user feedback.
    • Initial release with support for threads (one RCore per-thread is supported for now)
      • Remove or make TLS globals, add atomic support, fix mutexes and threads
      • r2r testsuite now runs with the thread sanitizer enabled builds
      • Remove all uses of sdb_fmt in exchange of the thread safety r_strf
    • More tests for ESIL and improve quality on x86, arm64, riscv, v850 and more!
    • Improved usability and fixed some buggy interactions in panels, better help messages and improved color themes.
    • Support latest capstone, and prefer system wide installation for better offline builds
    • Add project loading in sandbox mode and add dirty bit to avoid saving things when nothing changed.
    • New commands: pdu, r-/r+, fc, aafs, pcc, /aF, isqq. iS,, axl, /e, pFB, ws# for more pascal string types support
    • Binary PLIST printing (pFB) which combines great with (pFA - for android binary xml)
    • Orders of magnitude faster analysis with aafs and sixref
    • Honor flag colors in hexdump and instruction tokenization in disasm
    • Fix 3 CVEs since 5.5.4, lots of memory leaks and all the coverity critical issues
      • Improve code quality by using new tools and stdint basic types
    • Support arm32 debugging on native arm64 linux hosts
    • Extend scripting support to quickjs and wren programming languages
    • Add time measurement directive to rarun2
    • Add Rabin Karp faster search algorithm (/e) and fix some bugs in the search loops
    • Add new arch plugins: loongarch, evm.cs, v850.np and chip8
    More details

    Authors -------

    Adrian Laskowski Apkunpacker Claudemirovsky Dennis Goodlett Francesco Tamagni Lazula RHL120 Roman Valls Guimera Sylvain Pelissier aemmitt-ns gogo2464 junchao-loongson lasek0 meme pancake pancake

    Changes

    abi

    • Move asm/wasm into anal, and add new opasm() callback

    anal

    • Simpler var counting API
    • Add support for x86-32 callpop artifacts
    • Add ablc, ab-, Fix and optimize in af- and aafs
      • Add ablc, ab-, Fix and optimize in af- and aafs
    • Fix 'afls' and add tests
    • Fix heap overread in loongarch when len < 4
    • Add axl command for consistency with afl for 'axlc'
    • Fix reference order and use the API in sixref (2x faster)
    • Initial implementation of the 'aafs' command
    • Add support for the new loongarch architecture
    • Improve the v850.np analysis, fix all call refs

    analysis

    • Simpler var counting API
    • Add support for x86-32 callpop artifacts
    • Add ablc, ab-, Fix and optimize in af- and aafs
      • Add ablc, ab-, Fix and optimize in af- and aafs
    • Fix 'afls' and add tests
    • Add axl command for consistency with afl for 'axlc'
    • Fix reference order and use the API in sixref (2x faster)
    • Initial implementation of the 'aafs' command
    • Add support for the new loongarch architecture
    • Improve the v850.np analysis, fix all call refs

    api

    • Add r_core_help_match() to get help for a specific command

    arch

    • Initial import of the evm.cs plugin

    asm

    • Handle instruction operands in wasm.asm
    • Refactor, improve and move chip8 support out of libr/asm

    bin

    • Parse relocs from Mach-O chained binds if no opcodes
    • Add support for rebasing ARM64E_USERLAND24 chained format
    • Fix isqq. command
    • Fix #19541 - Fix null deref and stack exhaustion bugs in the kernelcache
    • Implement iS, command (table query format for section listing)

    build

    • Fix #18621 - Specify ABI version to be X.Y instead of X.Y.Z
    • Add 16GB pagefile for the windows ci
    • Simplify meson logic and use ole's PR to fix Windows
    • Add CI job to verify builds with system-wide capstone
    • Use system capstone if available in sys/install.sh
    • Fix ios-sdk compilation
    • Bring back the 32bit builds for Cydia
    • Use api9 for android-arm builds to bring back Kitkat support

    charset

    • Add iso8859_1

    cleanup

    • Remove globals from tcc code

    cons

    • Use static RThreadLock in cons
    • Dont SIGINT in RCons when used in a thready way
    • Improve the 'fc' command to unset and get color flags easily
    • Add scr.theme and Lt commands as alias for 'eco'
    • Improve the basic theme
    • Fix all the known issues in the ayu theme
    • Honor jmp/call argument colors by type

    core

    • Fix #19628 - wx+ as an alias for wxs
    • Mark all globals (or most of them) as TLS variables
    • Make RCons thread-friendly
    • Fix race conditions in RCoreTasks
    • Rewrite r_list_uniq with a faster algorithm

    crash

    • Fix null deref in xnu.kernelcache
    • Optimize and fix heap overflow in asm.tabs using RStrBuf

    debug

    • Expose the 32bit arm reg profile on 64bit hosts

    disasm

    • Workaround to handle seg:off on x86_16 due to a capstone bug
    • Fix #15473 - Align meta dwords in the middle of instructions
    • Improve reg detection in asm highlighting + add test
    • Fix reg/flag detection in disasm colorization
    • Initial import of the v850.np plugin
    • Handle anal.cpu=? and fallback for asm.cpu when no asm plugin
    • Add asm.bytes.opcolor configuration option

    doc

    • Add 'first session' example in the README

    esil

    • Disable ESIL macros and add reproducer test
    • Add helper function for pending macro handling
    • Improve EVM analysis and update tests
    • Macrofication of the '+=' and '-=' esil operations
    • Add support for list12 logic in the v850.np distillation
    • Fix esil for bnd jmp x86 instrs and cmn arm instrs
    • Implement ESIL on more instructions for v850.np
    • Handle ESIL in more v850.np instructions

    help

    • Fix helps for aan? aaf? and aes?
    • Fix help for the 'aaa' subcommands

    io

    • Fix use-after-free in iobank rbtree usage

    panels

    • Autoset cache flag on whitelisted panels on create
    • Fix #19410 - Fix cursor mode regression

    parse

    • Use static RThreadLock in TCC

    ports

    • Add basic support for loongarch

    print

    • Add 'pFB' command to use the new BPLIST parser
    • Add scr.color.ophex to colorize 'px' with opcode type
    • Honor flag colors in 'px' hexdump
    • Fix pxa@e:hex.compact=true and add tests
    • Improve the way color flags are handled
    • Improve pcc output and add a test
    • Add 'pcc' command to print block as C char*string
    • Fix pdsf?, forbid V? and remove newlines in pxA?

    projects

    • A better way to check if a project has been saved
    • Add prj.sandbox to enable experimental sandboxed project loading

    r2pm

    • Initial implementation of r2pm.c

    refactor

    • Use stdint like if there was no yesterday
    • Remove asm.hexagon, anal one is enough
    • Remove asm.ebc and merge disasm into the anal

    search

    • Implement /aF and /aFd to search for instructions in functions
    • Add Rabin Karp algorythm to
    • Add r_search_maps to
    • Search adjacent maps together
    • Move /e to new search API
    • Fix bug in regex searching
    • Add longest field to RSearch
    • Add r_search_upate_read API

    security

    • Implement fine grained sandbox control

    shell

    • Implement rarun2 time=true attribute

    tests

    • Initial implementation of the dummy benchmark

    tools

    • Fix R2PM_DEPS handling in r2pm -ci

    util

    • Fix: Mark r_print_format globals as TLS
    • Add atomic primitives for Windows
    • Add safe static lock initialization
    • Improvements and fixes for the threading APIs
    • Introduce r_strf and stop using sdb_fmt

    visual

    • Fix #19409 - Close menu after creating a new panel from it
    • Handle vE as in VE - edit color theme
    • Fix fast jump with ahc on register calls

    windows

    • Use I64x instead of llx format strings for mingw builds too

    write

    • Add ws1, ws2 and ws4 commands for variable size pascal strings

    Source code(tar.gz)
    Source code(zip)
    r2-5.6.0-ios-sdk.zip(153.09 MB)
    r2-static.tar.xz(115.89 MB)
    radare2-5.6.0-android-aarch64.tar.gz(29.43 MB)
    radare2-5.6.0-android-arm.tar.gz(30.04 MB)
    radare2-5.6.0-w32.zip(9.50 MB)
    radare2-5.6.0-w64.zip(10.02 MB)
    radare2-5.6.0-wasi.zip(51.25 MB)
    radare2-5.6.0.pkg(12.59 MB)
    radare2-android-x86_64.tar.gz(37.57 MB)
    radare2-arm32_5.6.0_iphoneos-arm.deb(41.75 MB)
    radare2-dev_5.6.0_amd64.deb(182.36 KB)
    radare2-dev_5.6.0_i386.deb(182.31 KB)
    radare2_5.6.0_amd64.deb(7.21 MB)
    radare2_5.6.0_i386.deb(7.18 MB)
    radare2_5.6.0_iphoneos-arm.deb(41.98 MB)
  • 5.5.4(Dec 15, 2021)

    Release Notes

    Version: 5.5.4 Previous: 5.5.2 Commits: 30 Contributors: 8 Days: 9

    Highlights

    More details

    ## Authors

    Changes

    Architectures support

    Changes related to disassembly, assembly and analysis:

    • Use cs_disasm_iter in anal.x86.cs to use less heap and speedup analysis and disassembly
    • Disable the disassembler logic in the asm plugin for 8051
    • Handle jbc [reg] in 8051 assembler
    • Handle registers on push on 8051
    • Improve pD, reading too many bytes on loop
    • Better Analysis plugin handling from the asm module

    Binary parsing

    • Dont depend on case-sensitive FS to load the DLL sdbs
    • Support Mach-O DYLD_CHAINED_PTR_64_OFFSET format

    Build/ CI

    • Check for an existing upstream remote in install scripts
    • Fix libr_lang linking issue (introduced in 5.5.2)
    • Do not remake on modules with d/ (faster 'make' builds)

    Search

    • Cleanup public API for
    • Add JSON output to zb commands

    Security

    • Fix #19476 - heap overflow in aao
    • Fix #19478 - null deref in symbols file
    Source code(tar.gz)
    Source code(zip)
    r2ios-sdk.zip(151.58 MB)
    radare2-5.5.4-android-aarch64.tar.gz(29.54 MB)
    radare2-5.5.4-android-arm.tar.gz(29.98 MB)
    radare2-5.5.4-mingw32.zip(34.47 MB)
    radare2-5.5.4-mingw64.zip(34.89 MB)
    radare2-5.5.4-w32.zip(7.98 MB)
    radare2-5.5.4-w64.zip(8.51 MB)
    radare2-5.5.4.pkg(12.62 MB)
    radare2-5.5.5-android-arm.tar.gz(29.98 MB)
    radare2-arm32_5.5.5_iphoneos-arm.deb(41.70 MB)
    radare2-dev_5.5.4_amd64.deb(181.01 KB)
    radare2-dev_5.5.4_i386.deb(181.07 KB)
    radare2_5.5.4_amd64.deb(7.26 MB)
    radare2_5.5.4_i386.deb(7.21 MB)
    radare2_5.5.4_iphoneos-arm.deb(41.59 MB)
  • 5.5.2(Dec 6, 2021)

    Release Notes

    Version: 5.5.2 Previous: 5.5.0 Commits: 92 Contributors: 16 TimeDelta: 20 days

    Highlights

    More details

    Authors -------

    Ashwin Kumar Dennis Goodlett Lazula Octavio Gianatiempo Richard Liu Rick de Jager Sergi Àlvarez i Capilla aemmitt-ns aviciano condret gordon-quad meme meme pancake pancake slowhand99

    Changes

    ARM/THUMB

    • Fix #19464 - incorrect assembly for adrp on arm64
    • Use null plugin when using unexistent asm plugin
    • Handle more ELF relocs for ARM binaries
    • Fix #18967 - Fix emulation for the mov-pc thumb instruction

    Binary parsing

    • Add Plan 9 symbol parsing
    • Fix PE Metadata header name parsing (.net related)
    • Add bin_xtr.xtr_pemixed for PE user plugin

    build

    • Use remote URL for git pull in install scripts
    • Enable mingw32/mingw64 builds in the CI (new first class platform)

    cons/ui

    • Improve the snow experience in panels mode
    • Add eco! and eco* and sort eco listing
    • Show prev nodes in graph.few
    • Improve cursor up/down in visual disasm when code is analyzed

    crash

    • Fix invalid pointer read issue in dwarf parser
    • Fix #19455 - Negative tainted offset used in buffer for pyc causing oobread
    • Fix #19448 - Fix atoi on non-null terminated string in PE section headers
    • Fix #19446 - null derefs in the x509 parser
    • Fix #19443 - UAF in marshall null object
    • Fix #19442 - Fix heap underflow in pyc marshalling
    • Fix #19444 - Null derefs in PE signature logic

    Other

    • Fix #19463 - io write error reporting regression
    • Fix #19473 - Support libc filename w/o version for heap analysis
    • Fix Dalvik’s esil conditionals
    • Initial support for VLIW on hexagon
    • Fix infinite loop in r_str_replace

    Diff / Signatures

    • Implement symbol name list diffing in radiff2
    • Fix zj vars output
    • Add binary search alg to pvector

    r2pipe

    • Fix r2pipe.cmd("Z") when command fails returns no output
    • Updated R2pipeSide support for Go and V
    Source code(tar.gz)
    Source code(zip)
    radare2-5.5.2-android-aarch64.tar.gz(29.53 MB)
    radare2-5.5.2-android-arm.tar.gz(30.04 MB)
    radare2-5.5.2-mingw32.zip(34.26 MB)
    radare2-5.5.2-static.xz(113.99 MB)
    radare2-5.5.2-w32.zip(7.98 MB)
    radare2-5.5.2-w64.zip(8.51 MB)
    radare2-5.5.2.pkg(12.62 MB)
    radare2-dev_5.5.2_amd64.deb(181.02 KB)
    radare2-dev_5.5.2_i386.deb(181.00 KB)
    radare2_5.5.2_amd64.deb(7.22 MB)
    radare2_5.5.2_i386.deb(7.17 MB)
    radare2_5.5.2_iphoneos-arm.deb(41.57 MB)
  • 5.5.0(Nov 14, 2021)

    Codename: Nozomi 希 Commits: 381 Contributors: 25 Associated Releases:

    • r2dec https://github.com/wargio/r2dec-js/releases/tag/5.5.0
    • r2ghidra https://github.com/radareorg/r2ghidra/releases/tag/5.5.0
    • r2frida https://github.com/radareorg/r2ghidra/releases/tag/5.5.0

    Breaking changes in api, esil, abi and commands. Plugins will need to be recompiled as usual. Special thanks to giantbranch from NSFocus Tianji Lab for reporting several crash reproducers

    • New IOBanks APis and commands replacing skyline and making io faster (2-10x) @condret
    • Faster analysis, type matching, binary parsing (2-4x) @trufae
    • [] and =[] esil operations has been removed (size is mandatory) @condret
    • Lots of important bugs fixed in bin parsers and disassemblers @lazula
    • Add support for the latest iOS15 dyld4 Atlas-style cache formats @mrmacete
    • Autorename signature matching collisions and faster search @swoops
    • Add assembler for riscv and disassemblers for PDP11, Alpha64 and armv7.v35 @trufae
    • Improved integration with r2frida remote filesystems @as0ler
    • Cleaning debugger for windows (32 and 64) and macOS makes it more reliable and stable @trufae
    • Add seven segment printing (?ea for ascii-art text titles) @trufae
    • Improved xrefs visualization with new axfm and axtm commands @trufae
    • Add avg command to manage global variables @trufae
    • The sixref plugin is now easier to use to find xrefs on arm64 code @hot3eed
    • Improved multibin (select all bins or one) and multidex support in apk:// @trufae
    • Better build scripts for Windows (add asan and w32 profiles) @trufae
    • Added armv7.v35 and improves esil emulation with the arm64.v35 @aemmitt-ns
    • Add more help messages and set scr.prompt.tabhelp true by default @trufae
    • AES key wrap algorithm support in rahash2 @sylvainpelissier
    • Fix var serialization issues in debugger reloading (ood) and projects saving (Ps) @rhl120
    • Add Amiga and MSX rom/bin parser plugin and test @romerojoseant @trufae
    • Visual slides (r2s) allow interactive content to be used within r2 @trufae
    • Print and convert ternary values back and forth @trufae
    Continue reading ...

    Authors

    0mhu Abdelrahman Eid Antoni Viciano Dennis Goodlett Fernando Domínguez Francesco Tamagni Jose Antonio Romero Lazula Murphy RHL120 Sergi Àlvarez i Capilla SkUaTeR Sylvain Pelissier aemmitt-ns condret devnull850 dogtopus hot3eed junchao-loongson meme murphy pancake pancake rhl120 thymol0

    analysis

    • Check if ax[ft] argument is valid before showing xrefs to 0
    • Implement axtm, axfm and add helps for axf? and axt?
    • Improve debug message when misleading a function name
    • Add serialization API for vars
    • Improve sixref plugin UX
    • Copy the z80.archinfo into the gb plugin
    • Honor (min|max)-opsz and buffer bounds in aar
    • Hide the 'no calling conventions' warning and add =R0 for x86
    • Improve the reg profile for python
    • Fix crash when using the pyc disassembler without pyc bin
    • avr requires aeim before aaaa to not assert
    • New 'avg' command and RAnal.global to manage global variables
    • Remove unused enum
    • Fix tests for RAnalVar function relocation
    • Fix variable relocation on ood (#19219)
    • Fix 1 bb function analysis with a2f
    • Fix null deref when using anal.a2f
    • Improve sixref plugin UX

    asm

    • Add the first multiarch assembler plugin: vasm
    • Initial implementation of the RISCV assembler
    • Minor refactors in disasm.c, primarily r_core_print_disasm()

    bin

    • Use r_str_ndup in another bound check in dwarf
    • Fix crash when elf symbol initialization fails
    • Always init Mach-O options with defaults
    • Add Support For dyld4 Atlas-style Shared Library Caches
    • Handle allbins in im, iM, iT, iC, iV, iz
    • Implement multidex and proper multibin in apkall://
    • Handle allbins for iz, ic, iI, ie and iM
    • Implement 'ob *' to select all bins and honor in is,ii,ir,il
    • Add MSX rom/bin parser plugin and test
    • Fix some null checks around the open_many apis
    • Implement 'is,' for table query for symbols
    • Handle the ARM32 COFF case
    • Improve swift demangler and add bin.demangle.trylib config
    • Initial implementation of the HUNK file parser
    • Detect canary on statically linked RT and stripped PEs

    build

    • Generate bin/d the same way as other sdb paths with meson
    • Fix wasi builds and update wapm package in the new dist/wapm
    • Respect v35 repos for offline builds
    • Dont user latest meson because its broken :D
    • Initial work towards supporting mingw32/64 again
    • Rename MD5 symbols to prevent OpenSSL collision

    cons

    • Fix buffer overflow in RConsPixel API affecting the braile renderer
    • Improve default theme
    • Add scr.prompt.tabhelp enabled by default
    • Move more context fields out of the globals
    • Move the console flushing decision to the console context

    core

    • Deprecate the file.openmany config variable

    crash

    • Fix null deref in r2 -c 'oc 3' -
    • Fix #19178 - UAF in aaft when anal.detectwrites is enabled
    • Wrong bounds initializing dwarf dies (tests_64901)
    • Fix oobread in z80 disassembler (tests_65081)
    • Fix oobread crash in the ELF parser (tests_64931)
    • Fix oobread crash in DWARF's parse_die (tests_64926)
    • Save and check the reg arena size when peekpoking (Fix tests_64923)
    • Fix oobread crash in DWARF parser (tests_64922)
    • Fix oobread crash in dwarf parser with non-null terminated strings
    • Fix oobread crash in DWARF parser (tests_64924)
    • Fix oobread crash in the analysis loop with corrupted ELFs (tests_64928)
    • Fix uaf crash in aaft (tests_64927)
    • Fix UAF in aaft (tests_64923)
    • Fix oobread in VAX disassembler (tests_64920)
    • Fix oobread crash in RAnal.hexagon (tests_64900)

    crypto

    • Remove global usage in AES encryption
    • Add AES Key Wrap Algorithm

    debug

    • Make the macOS debugger more stable
    • Handle PPID on macOS debugger

    diff

    • Add ci commands to compare two rbinobject data

    disasm

    • Add disasm+decompiler side by side api for the codemeta api
    • Use hints to follow dwords
    • Add armv7 to the arm.v35 plugin
    • Fix pdi~invalid bug, at least when bbsize > 32
    • Add support for the ALPHA disassembler
    • Add PDP-11 disassembler support from binutils

    esil

    • Improvements on the arm64.v35/cs plugins
    • Kill esil [], []= and related operations
    • Fix r2wars regression with REP cycle detection
    • Use sdb_itoa instead of snprintf for emulation

    fs

    • Always use b64 encoded filepaths on the fs.io calls

    help

    • Add help for the an command

    io

    • Add r_io_map_add_bottom
    • Fix mapslit in r_io_map_add
    • Remove r_io_map_new from public API
    • Free maps on r_io_maps_fini
    • apk:// is the new apkall:// (add AndroidManifest.xml)
    • Use io banks by default
    • Speedup repetitive access to the same submap in io banks
    • Speedup r_io_map_get (O(2n) => O(2))
    • Add iobank support to r_io_read_at_mapped
    • Use new rbtree API in io_bank.c
    • Fix io bank cmp cb functions
    • Refix r_io_submap_set_to (typo)
    • Enable io bank support in r_io_map_resize
    • Kill r_io_map_location
    • Enable io bank support in r_io_nread_at
    • Implement r_io_bank_{read_from/write_to}_submap_at
    • Enable io bank support in r_io_v{read/write}_at
    • Enable io bank support in r_io_map_depriorize
    • Implement new r_io_desc_get_byuri() API
    • Enable io-bank support in r_io_map_get_paddr
    • Enable io-banks for r_io_map_del_for_fd
    • Fix return value in io_default close entry
    • Fix resource leak and logic bug in r_io_reopen
    • Check for access bytes in r_io_bank_{read/write}_at
    • Enable io-banks support in r_io_map_remap
    • Enable io-bank support in r_io_map_new
    • Kill r_io_map_add_batch
    • Remove unnecessary return val from r_io_map_del
    • Enable io-bank support in r_io_map_del
    • Rename r_io_map_next_available to r_io_map_locate and add use_banks support
    • Kill r_io_map_next_address
    • Improve r_io_bank_locate for replacing r_io_map_get_next_available
    • Add alignment support to r_io_bank_locate
    • Enable io banks in search; Kill search.in = io.sky.*
    • Add 2 comments for clarification
    • Improve "om"-command, show '*'-marker for current map
    • Implement map depriorization in io banks
      • Add r_io_bank_map_add_bottom and r_io_bank_map_depriorize
      • Fix potential bug in r_io_bank_update_map_boundaries and add some comment for clarification
    • Some cleanup and code deduplication
    • Fix oob write in r_io_bank_{read/write}_at
    • Fix omb-command map ids
    • Initial io.banks management commands
    • Rename r_io_bank_update_map_location to r_io_bank_update_map_boundaries and make it useable for map resize (siol eternal)
    • Some code cleanup (siol eternal)
    • Use incremental timestamp on map creation instead of real ones (siol eternal)
    • Implement r_io_bank_update_map_location (siol eternal)
    • Use r_list_iter_get_prev (siol eternal)
    • Implement r_io_bank_delete_map and fix some bugs (siol eternal)
    • Add r_io_bank_drain (siol eternal)
    • Implement r_io_submap_set{from/to} (siol_eternal) #18476
    • Implement r_io_bank_write_at (siol_eternal)
    • Implement r_io_bank_read_at (siol eternal)
    • Constify bankid and mapid in io-bank api (siol eternal)
    • Imnplement r_io_bank_map_priorize (siol eternal)
    • Speedup r_io_bank_map_add_top (siol eternal)
    • Add missing NULL-check (siol eternal)
    • Fix potential segfault (siol eternal)
    • Adjust codingstyle in libr/io/io_map.c (siol eternal)
    • Implement r_io_bank_locate (siol eternal)
    • Implement r_io_bank_map_add_top and r_io_bank_get (siol eternal)

    print

    • Add lowercase seven-segmented-ascii-art alphabet for ?ea
    • Implement ?ef = echo framed text command
    • Add pve command to print values on any endianness

    projects

    • Fix a problem serializing vartypes causing analysis info lost
    • Add .rvc_ignore
    • Add an rvc clone command

    refactor

    • free/fini methods should return void
    • Cleanup and boolify some more debug apis
    • Boolify RIO.close()
    • Minor refactors in disasm.c, primarily r_core_print_disasm()

    rvc

    shell

    • Don't check for decompilers in $PATH
    • Honor console width in ls and fix lsj,lsq,lse
    • Add 'dir' command as an alias for 'ls'
    • Permit ending '%' in the env keys for % and @%
    • Handle 'git' command (from system PATH)
    • Better subcommand error messages for @@, @@@ and @@@@
    • Add @@@R to iterate over relocs

    signatures

    • Add help message for zac
    • Fix bugs in types validator
    • Fix validation of next sigs
    • Fix leak in sig serialization
    • Simplify deserialization of byte
    • Add more information to var
    • Simplify types storage in r_sign
    • Refactor r_sign
    • Add return type to zj
    • Auto-rename name collisions in

    tests

    • Enable R2_DEBUG_ASSERT=1 in r2r
    • Assume tests without FILE= just open -
    • Show instruction and bytes when failing asm tests

    types

    • Optimize 'aaft' command, still far from fully optimized
    • Remove ctype.c 2yo deadcode
    • Add more types and skip some parse errors in to

    util

    • New API to get fist hex bytes in str
    • Fix signed overflow in r_buf_fread_at
    • Fix UAF in new rbtree api and improve a varname
    • Port https://github.com/leiless/jw_rbtree to r_util (#19252)
    • Implement skip RTable filter
    • Implement ternary support for numeric input
    • Handle base64: prefix in the wtf command

    visual

    • Dont loose scroll position when selecting new panels
    • Handle the .r2s extension for visual slides
    • Implement RCore.visual_slides()
    • Fix defining meta backwards in disasm
    • Use RUtil.Str.ss in disasm when scr.demo is set
    • Fix #18384 - Visual arg/var management not working sometimes
    • Fix Vvv output for stackpointer based vars
    • Implement ?ea and ~?ea to use the seven segment ascii art text rendering
    Source code(tar.gz)
    Source code(zip)
    radare2-5.5.0-android-aarch64.tar.gz(29.46 MB)
    radare2-5.5.0-android-arm.tar.gz(26.95 MB)
    radare2-5.5.0-android-x86_64.tar.gz(29.66 MB)
    radare2-5.5.0-w32.zip(7.98 MB)
    radare2-5.5.0-w64.zip(8.51 MB)
    radare2-5.5.0.pkg(12.62 MB)
    radare2-dev_5.5.0_amd64.deb(181.08 KB)
    radare2-dev_5.5.0_i386.deb(181.08 KB)
    radare2_5.5.0_amd64.deb(7.23 MB)
    radare2_5.5.0_i386.deb(7.18 MB)
    radare2_5.5.0_iphoneos-arm64.deb(41.56 MB)
  • 5.4.2(Sep 20, 2021)

    CI / build and portability

    • Added macos-arm64 (M1) builds into the CI
    • Add configuration file for Vinix builds
    • Improve the CI to keep consistent directory names in dist zips

    Windows related fixes

    • Fix w32 and w64 builds by not statically linking the runtime
    • Dynamically load more vista-related APIs to fix w32 startup crash
    • Support VS2019Pro, not only the Community toolchain in preconfigre.bat
    • Arrow keys working again in the prompt
    • Fix crash in dd command in debugger mode

    Signatures

    kudos to @swoops for those awesome improvements

    • Add support for collision calculations, improving speed in matches
    • rasign2 is now able to generate signatures for archive files (.a)
    • Load signatures from sdb file
    • Implemented 'next' signature types to detect functions based in context

    Esil

    • Fix emulation of xchg rax, rax
    • Fix 16 bit pop/push sizes
    • Add aoeq command with just the esil expression
    • Correct FPU and SIMD register types

    Shell

    • ls output is now alphabetically sorted
    • Add 'woi' command to inverse the contents of the block
    • Add isotp:// io plugin to let r2 talk to your car.
    • Autocomplete options in asm.assembler
    • Cleanup and fix some uaf bugs in @@@ actions
    • Fix glitch when moving cursor when scr.color=0
    • The o and mg commands now accepts base64: argument
    • Add s. and s.? commands to reload current block (same as s $$)
    • Fix /ai search for arm64 movs instructions
    • Handle ^C in @@ and @@@ as well as in macros
    • Support fish and tcsh

    Disasm and Analysis

    Kudos to @lazula for properly analyzing and fixing the 15yo disasm bug! great job!

    • Fix a 15 year old bug that was causing invalid disassembly when doing large listings
    • Add anal.cs variable to better support segmented memory addressing
    • Detect inlined strings in immediates using the movabs instruction under some circunstancies
    • Improve x86.nz assembler for better handling register/argument size

    RBin

    • Fix loading PE binaries with tiny segments (like 1 byte in size)
    • Projects containing PE binaries don't break after reopening now
    • Add support for COFF files for ARM

    Projects

    • Add more tests, ensure projects exists
    • Ravc2 - added rimraf, and reset action

    Scripting

    • Fix flagspace issue spotted when using it via r2pipe and ccall://
    • Add REXX scripting support
    • Fix loading r2ghidra when using r2 via r2pipe (RTLD issue only for Linux)
    • Previously the whole configuration was serialized to disk on every command, this is now gone

    Security

    • Fix some null derefs found in RCons, RConsGrep
    • Oob read in macho parser
    • Fix crash caused when io.cache was set
    • Support non-PIE builds (required for Vinix)
    • Support any value in http.webui fixing for the new wip webui
    • Add rmrf command for recursively removing directories
    Source code(tar.gz)
    Source code(zip)
    r2mw.zip(71.74 MB)
    radare2-5.4.2-amd64.pkg(11.34 MB)
    radare2-5.4.2-android-aarch64.tar.gz(26.37 MB)
    radare2-5.4.2-android-arm.tar.gz(27.84 MB)
    radare2-5.4.2-android-x86_64.tar.gz(30.55 MB)
    radare2-5.4.2-ios_sdk.zip(143.42 MB)
    radare2-5.4.2-m1.pkg(11.30 MB)
    radare2-5.4.2-static.tar.xz(113.57 MB)
    radare2-5.4.2-w32.zip(8.59 MB)
    radare2-5.4.2-w64.zip(9.16 MB)
    radare2-5.4.2-wasi.zip.zip(39.96 MB)
    radare2-5.4.3-w64.zip(8.72 MB)
    radare2-dev_5.4.2_amd64.deb(180.37 KB)
    radare2-dev_5.4.2_i386.deb(180.44 KB)
    radare2_5.4.2_amd64.deb(7.22 MB)
    radare2_5.4.2_i386.deb(7.17 MB)
    radare2_5.4.2_iphoneos-arm.deb(40.40 MB)
  • 5.4.0(Aug 19, 2021)

    Release Notes

    Version: 5.4.0 Previous: 5.3.1 Commits: 258 Contributors: 20

    Highlights

    • Add the vector35 arm64 for analysis, esil and disasm and r2 can be built without capstone
    • Improved integration to use r2ghidra analysis and disassemble mainly tested for avr, v850 and arm64
    • Fix emulation of several x86 and arm64 instructions, including an scripted way to import official arm64 instruction descriptions
    • Bring back the cmd.pin to instrument the esil emulation when a specific address is hit
    • Small steps towards Projects with improved management for version control
    • Improved visual and panels with better interactions and fixed glitches

    Shell

    • 500 more commands are now listed in the recursive help command: ?*
    • Backslash is now completely gone. Please use ':' or the original '=!' instead.
    • Implement @@== foreach word iterator operator
    • Add mwf command to write local files into remote targets
    • wv1,2,4,8 accept many space-separated numbers now

    Search

    • New /c subcommands are now available for searching crypto stuff
    • To find references to the UDS CAN table use /ru
    • Find PGP and RSA encrypted keys in memory with /cg
    • Search for common hashing and crypto constant tables in /ck
    • Add /ab to find backward jumps (mostly loops) and handle ^C
    • Initial implementation of spp, snp, /bp and /pp to find next/prev preludes

    Analysis

    • Improved VAX analysis, disassembly and analysis
    • Esil function emulation is performed properly spotting many more xrefs and reduces falses positives.
    • Default aa, aaa and aaaa analysis commands are now faster and produce better results
    • Analysis plugins can be now used as a replacement for the asm ones only for disassembling. Next release will start removing unnecessary asm plugins, reducing compile times and build size.
    • The new 'wan' command nops the partial instructions left, making binary patching much simpler
    • Faster exit times for ^D, making interactions more fluent and reducing CI times
    • Initial implementatil of ESIL macros and start reducing the instruction set
    • Better x86.pseudo and varsub for strings

    Debugger

    • Signal handling is now displayed in human form and C with better stop reasons
    • Use DRX APIs to handle breakpoint recoils only on x86-64

    Signatures

    • Support FLIRT v5 file format compression
    • Fix bug in zaf creating zignspace
    • Expand r_sign API and major refactor

    New platforms:

    The build system and CI packaging has been improved quite a lot, simplifying the release process and testing.

    • serenityOS: unix based OS that looks like w95, with its own kernel, libraries and userland. Debugger support in r2 is not yet available for SerenityOS, but APIs are there, so it's just a matter of getting it
    • Vinix: Kernel completely written in V, able to run bash, gcc or python, is now able to run r2!
    • Vax/netbsd: after discovering SIMH, a Vax emulator, took me few minutes to run NetBSD and run r2 in there, no debugger support yet.
    • WebAssembly is now build and published in the CI
    • Tic80: For now it's just identifying and parsing the headers and placing the flags

    Windows

    • Building on windows is as easy as running: preconfigure, configure and make
    • That will detect VS, Python, Git and setup the PATH and install Meson and Ninja for you.
    • Resolve Windows APIs at runtime to fix build with mingw and improve backward compat
    More details

    Authors

    Alex Bender Apkunpacker Azox Davide Pizzolotto Dennis Goodlett Enshin Andrey Ilya Trukhanov László Vaskó Maijin Murphy Paul I RHL120 Royos90 Sylvain Pelissier aemmitt-ns gogo hot3eed lasek0 pancake pancake

    Changes

    anal

    • Properly stringify the RAnalOP.type field
    • Implement aaff command and improve aaf? help message
      • Extend afj command to handle all jump table parameter options
    • Implement 'afs*' command to export function signature info in r2 commands
    • Fix afsj, taking signature args instead of fcnargs in json
    • Initial import of the arm64v35 disassembler and analysis plugins
    • Optimize infinite loop on non-quantum computers
    • Avoid assert on avr's null cmpreg test
    • Finish the tolowering of anal.noNULL
    • Fix aef and aaef to actually find xrefs at least

    asm

    • Fix #18813 - Cannot assemble cmp w26, 0 in arm64
    • Fix #18876 - Check imm bounds for some instructions in the x86.nz assembler
    • Add pushf/popf instructions to x86.nz
    • Use RAnalBind in RAsm to reuse RAnalPlugins to disassemble
    • Update ARM64 arm.sdb.txt opcode descriptions from documentation
    • Update the VAX disassembler from binutils

    assembler

    • Fix #18872 - New command 'wan' to write and nop affected instructions

    bin

    • Fix #18783 - Support ELFs with phnum > 0xFFFF
    • Allow RBinPlugins to use RBinFile at check()
    • Initial support for the TIC-80 Fantasy Computer cartridges
    • Replace SDB with HtPU in RBin.filter_name()
    • Put archinfo.{minopsz,maxopsz,align} in the output of i
    • Implement ELF relocs for VAX

    build

    • Add portability support for Vinix
    • Add meson support for the anal.arm.v35 plugin
    • Add preconfigure/configure/make batch scripts for Windows
    • Initial import of ./preconfigure for packaging purposes
    • Improve the macOS packaging scripts
    • Import radare2-win-installer files into dist/windows
    • Fix meson build and proper use of cgen
    • Fix system() on arm64 macOS targets (#18877)
    • Initial support for capstone-less compilations
    • Build and publish the ZIP with the WASI bins
    • Add initial support for building r2 on WASI

    ci

    • Version the artifacts

    cons

    • Dont check out of bounds last chars
    • Honor faster ^D on interactive execution path
    • Fix arrow handling after fixing mouse clicking glitches

    core

    • Honor bool in io.va, scr.interactive, scr.prompt and cfg.fortunes
    • Optimize and improve r_name_filter calls
    • Add &w command to wait and run for queued commands
    • Implement &: for queue commands
    • Implement @@== foreach word iterator operator

    debug

    • Fix the windows debugger and make it more stable
    • Add tests for the improved signal handling messages
    • Change the way wait events are handled in the unix-debug backend
    • Add 'sigstr' to the 'di' output for verboser stop reasons
    • Add RSignal.toHuman() and improve RDebugReason.toString()
    • Use DRX APIs to handle breakpoint recoils only on x86-64

    disasm

    • Support arch.* namings for the parse plugins
    • Better x86.pseudo and varsub for strings
    • Fix r_str_ansi_len() causing unaligned 'unaligned' words
    • Improve invalid address and string parameter issues in emu.str and pd comments
    • Improve x86.parse for asm.pseudo

    esil

    • Fix emulation for AARCH64 ldr,str,stp,ldp instructions
    • Fix #18860 - mul and imul for *dx operands and 64 bit widths
    • Bring back pins to esil land
    • Fix POPF POPFD POPFQ not increasing stack pointer
    • Add wide and math instr esil for dalvik, pac esil for arm64
    • Initial implementatil of ESIL macros

    fs

    • Add mwf command to write local files into remote targets

    io

    • io.plugin.lseek -> .seek for portability (wasi related) (#18840)

    panels

    • Add xX key descriptions in the help message

    print

    • Improve the pdc output to allow recompilation
    • Initial implementation of the pdo esil2c output

    projects

    • Dont save projects when no project is used
    • Exclude files of nested rvc repos from repo_files()
    • Use r_sys_whoami as the author name for r_vc_commit
    • rvc add r_vc_find_rp
    • Rework r_vc_checkout and fix some mem leaks
    • Rework the rvc_commit functions
    • Take advantage of prj.vc.type and merge rvc & git
    • Fix r_vc_commit and other functions
    • Major rvc api refactor to use sdb

    rvc

    • Fix memory leak and infinite loop in r_vc_find_rp

    search

    • Implement /ck command to search for crypto constant tables
    • Rename /cu UDS CAN table search to /ru command
    • Add PGP search for signature and RSA encrypted private keys (#18961)
    • Add /cg command to search for GPG artifacts
    • Update tests and add /a[?]q for quiet-legacy mode
    • Use pdi in /ad output
    • Initial implementation of spp, snp, /bp and /pp to find next/prev preludes
    • Add /ab to find backward jumps (mostly loops) and handle ^C

    shell

    • Autocomplete :. command
    • wv1,2,4,8 accept many space-separated numbers now
    • Remove other useless and incomplete treesitter leftovers and get +400 new commands in the recursive help
    • Remove colons in "?" number conversion output
    • Honor < and > comparison operators in RNumMath
    • Use RNum.math in "?b" to make '?b 1<<1' work
    • Add scr.hist.filter to toggle the filtered history up/down search
    • Improved reverse-search in command history
    • Faster ^D (leave r2 without freeing the core)
    • Completely eliminate the deprecated backslash command
    • Add some help and better parsing for the anal hints

    signatures

    • Add r_sign_metric_search to r_sign.h
    • Fix bug in zaf creating zignspace
    • Expand r_sign API
      • Use r_sign in rasign2
    • Support FLIRT v5 file format compression

    tools

    • Rename rvc2 to ravc2 to follow the ra*2 pattern
    • Add rasm2 -LL to list anal plugins loaded

    vc

    • Integrate rvc in projects and add a default commit message

    visual

    • Add context in visual xrefs
    • Fix #18843 - Implement Vx[+-] to add/delete xrefs
    • Fix glitches when clicking in the hud
    • Fix asm.hint.imm keystrokes ignored
    • Fix #18292 - Clarify the use of Vdn/Vdr and rename VdR to VdX
    • Handle 'o' key for options in panels
    • Initial implementation of ~.... for hudline prompt
    • Add Vi+ Vi- keys for visual insert byte inc/dec
    • Add Vi: keystroke to run commands on insert mode

    windows

    • Use dynamic api resolution on windows builds for better portability

    Source code(tar.gz)
    Source code(zip)
    r2ios_sdk-5.4.0.zip.zip(141.72 MB)
    radare2-5.4.0-android-aarch64.tar.gz(25.27 MB)
    radare2-5.4.0-android-arm.tar.gz(8.61 MB)
    radare2-5.4.0-android-x86_64.tar.gz(8.55 MB)
    radare2-5.4.0-static.tar.xz(113.12 MB)
    radare2-5.4.0-wasi.zip(54.06 MB)
    radare2-5.4.0_macos.pkg(11.14 MB)
    radare2-5.4.1-w32.zip(8.37 MB)
    radare2-5.4.1-w64.zip-4.zip(8.70 MB)
    radare2-dev_5.4.0_amd64.deb(180.14 KB)
    radare2-dev_5.4.0_i386.deb(180.21 KB)
    radare2_5.4.0_amd64.deb(7.22 MB)
    radare2_5.4.0_i386.deb(7.17 MB)
    radare2_5.4.0_iphoneos-arm.deb(40.41 MB)
  • 5.3.1(Jun 10, 2021)

    • Assembling invalid arm64 instructions dont result in invalid representations
    • Add http.basepath to support sub directory handling for proxying purposes
    • Support instruction descriptions when using the r2ghidra disassembler plugin
    • Fix issues and enable the garbage collector when running @vlang scripts
    • Fix arm16 ldr post indexing esil expression
    • Fix r2pipe regression caused by a change in RCons buffering when chaining multpile commands
    • Support user defined REgg plugins
    • CI: Fix macOS builds and build debian packages on ubuntu18 instead of ubuntu20
    • Fix prj.vc issue on Windows
    • Add support for armhf/armv7 musl builds as well
    • Enable build on less capable systems disabling threads, pty and other platform functionalities separately
    • Fix sorting issues on RList and foreach_prev
    Source code(tar.gz)
    Source code(zip)
    radare2-5.3.1-android-aarch64.tar.gz(22.98 MB)
    radare2-5.3.1-musl-static.xz(117.20 MB)
    radare2-5.3.1-w32.zip(8.52 MB)
    radare2-5.3.1-w64.zip(9.09 MB)
    radare2-5.3.1.pkg(9.58 MB)
    radare2-dev_5.3.1_amd64.deb(178.82 KB)
    radare2_5.3.1_amd64.deb(6.81 MB)
    radare2_5.3.1_iphoneos-arm.deb(38.71 MB)
  • 5.3.0(May 31, 2021)

    This release comes with a large list of bug fixes contained in 246 commits from the last 6 weeks thanks to 19 contributors. Kudos to everyone hanging out in the chats, testing, discussing, asking, helping and building up this community that makes r2 what it is. Hope all the users appreciate and enjoy this update as much as we did coding for it.

    Greetings to: Alex Bender Anthoine Bourgeois condret David CARLIER Dennis Goodlett Giovanni Di Santi gogo2464 Jing Liu meme Michal Ambroz murphy pancake Rene Laemmert RHL120 Shadorain Siguza Simon Vareille StefanBruens Sylvain Pelissier

    I could shout: aaaa is no longer breaking the debugged process! or Go scripting support!, but the list of changes and security bug fixes is quite large to summarize in just one line.

    Some important bugs has been fixed in the build system, not just reflected in the README and the CI but also for both meson and acr, previous old installations of r2 no longer breaks the build. The rpath builds are now fixed for both acr and meson, this is required for r2env! also, and most important one, all the sdb databases are now precompiled in C and loaded at compile time instead of having to map disk files. This fixes the need to depend on side files installed in the system to make your static binary builds of r2 to work. This feature is now enabled by default and tested in the CI, but it can be also optionally disabled if you prefer the old behaviour which is more flexible. musl static builds are now officially supported and tested in the CI.

    Friendly reminder that license documentation has been updated in doc/license.md and you can check at runtime all the licenses of the core and plugins used in your builds of r2 in case you need to care of such things.

    Support for the S390 architecture and the z/OS architecture has been improved from RBin, RCharset and RAsm by adding support to extract ebcdic37 strings with rabin2 honoring cfg.charset and loading MVS OFF S/390 module objects, in addition, the latest S390 disassembler from GNU Binutils has been imported, which works side by side with the Capstone one.

    Some important bugs has been fixed in the debugger. From infinite loops, fixed reg profile for arm64 debuggers, reseting the heap analysis on restart and other undefined behaviours that happened randomly on Linux and macOS. We greatly recommend you to update!

    Multiline comments are better displayed on hexdumps and disasm, the order of flags and xrefs is now sorted to be more meaningful to the reader. The variable asm.sub.jmp is now working again. Other improvements with asm.meta=false for displaying data in the middle of code and better displaying of switch table comments. A new variable asm.hint.imm is now accessible from visual mode to pick immediates from instructions using hot keys. All those additions make visual and panels look even better!

    The commandline have received some bold updates. The newshell parser has been removed from the codebase, which resulted in the following changes: improved commandline parser to fix all the tests working in newshell with the good-old-C-based parser, deprecate the backslash and single quote aliases for =! and promote the use of :. This is an important change for r2frida users!. The autocompletion tab is working again and has been extended to support more config var types. The whole refactoring end up with 30s less in CI builds and 512KB less sources.

    New commands!

    • afxm : x/y map of function xrefs
    • wcf : write file contents + cache patches into given file
    • aev : the visual esil debugger (same as VbE)
    • aeis: initialize stack for given argc, argv, envp
    • x/w : long standing issue improves gdb-like examine commands in r2
    • ===stderr : allows to redirect r2's stderr thru the new r2pipe.side api
    • px-- context hexdump command (like pd--)
    • : this always-undefined command is now replacing \ and ' aliases

    Command changes:

    • px now honors cfg.charset in the ascii column
    • pr : supports printing raw null bytes
    • Mark ' and \ commands as deprecated. use :
    • Implement @@@e and @@@E to iterate over entries and exports

    The RBin library ships with some important security bug fixes, covering some public CVEs for corrupted PE, Python and MACHO files. Additionally a cache has been added to greatly speedup the loading of DWARF files and adding support for two new file formats (OFF for zOS/S390 and WAD (the DOOM map files).

    From the analysis perspective this release comes with some important changes: capstone5 is now the default disassembler and analysis library for most common architectures. The anal.calls variable is now honored in aa, which results in better code coverage when performing automatic analysis. Running aaaa no longer breaks the debugged process! There's some little improvements in the type propagation analysis and the missing char** type is now included, which works in sync with the new aeis command to redefine the stack contents for a specific argc, argv, envp.

    ESIL has deprecated the REPEAT keyword and extended the Thumb emulation by supporting the ldrd instruction, The arm64 assembler has been also improved a little bit warming engines for the r2wars. Non-intel users will also enjoy a more native experience along all the tools because.

    A new IO plugin is available in default builds, the socket://, this plugin was implemented in r1.. but it never really reached r2 codebase until now! This plugin connects or listens to a tcp host:port and records a flag for every read operation that happens, writes are sent to the endpoint, this enables r2 to be used for protocol debugging, which can be easily scriptable with r2pipe for fuzzing or testing purposes. The old tcp plugin is now named tcp-slurp:// to avoid confussions.

    Signature search, matching, storing and management has been improved, handling collisions of multiple metrics to better decide which match pick, bytes are now available as a metric for signature matching, diffing and comparison. This makes z/ run quiet faster and generate better results than before.

    Better error messaging has been added in visual, panels as well in many commands like the infamous pf which use to spit confusing messages, now supports writing enums and bitfield values in mapped structs. Same goes for the pa command which now suggests pd in case the user mistypes it (as it seems to be from the feedback from users).

    Summarized Highlights

    • removed newshell improved oldshell
    • switch to capstone5 and honor anal.calls for better code coverage and type propagation
    • initial support for analyzing s390/zOS module objects
    • \ and ' aliases are now deprecated. Use =! or : from now on.
    • Improved ESIL with visual word level esil debugger for Thumb, arm64 and x86-64
    • Import socket:// from r1 for tcp network protocol debugging
    • Type information from the binary is now loaded by default
    • Improved stability of analysis and debugger on linux-arm64
    • Musl static bins with compiletime databases for better portability
    • Custom charset supported to find strings and hexdump ascii column
    • Disassembly listing improved for multiline comments and multiflag offsets
    Changelog Highlights

    Changes

    anal

    • Improve aaaa log messages and avoid aaef to run in debugger mode
    • Fix many zero cases in some jump table analysis
    • Fix disasm alignment of data words in s390x disassembler plugins
    • Fix s390.gnu disassembly and add test for 6 byte instructions
      • Better debug messages instead of r_warn in jmptbl analysis
    • Better debug messages instead of r_warn in jmptbl analysis
    • Use gperf on anal/d and improve build and checks
    • Implement afxm command to show an call refs map
    • Apply fix in sixref plugin to be in sync with the latest xref
    • Type added: "char**" to SDB, ref #18633 (#18636)
    • Fix boundary check in aao to parse more refs
    • Fix 'Cannot find return type for' calling convention issues when saving a project (#18638)
    • Fix 13482 - Remove anal.jmp.after variable (#18629)
    • Improved type propagation analysis
    • Fix #18323 - honor anal.calls in aa

    asm

    • Fix #18619 - Wrong assembly generated for: "add x0, x0, 1, lsl #12" (ARM64)
    • Fix rasm2 -w in termux (honor R_SYS_ARCH)
    • Fix rasm2 -w in termux (honor R_SYS_ARCH)
    • Handle je and jne as aliases for jz and jnz in wao
    • Rename sysz to s390 and add the s390.gnu plugin from binutils 2.36
    • Update sdb and use of SdbGperf in asm.d
    • Switch to Capstone5 as default

    bin

    • Dont trust the unaligned rich PEs
    • Add initial toy IBM S390 Object File Format parser
    • Fix #18724 - Use RCharset in rabin2 -z
    • Always load bin types as pf. format strings
    • Add WAD file parsing (#18659)
    • Fix #18679 - UAF when parsing corrupted pyc files
    • Fix #18667 - division by zero in the macho parser
    • Speedup dwarf loading when no files are found in disk

    build

    • Fix #12335 - ignore system-installed r2 includes
    • Add use_cgen meson option
    • Add support for acr/musl-gcc static builds
    • Improve the xxhash system library detection
    • Make meson compatible with older versions (RHEL8 meson 0.49) (#18684)
    • Fix --with-rpath and add CI tests (#18668)
    • Collapse all opcode_*.c files into opcode_all.c

    charset

    • Implement IBM EBCDIC 0037 character encoding

    cons

    • Fix grep cmd with neg (#18763)

    debug

    • Add missing =SN and zf for the darwin-arm64 native debugger reg profile
    • Fix infinite loop in r2 -c 'ood;ood' -
    • Fix dmha output after ood (#18710)
    • Fix cast issue in ptrace call, waitpid fix
    • Show string version of the stop reason in di

    diff

    • Add byte signature diff zd

    disasm

    • Fix #18427 - Sort flags by [sections,formats][other][regs]
    • Fix multiline comments in 'pd' with asm.cmt.right=0 and 1
    • Avoid the use of sscanf, better parsing and error checking, handling negative switch cases
    • Fix #16677 - Honor asm.sub.jmp in pd
    • Fix #13200 - Honor anal hints in asm.meta=0
    • Swap xref and flag comments as suggested in #18427
    • Implement asm.hint.imm and integrate it in visual

    emu

    • Add arm16 ldrd esil tests
    • Implement aeis to initialize argc, argv and envp for emulation

    esil

    • Fix emulation for ARM's ldrd
    • Add 'aev' as an alias for VbE and improve esil debugger
    • Fix #18736 - Eliminate REPEAT ESIL command, fix BSF/BSR x64 expressions

    hash

    • Fix #18727 - Support more hashes in ph

    io

    • Implement socket:// plugin, inspired by radare1
    • Rename tcp:// to tcp-slurp:// and improve help message
    • Add io.cache.nodup to not write the same bytes in the cache

    lang

    • Add GO rlang plugin (#18646)

    p…

    • Properly report error when trying to use an invalid pd subcommand

    print

    • Fix empty lines in hexdump with multiple comments in one line
    • Support multiline comments in px
    • Fix #18309 - Better error messages for the pf command
    • Fix #18308 - Fix pf parsing issues and support write on enums and bitfields
    • Add help messages for pde pdr pdp
    • Implement 'px--' context hexdump command
    • Remove assertion in pFA
    • Fix #4903 - Handle 'w' in x/
    • Improve error message in pa command
    • Honor cfg.charset in px and support escaped encoding
    • Support null bytes in r_print_raw
    • Fix oob crash in 'pri' command

    projects

    • Fix #18641 prevent overwriting projects with Ps

    r2pipe

    • Add ===errmsg to support the new r2pipe side

    search

    • Fix rafind2 issue with small or negative blocksize
    • Reset certificate search properly (#18664)

    shell

    • Fix autocompletion for 'e ' and handle cfg.charset=
    • Fix #16674 - Kill ' and \ commands, use ':' for the only alias of =!
    • Implement @@@e and @@@E to iterate over entries and exports
    • Handle aliased files in wff and wtf commands
    • Remove tree-sitter and the r2-shell-parser

    signatures

    • Consider collision
    • Fix bug in graph matching
    • Create function when z/ finds byte
    • Add R_SIGN_BYTES to metric search (#18703)
    • Support zignature collisions with the new zac command
    • Fix bugs in mergeItem zignatures
    • Refactor output and serialization of signatures
    • Make z/ search sigs seen in z*
    • Refactor signature matching
    • Add byte signature diff zd

    tools

    • Add rafind2 -L to list IO plugins (same as r2 -L)

    types

    • Fix #16687 - Handle multiple colon separated paths in dir.types

    util

    • Add r_rbtree_cont_node_{first/last} (siol_eternal)
    • Add size parameter to r_magic_load_buffer

    visual

    • Fix v;! in sync with V;!
    • Check if target is writeable in Vc+-
    • Add scr.optimize with experimental optimization ansi routine
    • Better v!!!!!!! behaviour
    • Add noflush guards to fix visual debugger mode

    write

    • Implement wcf command to patch file with cache changes into a new file

    Source code(tar.gz)
    Source code(zip)
    r2-wasi-wasm.zip(25.08 MB)
    radare2-5.3.0-w64.zip(9.09 MB)
    radare2-dev_5.3.0_amd64.deb(178.26 KB)
    radare2_5.3.0_amd64.deb(6.84 MB)
  • 5.2.1(Apr 21, 2021)

    See 5.2.0 release notes for changes since 5.1.x

    Bug Fixes:

    • Fix all the high impact issues from coverity (non null terminated strings, oobreads, ub and uaf mainly)
    • Fix loading symbols from nested elfs
    • Fix i*j output on different environments
    • Improved bindiffing and signature matching results
    • Fix empty R2_GITTAP version string issue
    • pdcj (json output of the internal decompiler) is now ready for consumtpion
    • Fix build --with-openssl
    • Fix regexp search issues

    Performance:

    • Optimize RCodeMeta API (about 10x faster decompilation in iaito)
    • Linux debugger is now 35 times faster (aaaa now takes 6s instead of 4 minutes)
    • Set anal.in=dbg.map on cfg.debug, speedups analysis

    Improvements:

    • Load binary header structs before generating the ih json output
    • Extended ESIL support for more MMX instructions
    • Rafind2 output similar to grep by default, better for scripting
    • New color theme named bluy
    • Updated to the last GNU disassembler with support for all the last MIPS asm.cpu
    • oss-fuzz has been fixed and radare2-fuzz project created

    Debugger improvements on Linux:

    • Fixed debugger step on ubuntu-arm64
    • Fix REGREAD errors on Linux debugger (not all kernels support that)
    • Fix Alpine linux debugger attach issue
    Source code(tar.gz)
    Source code(zip)
    r2-static.tar.xz(109.62 MB)
    radare2-5.2.1-android-aarch64.tar.gz(21.51 MB)
    radare2-5.2.1-w32.zip(8.99 MB)
    radare2-5.2.1-w64.zip(9.57 MB)
    radare2-5.2.1.pkg(9.07 MB)
    radare2-dev_5.2.1_amd64.deb(178.27 KB)
    radare2_5.2.1_amd64.deb(6.52 MB)
    radare2_5.2.1_iphoneos-arm.deb(37.35 MB)
  • 5.2.0(Apr 11, 2021)

    Release Notes

    Version: 5.2.0 Previous: 5.1.1 Commits: 316 Contributors: 35

    Contributors

    Alexandr Alexandr Alexis Ehret Alucowie Basstorm Dennis Goodlett Florian M"arkl Francesco Tamagni Khairul Azhar Kasmiran Lars Wrenger Murphy Pamplemousse Paul I RHL120 Reviakin Evgeny Roman Valls Guimera Sylvain Pelissier Taggggy condret el-goe gogo gogo2464 intruder-kat ivan tkachenko meme mio mrglm murphy pancake ramikg soroosh-chabi temp1337 valdaarhun wargio

    TLDR

    **anal**

    • Use =RS 8 for avr
    • Add =RS directive in reg profiles to define default value
    • Fix jump table analysis issue for r2ghidra.v850 (#18550)
    • Test for pcdelta ARM ldr fix
    • Fix pcdelta for ARM esil LDR
    • V850 jmptable fix, cmpval is almost always -1 and slows anal to a crawl (#18498)
    • Add missing v850 calling convention definition file
    • Remove unused type FcnTreeIter
    • Fix oobread ppc plugin
    • handleMidFlags: Reset ds->midflags on entry
    • asm.flags.middle: Don't split bb instruction
    • aae: Realign on fcn start if not in bb
    • Fix duplicate vtable entries after 'aaa'
    • af-*: Remove function flags too
    • Fix cX command and minor cleanup
    • Fix PSW register bits definition for v850
    • Add support for jump tables on v850
    • Fix #18284 (json command returning empty string)
    • Cd1 Cd2, Cd4, Cd8 are aliases for Cd[1248]
    • Fix SN register value for linux-arm64
    • Improve reg profile parsing and error handling
    • Detect shift for the first switch case
      • Fix gcc 9.2.0 kind of x86_64 jumptables
    • New command: aaw, flag all words pointing to known flags

    android

    • Add r_file_binsh() and avoid hardcoding /bin/sh for Termux

    api

    • Remove some exit() calls in libr
    • Rename r_cons_memcat to r_cons_write
    • ABI/API break. RAnnotationCode->RCodeMeta
    • Use more r_str_ncpy and improve it to not alloc beyond nullbyte
    • Add r_vector_flush()
    • Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
    • Add r_anal_esil_{syscall/interrupt}_{get/del}

    bin

    • Parse the symbols from the ELF .gnu_debugdata section
    • Support x86_64 and macOS dyld caches (#18570)
    • Fix wrong demangling of tiff swab16 bit data
    • Use r_bin_import_free() as cb for imports list (#893)
    • Improve python disassembler and binary parser
    • Fix large loading times when parsing encrypted/fuzzed macho
    • Do not consider ELFs with .gnu_debugdata section as stripped
    • Fix Mach-O related coverity issues
    • Fix coverity issues in xnu kernelcache
    • Fix ASAN crash when allocating more relocs than the filesize
    • Fix long time analyzing oob objc data
      • Fix long time analyzing oob objc data
    • Fix asan crash found in r2_hoobr_dex_loadcode
    • Fix oobread bug in r_str_(ndup|nlen) APIs spotted by ASAN in SMD parser
    • Fix UAF in rz_bin_reset_strings()
    • Fix assert in iSj for invalid size sections
    • Minor ELF cleanup, using more size_t and ut64.max instead of 0
    • Add Support for new CoreSymbolication element format
    • Unset io.cache when not needed after bin.cache
    • Fix warning message when loading files with relocs

    build

    • Move shlr/tcc into libr/parse/c
    • Fix meson build issues related to grub (#18554)
    • Fix the failure in finding the executing user's ID during install (#18508)
    • Add the nogpl meson option
    • Fix version not being updated after running sys/termux.sh
    • Update doc/license for more clarifications
    • Add plugins=nogrub option for meson
    • Improve sys/termux.sh checks
    • Do not run sys/ldconfig on Android
    • Add missing use_fork and use_dylink to meson
    • Fix #18397 - Be less strict when running sys/install.sh as root
    • Fix debian32 in CI
    • Allow custom CFLAGS for Debian packaging
    • Add meson -Dplugins=a,b,c to build only the specified plugins
    • Fixes to make the r2blob shine again
    • Add 32bit Debian packaging and bonus CI fixes
    • Add use_ssl meson option to be in sync with acr behaviour

    charset

    • Implement ps, psz, psj and psj with charset support
    • Support multi-byte input in charset
    • Add more runes to pokered

    ci

    • Fix linux-static pub action

    cmd

    • Sync om and omj output

    cons

    • Fix Ctrl-J issue and remove redundant code in 'Ctrl-J' block
    • Implement RConsPixel and RBraile APIs
    • Fix #16254 - grep expression parse improvement
    • Fix null derefs on RCons when no context is provided

    core

    • Fix #18412 - Add R2_IGNVER variable to load plugins ignoring the version
    • Remove asm.bb (asm.bb.line -> asm.lines.bb, asm.bb.middle -> asm.bbmiddle)

    crypto

    • Update to use keys that can be programmed onto a CPS2

    debug

    • Implement drcq and show it in visual debug/emu
    • Fix #18502 - dangling pointers issues in dbm
    • Revert "dmi commands handle symbols, exports, main, entries too
    • dmi commands handle symbols, exports, main, entries too
    • Implement dmis command as an alias for .dmi*
    • Workaround the dmi issue by using rabin2 in macOS for now
    • Add dbg.maxsnapsize to avoid snapping huge maps

    debug"

    • Revert "dmi commands handle symbols, exports, main, entries too

    decompiler

    • Detect retdec decompiler (pdz) in cmd.pdc

    diff

    • Add abstract Levenshtein dist
    • Abstract r_diff_levenshtein_path
    • Add Levenshtiend path API to

    disasm

    • Honor asm.cpu for asm.arch=ppc.gnu
    • Fix #18511 - Add dwarf info in pdj
    • Add the m68k.gnu disassembler plugin
    • Show overlapped flags if requested and show them differently (#706)
    • Honor cfg.debug in asm.section using dmi.
    • Improve asm.meta=false for 16, 32 and 64 words
    • Fix #17761 - Do not trim the "ptr " when asm.syntax=masm
    • Add pi+ and pi- commands as aliases for 'pi +' and 'pi -'
    • Fix asm.lines.bb with asm.sections set

    dwarf

    • Implement CLj command and improve CL output

    emu

    • Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
    • Add dummy interrupt and syscall handlers

    esil

    • Add r_anal_esil_{syscall/interrupt}_{get/del}
    • Boolify all the ESIL callbacks
    • Fix some asserts and nullderef spotted on arm64
    • Esil plugin management APIs
      • Add r_anal_esil_{get/del}_op
      • Fix deactivating plugins on r_anal_esil_free
      • Add local getter for active esil plugins

    fs

    • Fix absolute paths and add r_return guards
    • Fix fs.posix.cat and use r_sys_dir instead of reimplement (-48LOC)

    graph

    • Add support for highlighted edges in graphviz
    • Add ageh command to let users define which node links should be highlighted

    hash

    • Implement ssdeep fuzzy hashing algorithm
    • Fix name collision for SHA functions

    io

    • Close #18257 / Remove RIODescData
    • Enable io-plugins to set bin.baddr on launch
    • Fix comment
    • Implement custom bit size cyclic memory layout and wrap flags in
    • Rename r_io_map_get_for_fd to r_io_map_get_by_fd
    • Rename r_io_map_resolve to r_io_map_get
    • Rename r_io_map_get to r_io_map_get_at
    • Implement slurp:// uri handler plugin
    • Implement omd command, as a simplified version of om
    • Fix infinite loop in r_io_map_next_available
    • Fix #17049 - oa whithout filename specify, add oa test
    • Add help message for winkd://? and improve desc

    json

    • iVj must print valid json, not empty output (#18571)
    • Add json version output to r2 -vj
    • rasm2 -L now shows an array of objects
    • Fix #18284 (json command returning empty string)

    lang

    • Add #!*? command to show rlang plugin examples
    • Add support to the V programming language for scripting

    print

    • Implement pFX command exemplifying the use of r_sys_unxz()
    • Android Binary XML support (#18545)
    • Improved pdc, added pdco and pdcj, print orphan nodes
    • Fix alignment issues in RTable with utf8 fields

    reg

    • Fix null printf issue in arpi command

    search

    • Import @siguza's arm64 xref finder
    • Show results after pressing ^C in /ad
    • Fix /ad of multiple consecutive instructions

    shell

    • Fix proper hash comments & quotes mix (#18551)
    • Implement whoami and uid commands
    • rasm2 -Lj works the same way as -jL
    • Add variable autocompletion class in !!!
    • Add scr.loopnl to add a newline on all the @@ loops

    test

    • Add R2R_SKIP_ASM env var handling in r2r

    tools

    • Fix #18391 - Show help in r2pm even before initializing the db

    util

    • Add r_file_find to recursive list files and subdirectories into a list
    • Rename dep in rbtree.c to depth
    • Rename d, d2, d3 in rbtree.c to direction ...
    • Optimize r_rbtree_cont_{first/last} #18485
    • Implement r_rbtree_cont_node_prev (siol eternal)
    • Implement r_rbtree_cont_last
    • Fix endless loop in r_rbtree_cont_node_next
    • Add unit test for r_rbtree_cont_node_next
    • Fix segfaults in rbtree.c (parent backlink)
    • Add r_rb_cont_tree_node_next (SIOL Eternal)
    • Add backlink to parent in RBNode (SIOL Eternal)
    • Add r_rb_cont_tree_find_node (SIOL Eternal)

    visual

    • Add agfb for braile graphs
    • Revert "Fix memleaks in agraph by keeping a separated list of dummy nodes
    • Fix memleaks in agraph by keeping a separated list of dummy nodes
    • Initial implementation of graph edge highlighting

    visual"

    • Revert "Fix memleaks in agraph by keeping a separated list of dummy nodes

    Associated releases:

    See below for the changelogs:

    Highlights

    Improved V850 Support

    This release comes with several improvements for the V850 (in concret e2) cpu. The default disassembler is not really supporting many of the instructions of this architecture, but you can use r2ghidra as disassembler and analyzer which comes with a bunch of improvements for this architecture. Here's a list of the most relevant changes:

    • Add support for cyclic memory layouts, this memory model is only supported in some rare architectures like s390, VAX, old ARMs and some V850. And this is not supported by any other static analysis tool (only by some closed source emulators from what @trufae could find).
    • Implemented jump table analysis and pointer table size prediction, requires latest r2ghidra to work
    • Add /cu command to find UDS dispatch tables and pointers for CAN BUS handling firmwares
    • The new omd command makes creating memory layouts for embedded firmwares much easier, but at the end it's just a simplified version of om.
    • Add slurp:// uri handler which does the same as oom to reload the given disk file into a malloc:// which is ideal for loading firmware dumps with ram contents for proper emulation.
    • Fix PSW register bits definition for v850
    • Added default calling convention for v850e2-gcc

    ARM64/Apple support

    • Android binary XML decoder available in the new pFa command (thanks @meme)
    • Added support for the new CoreSymbolication file format (thanks @mrmacete )
    • Support the latest dyldcaches from macOS/arm64 (thanks @meme)
    • Add core plugin using @Siguza 's arm64xref search code which is 200x faster than /r with capstone
    • Fixed large loading times and segfaults when loading some corrupted mach0 binaries
    • Improved ARM32 LDR esil emulation which may fix some missing xrefs

    Analysis

    • New command: aaw, flag all words pointing to known flags
    • Float/Double/LongDouble types supported in pf [fFG] and wv[fFG]
    • Better handling errors when parsing invalid register profiles
    • Add =RS directive to define the default register size.
    • Assign pdc, pdd, pdg, pdz to their respective decompilers
    • Honor all asm.cpu values for the powerpc GNU disassembler
    • Added levenstein binary diffing path APIs
    • Improve pdc pseudo-decompiler output (show orphaned bbs) + pdcj support
    • Add support for new crypto keys on CPS2

    Search

    • Add brand new implementation of ssdeep (by @trufae) under the MIT license.
    • Fix /ad command results are now correct and tested.
    • New sixref command (see siguza's plugin in the arm64 section)

    Shell

    • Add lsr, whoami and uid commands
    • Move the Vlang rlang plugin from -extras to core. it's now stable and ready to use.
    • Add scr.loopnl to add a newline on all the @@ loops
    • Improved dmi commands to load more symbols in debugger mode
    • Fix #16254 - grep expression parse improvement ##cons
    • Add freebsd-x86-32 support for sflib based shellcodes with ragg2

    Binaries

    • Added bin.cache as a high level value for io.cache
    • Add support for loading symbols from .gnu_debugdata sections on ELF binaries
    • Support latest dyldcache and coresymbolication files for macos-arm64 and ios
    • Fixed segfaults and large loading times on 6502, PYC, DEX, MACHO, ELF, DWARF formats
    • Dwarf information is now listed in the output of pdj and other CL listings

    Visual

    • Add support for highlighting edges in graphviz and ascii graphs
    • Honor cfg.charset in w, ps, psz and psj (thanks @gogo2464 )
    • Add minigraph support in visual (check graph.mini)
    • Support multibyte input conversions in custom charset encodings
    • Improved glob expression text filtering (thanks @as0ler )
    • Implemented braile-art graph rendering (afbg)
    • Show status register bits in visual debugger mode

    Build

    • Clarify license usage in target build for core modules and installed plugins (
    • Fix static builds with meson
    • Handle use_ssl, use_fork, use_dylib, nogrub, nogpl and custom plugin builds with meson
    • Cleaned up slow tests and make CI run in GHA in 8min
    • Import patches from Termux

    Source code(tar.gz)
    Source code(zip)
    r2-5.2.0-static.tar.xz(108.19 MB)
    radare2-5.2.0-android-aarch64.tar.gz(29.33 MB)
    radare2-5.2.0-android-x86_64.tar.gz(9.22 MB)
    radare2-5.2.0-macos-amd64.zip(8.90 MB)
    radare2-5.2.0-w32-installer.zip(5.71 MB)
    radare2-5.2.0-w32.zip(8.56 MB)
    radare2-5.2.0-w64-installer.zip(6.24 MB)
    radare2-5.2.0-w64.zip(9.09 MB)
    radare2-5.2.0.pkg(9.04 MB)
    radare2-5.2.0_debian_amd64.zip(6.64 MB)
    radare2-5.2.0_debian_i386.zip(6.32 MB)
    radare2-5.2.0_iphoneos-arm64.zip(37.14 MB)
    radare2-dev_5.2.0_amd64.deb(177.25 KB)
    radare2_5.2.0_amd64.deb(6.47 MB)
  • 5.1.1(Feb 11, 2021)

    This is a minor bug fix release after 5.1.0 was out. But as usual it comes with some new features! Contents are mainly bug fixes and behaviour and abi compat should be fine 5.0.0, this is, all the built packages for 5.1.x will work. Highlights:

    New Stuff

    UDS Search

    The new /cu command search for UDS tables useful for reverse engineering ECU firmwares. The code has been taken from binbloom and integrated as all the other search commands in r2, so you can have json, quiet, and r2 commands outputs for it.

    • Add /cu[qj*] and r_search_find_uds API

    Screenshot 2021-02-11 at 10 47 18

    Color2g graph nodes

    This feature has been there for more than 10 years, but barely tested or used, after a user request and some testing the afbc command to improve to support specifying the color by name or following the CSS syntax like its supported in the color themes.

    Screenshot 2021-02-11 at 11 12 28

    In addition the @ key have been handled in the graph view to toggle graph.layout variable, so you can easily rotate between portrait and landscape modes.

    Visual Gameboy 2bpp Pixmaps

    You can now use the visual mode to search for 2bpp bitmaps usually embedded in Gameboy roms. This is part of the retro-r2 project which aims to improve the support for old game consoles

    Screenshot 2021-02-11 at 11 27 51

    Encoding charsets

    The custom charset encoding support have been extended over the w command to be able to encode an ascii string into pokered charset encoding and write it directly. The decoding support was already added in ps, and the integration and improvement of this feature will slowly come in next releases, as it fits into the retro-r2 plan and has been a long awaited feature by the rom hacking scene. Kudos @gogo2464 for that stuff!

    Screenshot 2021-02-11 at 11 38 30

    Reverse Shell

    Do you need to get access to a shell on a machine under nat or firewall? Try out the new =r command! it will take the host:port as argument and try to connect there to expose an r2 shell. This was implemented to get a shell in the GHA CI to debug an issue, but I guess this feature could have more uses :)

    Screenshot 2021-02-11 at 11 36 09

    Other Improvements

    Analysis

    • Allow to analyze bigger functions by reducing the stackframe usage and using anal.depth better
    • Reclassify some AVR instructions away from SWI

    Assembler

    With the aim in mind to cook gameboy roms with just rasm2, the assembler directives have been documented in the help message and manpage, the .fill one now works with only 1 parameter.

    • Improve .fill and rasm2 -hh with documented directives
    • Refactor and cleanup the z80 assembler

    bin

    • Faster mach0 and dyldcache parsers
    • Fix iCj for mach0

    build

    • Fix a credentials downgrade problem in Install.sh
    • Introduce w32 and w64 in the CI
    • Add Windows ZIP in the CI (#18310)
    • Assign radare2 binr target
    • Support statically linking system OpenSSL
    • Define PYC_ROOT and WASM_ROOT (#18290)

    shell

    • Add print, println, and placeholder for printf and printfln
    Source code(tar.gz)
    Source code(zip)
    radare2-5.1.1-android-aarch64.tar.gz(21.18 MB)
    radare2-5.1.1.pkg(10.34 MB)
    radare2-5.1.1_w64.zip(9.21 MB)
    radare2-dev_5.1.1_amd64.deb(4.27 MB)
    radare2_5.1.1_amd64.deb(6.46 MB)
    radare2_5.1.1_iphoneos-arm.deb(36.94 MB)
  • 5.1.0(Jan 25, 2021)

    Release Notes

    • Version: 5.1.0 (2021-01-26)
    • Previous: 5.0.0 (2020-12-21)
    • Commits: 291
    • CommitsFromRizin: 35
    • TotalContributors: 45

    I will try to be more verbose with the release notes this time, it could help everyone to understand better the changes that happen, project directions and new features, as well as be more entertaining, even readable by Siri.

    As I'm writing these lines I know I will be missing something, so please, if you think this summary is missing any important details let us know and our apologize in advance!

    Updates from r2land

    This is the second release after the fork, we are still putting things in place and optimizing the development for what we had in mind. Probably many people expected a public statement about the events, but this post end up being used as a therapy and focused on spending the time for what it matters: have fun, move fast and code for what matters most for the users and contributors without losing time and nerves in personal conflicts or strict roadmaps, just fixing, improving and keep vibing the amazing community in r2land.

    There are frequent back and forth pulls of changes from both projects (see sys/derizin.sh for more details), and future directions of both projects will probably differ enough to lower that pace. If you are curious about other side projects:

    About r2ghidra, it was rebranded (previously named r2ghidra-dec), and has been updated with all the changes in rz-ghidra, but adds ACR build support (which works on FreeBSD), removes the need for bison and flex, See https://github.com/radareorg/r2ghidra for more details about the 5.1.0 release.

    On r2cutter, the repository, project and icon has been renamed from Cutter to r2Cutter as well as updated the r2 dependency to the latest 5.1.0, but the CI hasnt been massaged yet to do the release builds, so no release of r2cutter is planned until this issue gets fixed.

    r2dec is still available and working, just remember to update your package database with r2pm update.

    Contributors

    Alexander von Gluck IV Alexis Ehret Allen McIntosh Anton Kochkov Aswin C Briand Djoko Carson McManus ChD1 Dennis Goodlett Eduard Eduard MURESAN Fangrui Song Florian Maerkl Francesco Tamagni Fredrik Fornwall Giovanni GustavoLCR Kamil Rytarowski Khairul Azhar Kasmiran Liumeo Murphy Paul I Qijia Liu RHL120 Riccardo Schirone Riccardo Schirone Sahil Siddiq Sylvain Pelissier aemmitt-ns aemmitt-ns condret eagleoflqj gogo gogo2464 ivan tkachenko laohuai liumeo mrglm pancake pancake pancake ratijas wargio yossizap yossizap

    TLDR

    Highlights

    This release comes with a large list of bug fixes, many of them you may probably not even noticed, but some of them are important for users and packagers, it has been tested on a large list of platforms, not just in the CI, but also in sparc, mips, powerpc and other funky hardware (Thanks @unixfreaxjp !). We are not forgetting the new Macs, and this release comes with few fixes for fat binaries, kernel caches and arm64 floating point emulation (kudos to @mrmacete and @aemmitt-ns for them!).

    Projects: One of the most awaited feature is now finally available for testing, the git support has been enabled by default and some options and backward compatibility transitional code have been removed. Please test this out and let us know if you spot any issue! thanks @trufae for this!

    The CI have been rewritten for simplicity and it's now building and publishing Android, iOS, macOS, Linux and Windows artifacts on every commit, ASAN, LGTM and COVERITY are still there, but all jobs run in github actions.

    Lots of improvements in the support for JSON have been added by @liumeo also, several memory leaks have been cutted down, which are always welcome.

    Support for streaming large files over mg, and added support in r2frida is now available thanks to @as0ler!

    r2wars

    The r2wars game runs on top of r2, but it needs some tweaks for the esil vm to work, this version optimizes this by checking configuration options outside hot loops.

    • Cache cfg.r2wars value outside the eval loop

    Those 'hacks' will be eventually removed when r2wars gets able to emulate syscalls, traps and low level stepping for context switching at esil-expression level.

    • Support sbfm/ubfm in arm64
    • Initial support for arm64 asm extendtype
    • Add test and update arm.winedbg (#18117)

    The arm64 assembler has been extended support more instructions and be more formal and correct.

    • Implement i4004 assembler

    It's always great to welcome a new supported architecture for assembling code (disassembler for i4004 was already available). Kudos to Liumeo for this nice addition!

    bin

    • COFF: handle empty sections (#447)

    • Dont demangle with libs unless requested

    • Add bin.cache evar to use io.cache when bins need to patch relocs

    • Fix Mach-O rebase on fat slices

    • Add additional ELF header fields to rz-bin output

    • Fix PE Delay Imports for multiple delayed DLLs (rizin)

    • Lowercase DEX method attributes and move r_num_bit_count()

    • Initial implementation of the DEX annotation parser

    The DEX annotation metadata is now parsed in the DEX plugin, this means, that parsing is actually a bit slower (it's parsing more information) but provides more context and information of the application classes and methods. Use bin.verbose=true to get that information.

    This metadata must be imported into r2 somehow, but this interface hasnt been defined yet, so only plaintext representation is supported at load time. Probably finding a good tree representation for an Sdb instance could work.

    radiff2

    • Add more checks on the passed files and fail early.
    • Honor graph.font in diffing graphs too
    • Remove buggy Levenshtein diff algorithm and rename the original code

    Some confusing usage and documentation have been updated and the default diffing algorithm is now faster. (Thanks MaskRay for spotting it and Liumeo for massaging it)

    ci

    The whole CI scripts have been rewritten to run everything in GithubActions, and adjust the test of PRs to 20min, ASAN is only running in master (takes 1h), and every commit is compiled for linux, macos, windows, ios and android. No breaking commits can be merged. And all artifacts are available to download for every single commit and architecture.

    As long as the Sanitized build takes 1h to run the testsuite we decided to make it run only in the master branch, if any regression happens there it's easy to fix with the crash logs in GHA.

    This is the setup of jobs in the current CI:

    • Add android-arm64 target to build release artifacts
    • Add TCC ci task which is able to build and run the testuite
    • Added cydia builds for arm64
    • Add job to test build and install with spaces in builddir and installdir
    • Add job to test install, uninstall, symstall for proper purgation and avoid disasters
    • Fix the badge in the README
    • Add asan ci job to run all fuzzed bins with a sanitized build (takes 1h)
    • linux-test builds with acr and takes about 20min to run all tests
    • CoverityScan service find vulnerabilities with advanced source code analysis.
    • LGTM service spots static source analysis good practices
    • Initial attempt to switch to Capstone 5, needs more

    RTable

    • Dashes in RTable with X format
    • Implement RTable:sql and add RTable.name

    You may not know about RTable yet, but it's an api and command modifier that will be used more and more over time. In short, RTable provides an API to create tables with columns with types and rows with data and an api and query syntax to operate over those tables in the same way as you would do in an SQL database but using the cryptic syntax of commands we like in r2land.

    This release introduces a new output for SQL. This means that any information stored in r2 can be exported in SQL statements and processed in your favourite SQL database. This is an example usage:

    $ r2 -AA /bin/ls
    > afl,:sql > functions.sql
    > !sqlite3
    sqlite> .read functions.sql
    sqlite> .tables
    fcns
    sqlite> select count(name) from fcns;
    128
    

    RISCV

    • Fix #18212 - Detect RISCV gdb servers
    • Add riscv in RSysArch and make it an enum, not a bitmask
    • Update RISC-V ESIL with sign extention operator (#18109)

    Native support for Linux/RISC-V is now available as well as remote debugging via GDB, the ESIL emulation have been improved a little bit.

    disasm

    • Fix HUGE bottleneck in the WebAssembly pseudo disassembler and analyzer
    • pd, is an alias for pdt (pdt will be removed soon)
    • Honor meta size in asm.meta=false and add tests
    • Fix #18202 - Large Cd truncates and crashes in pd
    • Implement print disasm until optype

    ESIL

    • Fix x86_cs cmpbs esil
    • fix x86-cs rep/repe/repne esil expressions

    @condret find out (and fixed) a bug in the way rep instructions were constructed in ESIL in x86.

    • Support arm32 esil stmib/ldmib
    • Add sign extension assignment operator (#18092)
    • Add floating point operations for emulation

    Thanks to @aemmitt-ns (Austin Emmitt) for implementing support for floating point arithmetics in ESIL as well as adding support for most FPU instructions for ARM64. That's an important move forward in order to improve the language to handle more instructions and architectures.

    A work in progress support for RIOBanks is not yet included in this release. But hopefully in the next release @condret and @trufae will be manage to finish the new API and commands and integrate them into the ESIL to support memory banks in GameBoy emulation for example (as well as add support later for other archs).

    • Add support for RAnal.ESIL plugins

    Those new types of plugins are right now just a place holder to call init/fini and do whatever you want from there. But in the next release ESIL plugins will provide the ability to expose some functionalities to the ESIL VM, syscall implementations in userland, libc emulation functions, custom esil operations, hardware devices, etc. Join the Discord, Telegram or IRC channels to raise the topic if you are interested on more details.

    fs

    • Add support to stream files using mg (#18253)

    This feature has been added pair to pair with the r2frida implementation, this way enables r2 to download all the files and its contents without any file size limitation from the remote device to your host. All the RFS plugins API has been changed to if you are using custom RFS plugins you may take care of that.

    Support for uploading is not yet implemented, but it is planned in the near future.

    Thanks Murphy for that great contrib!

    io

    • Accept rwx argument in onn command
    • Add onn command to fix custom map assignments

    Those changes and new command are required for the projects to be able to save and restore the status of files, binfile and iomaps in proper order and reference.

    • Fix and refactor the ar:// plugin

    The refactoring of the io.ar plugin spotted a regression in open_many() which is not yet fixed, brave volunteers are welcome!

    Projects

    The most requested feature for r2 has been reworked to actually make it work and improved several use cases that weren't handled before:

    • prj.git is now enabled by default if git is in path

    this means that everytime you run Ps after saving the changes in will prompt you for a commit message. The ability to rollback to any previous state of the project by just calling git reset and Po becomes very handy when bad things happen or you just want to track your progress.

    As long as projects are in plain text they are readable in git diff.

    Improved support to ease the workflow to support multiple users sharing the same project via git will be implemented in future releases.

    • Handle io.maps and bin.segments in o* to handle custom maps in projects
    • Add map name information in o* output
    • Honor mapaddr for malloc in o*
    • Save the write cache in projects

    As long as the user can create custom maps on specific files, the projects need to determine if there's any binobject associated with a specific file for processing a map. This puzzle is solved by the o* command which now prints the right commands to reconstruct the same IO environment starting from a clean session.

    • Reworked P command with RProject and prj.name integration
    • dir.projects becomes abspath when set
    • Fix projects by removing code and honoring prj.name
    • Save the write cache in projects

    The P command is now much more stable and all the subcommands work as expected, some tests have been added and project renaming can be done via command or via evar prj.name. The magic behind this evar-project-action is done by using the RConfig.getter APIs that have been there for a while but barely used, the value is updated at get time from the project instance details. This way it's possible to rename a project like this:

    > e prj.name
    test
    > e prj.name=case1
    
    • Tell the user that debugging projects don't work

    Projects are working, but they are far from perfect, one of these missing corners is the debugging support, the main reason for that is the lack of integration of aslr rebasing in projects, this will be eventually implemented, but for now it's better to avoid the user to mess the thing.

    In any case, it's always recommended to have your own manually writen scripts to do setup some flags, memory patches or breakpoints, so you are more in control of what you run in a living process.

    • Fix calling convention save/restore
    • Print call convention once in afi
    • Warn once about the missing anal.cc
    • Use RConfigNode.getter callback in anal.cc to be in sync with k anal/cc/default.cc

    Some improvements in the way calling conventions are handled inside r2 enabled the use of anal.cc like it's done in prj.name, with a 'live' evar. default calling convention is defined by the architecture but can be redefined by the rbin plugin or the analysis information. In addition the user can also specify a custom CC for each function, all those details are preserved with the anal.cc evar and the tc and afc commands.

    • Remove transitional projects code
    • Remove file.path and file.lastpath and add RProject
    • Remove the prj.simple option
    • dir.projects becomes abspath when set
    • Use UID instead of PID to identify the user to avoid changing projects everytime

    Refactor

    • Refactor tcc and afcl commands, improve help and JSON
    • 25 commits refactoring the code to use the formal PJ api to generate JSON

    This includes honoring the settings defined by the user in the cfg.json evars, this nice feature was introduced by @hexploitable in the previous 5.0 release.

    [0x00000000]> e cfg.json.num =?
    none
    string
    hex
    

    Rizin

    • Added support for regex in test output and stderr
    • Massage RRegex to fix codingstyle and a null deref.
    • This resulted in a cleanup and refactoring of RRegex

    One of the changes introduced in Rizin is the ability to use regexps to check the output of an r2r test, but after doing some cleanup in the regex code some issues were spotted in the logic, so it's not encouraged to write tests using regexps yet. Unit tests has been added, but it still requires to be fixed.

    The bugs are logic bugs, not exploitable, but some match expressions won't work. But at least the feature is in sync.

    Other commits taken from RZ grouped by author are:

    Paul I

    • COFF empty sections
    • memleaks in ophandlers
    • rtable X dashes

    xvilka

    • part of the improvements for indentation

    wargio

    • avr anal warning due unpopulated mnemonic and further refactoring
    • fix ao rjmp issue

    ret2libc

    • Fix misusess of r2 commands inside r2
    • Use r_core_flag_get_by_spaces() in getFunctionName()

    kazarmi

    • Fixed AVR anal plugin warning due unpopulated mnemonic
    • Fixing clang flow warnings (#321)
    • Fix #rizin302 - Fix function modification detection false
    • Remove all dead assignment detect by clang sa (#310)

    yossizap

    • Fix trace crash
    • Add regex support in r2r

    Florian

    • Fix null deref in rbtree
    • Implement delay imports in PE parser

    shell

    • Implement rax2 -I to convert from/to LONG and IP Address

    Sometimes a shellcode or a piece of program is doing some operations with IP addresses and it stores the IP address on a 32 bit register value. rax2 now provides a handy commandline option to ease this conversion. This feature was already available as a hint for the disassembly to convert instruction arguments to ip addresses.

    $ rax2 -I 192.168.1.32
    0x2001a8c0
    $ rax2 -I 0x2001a8c0
    192.168.1.32
    $
    
    • Implement $i and $I numvars

    Those two variables have been added in order to ease writing some scripts that navigate thru the code moving forward and backward honoring the instruction boundaries of the current analysis information.

    So $i is the address of the next instruction and $I of the previous. Things get more interesting when the braces join the game: Using $i{3} gives you the address of 3 instructions forward. and the same goes for $I{3} to go backward.

    • Fix #18171 - Support RNum for syscall-name in asl command

    The asl command has been modified to use RNum when parsing the argument, so its possible to

    API

    • Add RFile.new and RFile.move APIs
    • RFSPlugin API has changed

    Plugin delegates return int instead of RFSFile to avoid leaks and uafs, needed for streaming largs files over mg.

    • New RAnal.ESIL plugins

    Add esil.dummy in your plugins.cfg if the build fail with missing R_ESIL_PLUGINS error.

    Visual

    • Fix ecn (and VR) when no custom theme was set in .rc

    In human words: rotating color themes is working again!

    • Implement history filtering for dietline
    • Initial implementation of r_cons_eprintf

    This new API is wrapping eprintf() but its also able to buffer the results and flush them after r_cons_flush().

    FUTURE: The need for this API is to improve the r2pipe API and handle a 3rd communication pipe to handle asyncronous error messages. This is a long term plan and should be backward compatible, so no r2pipe scripts may break.

    • Fix help rendering: avoid printing trailing whitespaces (#18115)
    • Improve str.wrap, add cons.line and fix cons.printat glitch
    • Fix #17940 - Show ConfigNode options when selected in Ve
    • Box borders in graph and panels are now in yellow
    • Update www/t from radare2-webui
    • Fix cascading solitaire issue in panels menus
    • Fix the 'c' cursor behaviour in disasm

    Those commits improve the experience in panels, fixing an anoying bug in the menus, improving the cursor mode. The default color theme for the frames makes it easier the eye.

    The heavy webuis were removed in 5.0, but we are still shipping t/iled and p/anel ones, it's known that the webui repo needs some attention

    bindings

    The bindings have been also updated with some more valadoc documentation that can be read in here:

    https://radare.org/vdoc

    This documentation and API can be used for any bindings generated by valabind, this is: python, nodejs, ruby, go, v, ... the work to stabilize the apis in this module focused in RConfig, some fixes have been done in this module.

    security

    As usual, every release of r2 comes with a large list of security vulnerabilities, bugs and crash fixes. The list below sumarizes the most relevant ones:

    • Fix #18274 - Fix crash in r2 *.wasm
    • Fix crash in XNU kernel parsing (no cache)
    • Fix code injection vuln in .ic* with ObjC classes
    • Fix trace crash caused by a mismatch between the register profile and op anal
    • AVR: Fixed profile, (null) instruction and anal
    • Fix potential null-deref in r_rbtree_cont_foreach()
    • Fix crash when wasm file contains symbols with large names
    • Handle ^C and fix ASAN crash in aeA command

    build

    • Disable AVR plugin from all static builds because of the duplicated symbols issue introduced in recent refactoring.
    • Add r2.1 when installing with symstall
    • Fix debugger build problem in android-x86_64
    • Remove --without-r2r configure option
    • Create dist/ to hold all the distribution build files

    Merged some patches coming from Termux to improve the debugger support on android-x86. The r2r testsuite executable is always built and should be available to all the user installations.

    Also, some issues has been fixed in sys/install as well as new CI jobs to verify no regressions happen on install/uninstall/spacesinpaths, etc.

    config

    • Fix some returns to fix initialization issues in evars
    • Remove unused cmd.xterm and use * instead of strcmp for ?
    • Support evar filtering in eq and check for bool type in RConfig.toggle
    • Expose RConfigNode.options APIs to avoid messing with internals
    • Count lines is a prefix operator
    • Add a progress bar for when scripts are running
    • Honor R2_CFG_NEWSHELL=0 to disable it
    • Seek command ignores the tmpseek
    • Add missing vars from ?$? in ?$ and sort them alphabetically

    Source code(tar.gz)
    Source code(zip)
    r2cutter-5.1.0.pkg(1.38 MB)
    radare2-5.1.0.pkg(10.32 MB)
    radare2-5.1.0_w64.zip(9.45 MB)
    radare2-5.1.0_windows.zip(62.25 MB)
    radare2-android-aarch64.tar.gz(29.41 MB)
    radare2-android-x86_64.tar.gz(30.67 MB)
    radare2-dev_5.1.0_amd64.deb(3.71 MB)
    radare2-windows-installer.exe.zip(38.88 MB)
    radare2_5.1.0_amd64.deb(6.43 MB)
    radare2_5.1.0_iphoneos-arm.deb(36.94 MB)
  • 5.0.0(Dec 21, 2020)

    r2-5.0

    Commits: 510 Contributors: 65

    Interface

    • Added the Comma API
    • Added r_str_wrap() and r_cons_printat() APIs
    • Fix adding comments in panels
    • Improved help messages
    • Removed problematic fortunes
    • Add ?et command to change terminal title
    • Fix double-click issue in vte terminals
    • Formalize the flag names and its filtering APIs
    • Fix return code when using q!. Fixes r2pipe.go
    • Add experimental asm.flags.real to get strings from bin.str.real
    • Removed unmaintained enyo and panels webuis (-2MB)
    • Set realname on all bin strings for better asm.flags.real when bin.str.real is set
    • Fix ansi colors embedded inside json output formatting
    • Improve socket and http server APIs
    • Add opn/opr/opp commands to rotate between opened files
    • Initial implementation of scr.cursor for keyboard accessibility in visual and panels
    • Add asm.hint.call.indirect to make indirect calls follow the target address (#17968)

    Performance

    • Use sdb_set instead of sdb_querys (aaaa is 7x faster)
    • Optimize IO.cache (makes bins with relocs much faster)

    Signatures

    Debugger

    • Sync anal and debug tracing information
    • Fix a crash in dts+ command with empty register arenas
    • Attach to target pid/tid on remote lldb connect
    • Add a warning when a breakpoint is placed in an invalid map
    • Add commands to parse mangling pointers glibc heap

    Analysis

    • Improve signature matching, threshold, refactor and optimize related code

    • Directly apply Callee Args in Type Matching

    • Takeover variables when splitting functions

    • Always register the derived CC from the reg profile

    • Add bbhash to detect modifications in functions (and reanalize if patched)

    • Implement basic block listing commands (abl*)

    • Implement tcc-* commmand to unload all calling conventions

    • X86

      • Add amd64syscall and anal.cc evar
      • Fix esil for cmp/sub instructions
      • Add amd64syscall calling convention
      • Fix ELF R_X86_64_PLT32 relocation entries patching (#17587)
      • Fix x86 CMC instruction
    • MIPS

      • Improves mips.gnu esil
      • Add JALR JR when the address can be computed
      • Fix GP calculation when there are multiple entries
      • Fix MIPS C-TYPE instruction check
      • Set asm.cpu for mips.gnu derived from the ISA defined in the ELF
    • ARM

      • arm mte addg/subg decoding
      • fix arm it block analysis
      • BLR arm64 is type=RCALL (before it was UCALL)
      • ARM64 assembler can now assemble AND and BIC instructions (Thanks @mrmacete!)
      • Add initial support for arm and arm64 ELF relocs
      • Handle RELATIVE (todo) and IRELATIVE relocs in ARM64 ELFs
      • COFF: add ARMNT and ARM64 support
      • All testsuite run on arm32 and arm64
    • v850

      • Improve invalid instruction detection
      • Implement the pseudo disassembler plugin
      • Fallback to anal=v850 when using asm=v850.gnu
      • Add ep, sp, gp lp register aliases for v850
      • Added function preludes (aap finds much more functions)
      • Fix calling convention argument register usage for v850
      • Add all instruction descriptions
      • Set v850 disassembler when opening v800 ELF files
    • TMS320

      • Implement pseudo disassembler plugin
    • PowerPC

      • Initial assembler support
      • Improve reg profile to support calling conventions
    • RISC-V

      • Add all instruction descriptions
      • Add Fix shift instruction analysis
      • Fix ESIL for JALR and AUIPC instruction
    • SPC700 plugins moved to extras

    ESIL

    • Add sign-extension operations
    • Implement aof to filter expressions using the dfg api
    • Fix unexpected FPU exception in ESIL emulation bug
    • Enlarge ESIL VM stack from 32 to 256

    BSD

    • Support pkgconf (BSD alternative to pkg-config)
    • Fix build with tinycc, unfortunely the final binary segfaults
    • Fix debugger support in FreeBSD
    • Implements r_sys_aslr for NetBSD
    • Fixing r_sys_pid_to_path for DragonFlyBSD
    • Setting ASLR support for DragonFlyBSD

    Windows

    • Fix r_core_editor() on Windows (#17887)
    • Fix MSVC template demangling symbols
    • Expose TEB address as a flag on Windows
    • Add network support to WinDbg/KD (KDNET)

    Apple

    • Support ObjC small method lists
    • Support iOS 14.x dyld shared cache
    • Add support for new macOS kernelcache

    Changes

    • Rename asm.filter to asm.sub.names
    • Rename asm.var.sub to asm.sub.var
    • Deprecate the afc= command.
    • Removed all globals from main functions
    • afc= -> e anal.cc
    • Fix big endian DWARF parsing
    • labels no longer stored in sdb
    • Refactor Variable Constraints out of SDB
    • Fix r_anal_block_automerge incorrectly merging blocks

    Thanks to

    Authors

    Source code(tar.gz)
    Source code(zip)
    radare2-windows-5.0.0.zip(9.32 MB)
  • 4.5.1(Sep 3, 2020)

    Release Notes

    Version: 4.5.1 Previous: 4.5.0 Commits: 20 Contributors: 9

    Highlights

    bin

    • PE
      • Fix null dereference in Pe64_bin_pe_compute_authentihash
    • ELF
      • Avoid buffer overflow while identifying imports

    build

    • Fix Cydia/iOS packaging and compilation issues
    • Enable LTO in sys/static.sh
    • Install ldid2 as well, to sign packages for cydia
    • Use meson install instead of manual installation in meson.py

    core

    • Add Function Name, Constants, Globals and Local Variables to RAnnotatedCode

    port

    • Backtrace support for haiku

    util

    • Add r_sys_now_mono() and use in r2r
    • Fix NULL dereference in r_pkcs7_parse_spcinfo()
    More details

    Authors

    Source code(tar.gz)
    Source code(zip)
    radare2-4.5.1-android-aarch64.tar.gz(28.95 MB)
    radare2-4.5.1-android-arm.tar.gz(27.65 MB)
    radare2-4.5.1-android-x86_64.tar.gz(30.18 MB)
    radare2-aarch64_4.5.1_iphoneos-arm.deb(35.01 MB)
    radare2-arm32_4.5.1_iphoneos-arm.deb(34.83 MB)
    radare2-debian-buster_4.5.1_amd64.deb(6.02 MB)
    radare2-dev-debian-buster_4.5.1_amd64.deb(2.54 MB)
    radare2-dev-ubuntu-1804_4.5.1_amd64.deb(2.49 MB)
    radare2-macos-4.5.1.pkg(10.40 MB)
    radare2-src-4.5.1.tar.gz(7.95 MB)
    radare2-ubuntu-1804_4.5.1_amd64.deb(6.08 MB)
    radare2-windows-static-4.5.1.zip(58.76 MB)
    radare2_installer-4.5.1.exe(5.73 MB)
  • 4.5.0(Jul 18, 2020)

    Release Notes

    Version: 4.5.0 Previous: 4.4.0 Commits: 426 Contributors: 58

    Highlights

    Analysis

    • Initial API for base type kinds (enum, struct, union)
    • Rename PowerPC to PPC
    • Improve RISC-V analysis for compressed instructions
    • Add endbr64 as a function prelude for x86-64 binaries
    • Improve BP vars/args detection
    • Detect register args used only by callee
    • Match args name/types from function definition
    • Improve itanium RTTI parsing and vtable search
    • Refactor Variables out of SDB
    • Implement basic concept of signature bestmatch

    asm

    • Add support for WebAssembly SIMD extension
    • Boolify r_asm_is_valid and r_asm_set_syntax API
    • x86_64/x86_32: Implement assembler endbr32 and endbr64 instructions
    • x86_64: Support mov r64, 0xffffffffffffffff
    • x86_64: Fix mov r32, -imm32 encoding
    • Move inferior GNU Hexagon plugin to extras

    bin

    • Apple Symbols file
      • Improve Xcode symbols parser
    • COFF
      • Improve relocation support on COFF file format
    • DEX
      • Fix several crashes when loading corrupted files
      • Performance improvements in DEX parsing
    • DWARF
      • DWARF 4 and 5 line parsing additions
      • Several improvements/fixes in parsing
    • ELF
      • Use Dynamic segment entries instead of sections to find relocations
      • Add support for BA2 ELF
      • Add support for relocation entries for AARCH64 and PPC
      • Print a warning when the entrypoint cannot be found and it is automatically set somewhere else
      • Make glibc heap commands faster by resolving main_arena symbol
      • Add support for glibc heap tcache pre/post glibc version 2.30
      • Add missing reloc definitions for C-SKY, RISCV and AARCH64
    • kernelcache
      • Fix rebasing offset
    • Mach-O
      • Fix symbol names truncation issue when dealing with overly long strings
      • Support arbitrary length identifiers
      • Fix relocations on ARM Thumb
      • Support Mach-O threaded binding for arm64e
      • Rebase and strip pointers on Mach-O arm64e
      • Fix parsing of objc class data pointer
      • Do not automatically set the entrypoint of libraries
    • PDB
      • Add support for multiple PDB symbol servers
      • Add function for reading PDB from buffer
      • Fix command injection on PDB download (CVE-2020-15121, advisory https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358)
    • Pyc
      • Move to radare2 core repository and improve/clean it
    • PE
      • Fix crash when resolving corrupted ordinal exports
      • Speedup parsing PE exports

    build

    • Various fixes for Haiku
    • Add support for binr/blob and fix android build in meson
    • Add --without-dylink configure flag to disable libdl features
    • Add Debian 8 Jessie to GitHub CI
    • CentOS tree sitter fix using gnu99 when available
    • Fix the static build by dynamically resolving libutil symbols
    • Add release Github workflow to create all the release artifacts
    • Introduce --without-r2r configure option to disable compilation of r2r

    cons

    • Add VT sequences input support for Windows

    crypto

    • Remove hardcoded supported encoders names (e.g. base64, base91, punycode)

    debug

    • Fixes for windows debugger
      • Improve exception logging
      • Fix inconsistencies in killing/restarting a process
      • Fix detaching without killing debuggee
      • Expose exception reason for di

    io

    • Add new fd:// (handle:// on windows) plugin
    • Support self:// plugin for Solaris and Haiku OS
    • Fix regression while loading large files (>2GB) on 32bit systems

    lang

    • Fix C/Cpipe when non standard library paths are used
    • Implement RLang.spp for templated scripting
    • Move #!v out of core (it's now available via r2pm)
    • Fix usage of #!python, #rust, and #cpipe
    • Do not include C/cpipe RLangPlugins on windows

    magic

    • Add Android boot image signature

    socket

    • Fix socket connect with SSL

    util

    • Move RAnnotatedCode API from r2ghidra to r_util so it can be reused
    • Refactor r_big for gmp and SSL
    • Remove unused RConstr API
    • Remove unused RRangeTiny API
    • Add support for weakref RStrBuf and add r_strbuf_setptr API
    • Add r_vector_fini and r_pvector_new_with_len API and add bound checks on all RVector APIs
    • Add support for n# in pfc
    • Add generic reference counting implementation

    rabin2

    • Fix go detection in non-elf binaries

    radare2

    • Config variables
      • Renamed variables
        • asm.jmpsub -> asm.sub.jmp
        • asm.var.submin -> asm.sub.varmin
        • asm.tailsub -> asm.sub.tail
        • asm.section.sub -> asm.sub.section
        • asm.var.subonly -> asm.sub.varonly
        • asm.regsub -> asm.sub.reg
        • asm.relsub -> asm.sub.rel
        • anal.in=raw -> anal.in=range
        • asm.bytespace -> asm.bytes.space
        • scr.ansicon -> scr.vtmode (only on Windows build)
      • New variables/options
        • anal.vars.stackname: (true/false) Name variables based on their offset on the stack
        • asm.bytes.right: (true/false) Display the bytes at the right of the disassembly
        • bin.str.enc=ascii is a new option
    • Commands
      • Add axv and afvx and afv= commands to visualize var R/W accesses
      • Add afvxj to print JSON output of afvx
      • Add dmia command to list all info of a target lib and accept more print modes in dmi
      • Fix invalid json output for drtj command
      • Add key to highlight and go-to highlighted text in graph mode
      • Add JSON print to /E command with /Ej
      • Add zb command to find n closest matching graph zignature
    • Initial refactoring to generate commands help automatically and support argv-style command handlers (e cfg.newshell=true)
    • Add API to print decompiled code
    • Optimize aao objc analysis
    • Display file associated to the current file in the visual title
    • Fix runaway scrolling in Visual mode after mashing down movement key on Windows Terminal
    • Add F9 continue key to ESIL

    rafind2

    • Implement rafind2 -F to find the contents of the file

    rasign2

    • Add dumping of FLIRT signatures to rasign2
    • Move main code to r_main

    r2pm

    • Initial support for git tags in r2pm

    Details

    More details

    This release could not be done without the help of several people, who contributed with many fixes and improvements. Above you can only find some short highlights of what was done in this release, but many more important changes have been committed and you can find them in our git log.

    Authors

    Source code(tar.gz)
    Source code(zip)
    radare2-4.5.0-android-aarch64.tar.gz(28.95 MB)
    radare2-4.5.0-android-arm.tar.gz(27.65 MB)
    radare2-4.5.0-android-x86_64.tar.gz(30.18 MB)
    radare2-aarch64_4.5.0_iphoneos-arm.deb(34.18 MB)
    radare2-arm32_4.5.0_iphoneos-arm.deb(34.02 MB)
    radare2-debian-buster_4.5.0_amd64.deb(6.01 MB)
    radare2-dev-debian-buster_4.5.0_amd64.deb(2.54 MB)
    radare2-dev-ubuntu-1804_4.5.0_amd64.deb(2.47 MB)
    radare2-macos-4.5.0.pkg(10.39 MB)
    radare2-src-4.5.0.tar.gz(7.94 MB)
    radare2-ubuntu-1804_4.5.0_amd64.deb(6.08 MB)
    radare2-windows-static-4.5.0.zip(58.78 MB)
    radare2_installer-4.5.0.exe(5.74 MB)
  • 4.4.0(Apr 14, 2020)

    Release Notes

    Version: 4.4.0 Previous: 4.3.1 Commits: 328 Contributors: 41

    Highlights

    • Replace shellscript, nodejs and V testsuites with r2r.c which is shipped by default
    • Added initial analysis plugins for super-h and tricore
    • Fix build and some runtime issues on IBM s390x
    • Updated rap:// cleaned up implementation inside RSocket for client and server
    • Speedup type linking (300x faster)
    • Fixed all the timeouts and crashes from bins/fuzz
    • Add support for retpoline switch table analysis (spectre/meltdown)
      • Fix #16418 - Implement blind main detection on endbr+mov files
    • Add commands to emulate a basic block or the whole path until reaching an address
    • Fix support for the latest GLIBC for heap parsing
    • Improved automatic function signature association for the imports
      • Fixed afs command to show proper footprint
      • Add support for typedef and added NSString type on darwin binaries
      • Fixed all the t subcommands to print all types as C
    • Improved visual class browser and the visual bit editor
    • ragg2 now allows to change the path of the shellcode to run
    • Graph visualization is now faster
    • Use RPVector for io->maps - speedup map traversal (overall speedup)
    • Lots of code cleanup and refactorings reducing memory usage and performance
    • DEX loading is now 2x faster
    • Fix assembler: MOV for x86 and LDR for arm64
    • Improved the bin loader to support iOS 13.4 dyldcache files
    • Improved support for ObjC IVAR fields loading them as C structs
    • Add improved icc subcommands to print as classes as C, ObjC or Java
    • Automated Emscripten (JS/WASM) builds in CI
    • Fixed static build by defining a new file naming policy
    • Default installation path with sys/install.sh is now always /usr/local
      • Previous installations in /usr will be purged
    • Only check for major and minor version numbers when loading plugins
    More details

    Authors

    Changes

    anal

    • Add initial SuperH and Tricore analysis plugins
    • Added option to search all vtables
    • Fix infinite loop in aae - check if address is valid
    • If possible use symbol name instead of entry name for function name (#16528)
    • makes the local variable access detection work on arm64
    • Fix asserts when trying to use a unexistant or wrong analysis plugin
    • Minor Fixes for XRefs counting (#16546) 
    • Fix #16413 - Analyze code refs spotted with aae
    • Implement x86 anal.jmp.retpoline switch tables (spectre/meltdown)
    • Tweak arm64 ldr ESIL for var access
    • Add opaddr field in ab/abj output
    • Improve noreturn and aesu times, show it in afi & afij
    • Fix dup af+ removing function from hts (#16526)
    • Fix #16308 - Add fcn arg in r_core_anal_propagate_noreturn to avoid O(n) in af
    • Fix ao~bytes and add test
    • Improve aef by skipping calls and improving the logic
    • Improve aeg command and add aaef as an alias for aef@@@F
    • Fix #16225 - Remove the unused fcn_locs causing an UAF
    • Implement Shortest Path between BBs and add tests for abt (#16200)
    • Implement aesB command to step until the given basic block
    • Implement afsj command to get the JSON definition of the function signature
    • Add acvf command and devirtualizing vtable method calls (#16157)
    • Implement aeb command to emulate a basic block (#16174)
    • Guess a better name for functions when multiple flags point there

    asm

    • Fix #16433 - Use MOV opcode B8+ for MOV r64, <0x80000000 to 0xffffffff> #16572
    • Fix #16433 - Support movabs for x86_64's MOV r64, imm64 (#16527)
    • x86_64: Use MOV opcode C7 for MOV r64, -<1 to 0x80000000> (#16551)
    • Fix arm64 branch assemble (#16205) 
    • Support asm.cpu for Tricore architecture (#16161)

    bin

    • Fix infinite loop in macho commands parser (#16562)
    • Fix heap overflow in the relocs ELF parser
    • Improve COFF symbol info (#16523)
    • Fix crash issue induced by an integer overflow in the mach0 parser
    • Fix #16455 - iij asserts for ld-uclibc with a null import
      • Fix asserts in iij for ld-uclibc with a null import
    • Add rust lang support to iD command (#16490)
    • Fix #16418 - Implement blind main detection on endbr+mov files
    • Fix COFF symbols/imports info (#16446)
    • When computing ELF relocations, use DYNAMIC segment if available (#16419)
    • Make dyldcache accelerator info optional
      • Make dyldcache accelerator info optional
    • Do not use r_buf_data in DEX results in 1.5x faster parsing (22s vs 33s)
    • Implement icc*, in sync with ic* to get C strcuts from mach0 classes into r2
    • Add mach0 class fields with padding and sorted by offset
    • WIP: Improve ObjC's IVAR fields support
    • Fix #16265 - Segfault in rabin2 -O e/123 with ELF
    • Fix memory leak in RBin. NE relocations
    • This allows to open dyld cache files from iOS 13.4 for which
    • Idea for fixing id? and idp? etc commands (#16244)
    • Fix PE endian and alignment issues spotted by ASAN
    • Strip minuses from the hash names for sha256 PE signatures (#16156)
    • Fix heap overflow in the relocs ELF parser
    • Fix crash issue induced by an integer overflow in the mach0 parser
    • Fix #16455 - iij asserts for ld-uclibc with a null import
    • Make dyldcache accelerator info optional
    • Fix memory leak in RBin. NE relocations
    • Fix PE endian and alignment issues spotted by ASAN

    build

    • Fix Build on NetBSD (#16520)
    • Update SDB
    • Make msbuild quieter (#16482)
    • Create more GitHub Actions jobs for meson and gcc/clang
    • Build fixes to make emscripten builds happy (#16406)
    • Avoid duplicated module filenames to fix static.sh
    • Rename util/diff.c to udiff.c to avoid libr.a collission
    • Build *.deb packages only for master branch (#16320)
    • Run sys/static in the Debian task
    • Fix #9240 - sys/install.sh uses always /usr/local + rpath now

    core

    • Remove asm.linesup (#16293)
    • Fix wen command for io.va=true, add two tests
    • Fix #16281 - Do not load system-wide plugins twice
    • Only check for major and minor version numbers when loading plugins
    • Add cmd: acvf [offset] ([class name])
    • Add r2 -NN to not load plugins
    • Always use r_getopt, do not depend on libc (not just on windows)
    • Use r_core_cmd_lines() for -c (#16290)
    • Use @{} instead of @() and fix this modifier
    • Implement @v: value modifier, like @x: but with endian and size
    • Fix #15978 - segfault when using r2pipe webserver + local visual (#16508)
      • Makes r2 interop more stable

    debug

    • Fix tcache address and offset in print_tcache_instance()
    • Fix dmht for glibc caused by wrong tcache offset and definition (#16247)
    • Fix tcache_perthread_struct definition
    • Test dmha/dmh for glibc x64 (#16307)
    • Fix #16432 - openbsd fork+attach EBUSY issue
    • Decouple shlr/gdb registers profile from code (#16312)
    • Minor fix to get dmh to work with riomap (#16286)
    • Detect glibc version and set dbg.glibc.tcache accordingly (#16255)
    • Fix chunk listing with tcache and add test (#16239)
    • Fix #16219 - Add $DB variable for dbg.baddr
    • Add tests for rebasing in debug
    • Fix debug rebase regressions
    • Clean drx/drt/drp help message (#16203)

    diff

    • Fix print string in radiff -qu (#16212)

    disasm

    • Show realnames on function's signature when enabled
    • Fix #16263 - Do not newline after showing switch cases

    egg

    • Fix shellcode path customization (#16384)

    graph

    • Optimize r_anal_get_bbaddr() to make graph navigation faster

    io

    • Fix #16210 - Show error message and update help for we
    • Fix #14371 - Make wfs paired with wts, rename wfs to wfx
    • Use RPVector for io->maps - speedup map traversal
    • Fix #16347: o+ sets maps as writable like oo+ (#16381)

    json

    • Fix #16233 - ~{} works on colorized JSONs
      • Fix #16233 - ~{} works on colorized JSONs
    • Use pj in zj (#16321)
    • Use pj in ilj
    • Add pj_ad api to print raw data

    lang

    • Update support for V in libr/lang

    ports

    • Fix #16109 - Add R_SYS_ARCH for s390x

    print

    • Fix #16394 - Make pm [file] work again
      • Fix #16394 - Make pm [file] work again
    • Implement hex.offset config variable to hide address column from hex-dump (#16373)

    refactor

    • Initial r_anal_fcn_* purge (#16238) 

    reg

    • Make r_reg_get_list() search harder (#16202)

    search

    • /ad/ in /bin/ls ate 9 extra MB that was never freed
    • Fix memory leak in /ad/ using r_regex api wrongly
    • Fix #16327 - Search in range with io.va=false
    • Add LZMA-BE magic signatures
    • Display correct lengths for cryptography search commands (#16262)

    socket

    • Initial refactoring of the rap:// protocol (-75 LOC)
    • Fix socket connection issue (#16218)

    test

    • Fix all the crashes and timeouts in the fuzz tests
      • Related to aav, aae, aa,
    • Move test/new/* into test/
    • Add interactive mode to r2r (#16466)
    • Format some missed tests
    • R2R for Windows (#16410)
    • Add Timeout to R2R.c (#16371)
    • Enable R2R in C for all CI except Windows (#16354)
    • Initial support for test categories and fix the windows build
    • r2r new flags: -n to not run -v for version, add manpage
    • Delete the r2r.v and use r2r.c
    • Autodetect dbdir in r2r.c (#16365)
    • Add ic + icc* tests for objc
    • R2R in C Enhancements (#16310)
    • Initial Implementation of R2R in C (#16216)

    tests

    • Move test/new/* into test/
    • Format some missed tests
    • r2r new flags: -n to not run -v for version, add manpage
    • Add ic + icc* tests for objc

    tools

    • Fix #16389 - r2r -qv and r2 -v to show version and quiet versions (#16472)

    types

    • Fix #13677 - Add txt command and make txf accept an argument
    • Fix empty struct and add test (#16408)
    • Fix tp and tpx to accept types with spaces
    • Implement tc* and fix tc glitch
    • Add NSString and size_t types in tcc+r2
    • Optimize 'tl', r_core_link_stroff and r_type_link_at (0.01s vs 3s)
    • Use the proper API to find function in tl
    • Add R_TYPE_TYPEDEF to RTypeKind (#16243)
    • Enhance the way imports are processed in r_anal_function_get_signature
    • Implement tpv command and some random code cleannup
    • Fix afs not showing signatures correctly with preloaded sdb types
    • Fix afs not showing types and args

    util

    • Implement r_table_uniq as API and query (#16385)
    • r_buffer: do not move seek when using _at APIs (#16401)
    • Make r_str_split_duplist() thread-safe (#16341)
    • Remove r_str_rmch and simplify r_str_replace_char*
    • Add pj_ko and pj_ka APIs

    visual

    • Add anal classes to "Vb" (#16383)
    • Fix cursor visibility after leaving visual graph (#16298)
    • Visual bit editor now shows bits up and down
    • Add VdN (afs!) to edit function signature with cfg.editor

    Source code(tar.gz)
    Source code(zip)
    radare2-4.4.0.pkg(9.98 MB)
    radare2-dev_4.4.0_amd64.deb(3.28 MB)
    radare2-vs2017_64_dyn-4.4.0.zip(7.90 MB)
    radare2_4.4.0_amd64.deb(6.22 MB)
  • 4.3.1(Mar 5, 2020)

    Binaries: http://radare.mikelloc.com/release/4.3.1

    Screenshot 2020-03-10 at 15 23 46
    • Fix segfault in om= command
    • Fix dead process issue with ood/doo command
    • Fix build with ancient capstone3
    • Fix build with pre-c99 compilers
    • Some more code cleanups + refactorings

    See 4.3.0 changelog for full details compared to 4.2.0

    Source code(tar.gz)
    Source code(zip)
  • 4.3.0(Mar 4, 2020)

    Release Notes

    Version: 4.3.0 From: 4.2.1 To: 4.3.0 Commits: 214 Contributors: 33

    Authors

    Changes

    anal

    • Rename the Function Flag on afn (#16078)
    • Fix 'af' missing lines bug when analyzing in frida://0
    • Implement function names with dots in signatures
    • Remove more members from RAnalBlock
    • Remove prev, jumpbb and failbb from RAnalBlock
    • Refactor Anal Hints (#15876)
    • Skip empty esil expressions in 'aeab' to fix partial results issue
    • Add 'aba' command as an alias for aeab
    • Fix aeab and add V (values) in aea outputs
    • Implement aeab command

    asm

    • Fix #13908 - x86 aoj for instruction with hidden operand
    • Add 'wao jinf' for Dalvik
    • Determine Gameboy hardware registers in disassembly (#15909)

    bin

    • Add new BIND_OPCODE_THREADED constant for MACHO binaries (arm64e)
    • Add Windows Crash Dump format support (#16087)
    • Minor Fixes and Tests for NSO/NRO (#16053)
    • Fix iS hash outputs (#16044)
    • Add Authentihash support for PE (#15987)
    • Fix ELF symbols for names just before the end of strtab
    • Parse dyldcache local symbols
    • Fix some out of bound accesses in LE (#15943)
    • Fix #14325 - Honor segments in DEX files (#15920)
    • Many FLIRT handling fixes

    build

    • Fix debugger build on Linux/s390x
    • 'sign' as an alias for ios-sign and macos-sign
    • Build debian package in CI

    cons

    • Fix again the EOL bgcolor issue (and improve scr.html) (#16120)
    • Implement ecHj to list highlight rules in json format
    • Fix r_table_tostring for string with ansi escape code (#16069)
    • Fix #16063 - bgcolor not reset on newlines
    • Fix ecH- deleting ecHi and deleting meta highlight items
    • Fix #15359 - Enable key.f# keys to be used in the shell
    • Improve the gentoo theme

    core

    • tree-sitter: support iter commands (#16111)
    • Initial implementation of the 'rb' command to rebase all the things
    • Use state struct and start handling cmd_substition_arg in tree-sitter (#15966)

    debug

    • Use RTable API in r_core_debug_rr (#16066)
    • Fix show register value in column (#16010)
    • Add 'dbH' to set hardware breakpoints (#15933)

    disasm

    • Improve ecH (ecH-* dels them all, ecH- doesnt segfault, ecH list)

    esil

    • If esil.addr.stack is mapped find an available one
    • When esil.stack.addr is -1 set it to the next unallocated address
    • Code cleanup for r_core_esil_step() (#16017)

    graph

    • Add graph.aeab to show esil stats instead of disasm

    json

    • Fix #15851 /wj without arg produce '\n' (#15885)

    panels

    • Fix a bug on clicking in panels (on Mac and Linux)

    projects

    • Preserve "functions" flagspace when saving projects (#16057)

    refactor

    • Revert "Avoidify the RUtil.strTrim() APIs, rename trimHeadTail() and add asserts in RConfig
    • Avoidify the RUtil.strTrim() APIs, rename trimHeadTail() and add asserts in RConfig
    • Fix consecutive call to r_table_sort (#16049)
    • Kill all globals in rabin2.c
    • Remove globals from main.r2
    • Remove globals from rax2

    refactor"

    • Revert "Avoidify the RUtil.strTrim() APIs, rename trimHeadTail() and add asserts in RConfig

    test

    • Add tests for RList (set, get, reverse, clone, append, prepend) and remove legacy
    • Add initial sparc regression tests
    • Handle ^C in r2r.v and support threads in fuzz tests
    • r2r.v: Assume BROKEN=1 if not 0 or "" (#15936)
    • Add Unit Tests to Meson (#15926)

    types

    • Fix tccj, tccl, tcc* output errors and add tests (#15931)

    util

    • Avoidify the strTrim() APIs + cleanup/refactor
    • Memory leak fix proposal in syscmd_join

    visual

    • Fix #15963 - Handle / in Vx (visual xrefs)

    To Review

    • Fix #15211 - null deref in calling convention analysis
    • Fix crash in elf parser found in the mtk-su binary with asan
    • Add support for number_command and recursive help
    • cmd_ignbithints should be set everywhere for consistency
    • Save rnum->value before doing a cmd substitution
    • Update radare2-shell-parser to fix null deref in html_disable_command
    • Fix last coverity issues (#16114)
    • Make r_strbuf_fini() safer (#16115)
    • Add test for loading typedefs with to (#16101)
    • Add test for long ESIL bug (#16102)
    • [ppc] Only free op->esil if ESIL not requested (#16102)
    • Fix #16093 - support syscall redefinition in REgg (#16106)
    • Upgrade to node-r2r-0.4.0 (#16098)
    • Add test for yara in extras (#16090)
    • Fix #14647 - Add output of sections to segments mapping for ELFs (#16045)
    • Add output of sections to segments mapping for ELFs
    • Create RReg test unit (#16081)
    • Fix some anal cmd handlers (#16085)
    • Do not use the elvis operator for bool expressions (#16073)
    • Upgrade node-r2r to 0.3.1 to fix the <<EOF -i issue (#16072)
    • Fix null-deref on afv[rbs]-* without function (#16071)
    • Use RString and minor cleanup (#16070)
    • r2r.v path/to/cmdtest works now
    • Convert NAME='name' to NAME=name in tests (#16067)
    • Fix r_cons_rgb_parse() harder (#16061)
    • Also fix init of some ret args in r_meta_print()
    • Boolify try_walkthrough_jmptbl
    • Add R_ANAL_RET_NOP constant
    • Add test case
    • Replace O(n2) ELF symbol matching with hashmaps (#16052)
    • Replace O(n2) ELF symbol matching with hashmaps
    • Swap loop order to ensure that all phdr_symbols are marked.
    • Use name, size and offset as hashmap keys.
    • Add [?] to fd help entry (#16058)
    • Allow function names containing dots in tcc
    • Add some very basic tests for NSO/NRO
    • Remove broken readLE* functions from NSO/NRO
    • This reverts commit 38b61c7bcfe55a727b9c3cedbc0f3147018e7c6b.
    • Run 'r2r fuzz' from anywhere
    • Remove stray pancake activity ;) (#16054)
    • Fix a segfault in libmagic when error string > 4096 (#16050)
    • Fix address representation minbound maxbound in afij (#16051)
    • Force sorting of rows in the event of consecutive sort
    • Remove global Gdec and use r_list_reverse for decreasing sort
    • Add test for r_table_tostring and r_table_sort
    • Upgrade capstone v4 and next branches
    • Simplify travis oneliner
    • Fix r_table_sort segfault when column type is NULL (#16047)
    • Rename argument to 'dec' (decreasing) to reflect existing output
    • Add test
    • Refactor bin_sections function
    • Add filter_hash_string function
    • Fix segfault in Authenticode hash check (#16042) (#16043)
    • I noticed that r2 will crash when loading a PE file with
    • Authenticode digest algorithm other than SHA-1 or MD5. I traced
    • it down to the PE_(bin_pe_compute_authentihash) function returning
    • NULL if it encounters an unsupported digest function. This results
    • in NULL being passed to strcmp which causes the segfault.
    • Solution was to add a check for PE_(bin_pe_compute_authentihash)
    • returning NULL and to set bin->is_authhash_valid to NULL.
    • The real solution is to add support for more algorithms but this will
    • stop crashes for now.
    • Greenify AppVeyor on master by using different tag name (#16041)
    • Greenify AppVeyor on master by using different tag name
    • Co-authored-by: Itay Cohen [email protected]
    • Fix read stack-based buffer overflow when using str with pk_js (#16040)
    • In some cases I noticed str is not correctly terminated, so when it is
    • later used in pk_js, that function reads a very long string, outside
    • of the memory bounds of the original buffer.
    • Add support for @* commands in new r2-shell-parser (#16038)
    • Use TSSymbol instead of comparing type strings
    • This patch uses ts_node_symbol instead of ts_node_type to check whether
    • a node is of a given type. Since TSSymbol is just an integer, the check
    • will be much faster. Also, it allows to store commands handler in an
    • hashtable, instead of having if-cascade.
    • Make sure r_config_hold works even when keys do not exist or are freed
    • Add support for all _tmp_commands
    • Make sure to always reuse the same TSLanguage
    • Update both tree-sitter and radare2-shell-parser
    • This way we use TSLanguage version 11, which fixes some problems with
    • TSSymbols.
    • Compute is_last_cmd on each single command and fix logging
    • is_last_cmd should be set on a per-command basis, so if you analyze
    • things like pd 3; .; .; .; the . refers to pd 3.
    • This also fixes logging, so when an invalid command is parsed, it is
    • still available in the history.
    • Add comment about directly using r2-shell-parser in r_core_cmd_lines
    • r_core_cmd_lines tries to parse the input and split it in lines, but at
    • least in theory, we don't need it as the new parser can already handle
    • full scripts.
    • Allow other tasks to run between commands even in the new parser
    • Fix #10696 - Kill r_io_map_add_next_available
    • The function is just renamed to be reused and we have no tests for it, but it may fall into an infinite loop
    • Fix #15842 - Add minimal slice for reproducible af test on anal-block branch
    • Highlight that 'new' is a directory name in test docs (#16035)
    • Use absolute URLs in pull request template (#16036)
    • Fix sdb API usage to avoid extra strdup() (#16028)
    • Make r_table_columns() faster, leak- and double free free (#16031)
    • Remove ARGS= from tests (#16032)
    • Support real names in "fd" command (#16027)
    • add tests for fdj and fd.j
    • Add support for realnames in fd
    • Add a Test for fd with realname
    • Co-authored-by: Florian Märkl [email protected]
    • Fix Spaces Interference in r_flag_get_at() (#16019)
    • Unstick Travis by using compgen instead (#16025)
    • Code cleanup in r_core_esil_step()
    • remove unnecessary call to initializeEsil()
    • remove another set PC register in initializeEsil()
    • Add test for aes without initialization
    • Use git clone --depth 1 as much as possible in builds (#16022)
    • Refactor r_bin file hashes
    • Add r_bin_file_compute_hashes
    • Add r_bin_file_set_hashes
    • Refactor it itj commands
    • Introduce hashes method to RBinPlugin
    • Add test for env with spaces
    • Make env command trim key/value strings before setting env variables
    • test/bins/fuzz: null_pointer__elf_init__store_versioninfo__store_versioninfo_gnu_versym
    • Fix crash in mach0 mach0_invalid-addr_walk_exports
    • Add Certificate Table parser to PE plugin
    • Add SpcIndirectDataContent ASN.1 structure parser
    • Add Authentihash calculation and check
    • Refactor r_bin_file_hash
    • Add tests for Authentihash check
    • Fix for ar= and dr= and add tests
    • increase width to accomodate register name larger than 4 chr
    • fix flag type register value not printed
    • update r_debug_reg_list() to accept '=' arg
    • Fix builds by installing radare.r2 manually (#16009)
    • Upload all generated ZIP files
    • Use the "concatenation" concept in radare2-shell-parser
    • Implement repeat_command and do not unwrap quoted args
    • For back-compatibility it's better to not unwrap quoted args, because
    • existing commands right now just understand this syntax.
    • sdb header file dependency for external plugin i.e. pyc (#16004)
    • r2r.v: Add color to BR and FX of cmd tests (#16003)
    • Upgrade V
    • Fix incorrect PPC ESIL and add testcase (#15970) (#15995)
    • r2r.v: Fix EXPECT_ERR check
    • r2r.v: Mark broken failing-only-on-EXPECT_ERR tests as BR and not FX
    • Add ecH. command to show highlight info in the current offset
    • Fix 32bit format string bug in the protobuf decoder
    • Fix RCons test UB issue
    • Add testcase for this RCons.rgbParse() crash
    • Fix ASAN segfault in RCons.rgbParse()
    • r2r.v, BROKEN=0: Check only first char
    • Honor rc in unit runs and fix execution path in make run
    • Handle return code in r2r.v and fix crashing unit test
    • Fix asan crash in ecH-
    • Echi bad color (#15986)
    • Outputting error on ecHi bad color
    • Add logic to parse unmapped local symbols.
    • Every macho image present in the dyldcache has all the metadata about its local symbols stripped away from the corresponding macho header. Instead, this information is present as dyldcache-specific metadata stored in unmapped parts of the cache file.
    • This PR, for every loaded image, takes care of adding the local symbols which are missing.
    • Bonus
    • Fix a potential use-after-free caused by r_bin_object_set_items, by rebuilding class-related hash tables after replacing the class list.
    • Convert ONE_STREAM tests to EXPECT_ERR (#15979)
    • Remove RAnalBlock.type
    • Remove RAnalBlock.cases
    • Remove RAnalBlock.label
    • Reorder RAnalBlock members to free 16 more bytes
    • Handle instructions with hidden operand
    • Add hidden_op() for instructions with hidden operand
    • Added operands info for pushf, popf, pushfd, popfd, pushfq, popfq
    • Add test for aoj for pushf
    • Fix last covs (#15976)
    • Fix too long var name and assert on strlen (c) > 1
    • Fix grep when there is also {}
    • r_cons_grep_strip expects the ~, otherwise it does not work well.
    • new parser: fix multiple words in grep and add support for > $alias
    • Add tests for swift-x86-64 calling convention
    • Update afcr, afs command
    • Add support for self, error register argument (Swift)
    • Refactor and Add Swift calling conventions to sdb
    • Fix escape/unescape in new shell parser
    • Fix UB, oobread, infinite loop and other bugs in the LE parser (#15968)
    • r2r.v: Slurp empty lines as well (#15964)
    • Cleanup some RAnalBlock Members (#15965)
    • Simplify ownership in the PE resource parser to fix a double free
    • Use RVector for Address Hints
    • Add Arch/Bits Hint Trees
    • Add Unit Tests for Addr, Arch and Bits Hints
    • Add unset for newbits
    • Fix jmptbl hint fetching
    • Fix r_anal_*_bits_foreach
    • Print grouped Anal Hints
    • Fix arch bit affect on disasm
    • Add Reset Hints to Commands
    • Add test for type uint64_t
    • r2r.v: Fix wg race
    • Memory leak fix for kernel cache module.
    • Add missing afis info in afi? and fix afis?
    • Fix tests
    • Note that ^c is only supported on unix systems for now
    • Some tests use the new radare.r2 api to use RCons.isBreaked()
    • Other tests use os.signal() to catch C.SIGINT
    • Add tests for assemble/disassemble neg al (#15949)
    • Update neg eax test (#15950)
    • r2r.v: Fix Success: 0 when running cmd tests (#15948)
    • Try V suite on FreeBSD and OpenBSD (#15852)
    • Try V suite on FreeBSD
    • Try V suite on OpenBSD
    • Fix V lang error
    • Update V lang
    • Fix /wj without argument produce stray \n
      • Change logic to prevent unreachable branch
      • Revert to R_MODE_RADARE if there is no argument
    • Add asm x86 neg
    • Upgrade V
    • Upgrade V
    • Convert '..' tests to <<EOF
    • Convert EXPECT_ERR= tests to <<EOF
    • Convert some tests to use CMDS/EXPECT without enclosing quotes (#15939)
    • Convert some tests to use CMDS/EXPECT without enclosing quotes
    • Add test version that is friendly with node-r2r, r2r.v and AppVeyor
    • Fix unit tests by upgrading V (#15940)
    • Fix /j when there is no input argument (#15935)
    • Return address for unknown Gameboy hardware registers
    • Improve warning messages in r2r.v
    • Convert more tests to use a strictier syntax
    • r2r can load test files when passed as argument
    • duplicated test names are reported as warnings
    • run tests from test/new instead of test/src (like r2r.js do)
    • Upgrade to the latest V
    • Use only BROKEN=1 in tests (#15932)
    • Convert cmd_i tests to <<EOF
    • Upgrade node-r2r to 0.3.0
    • Tests for concatenated greps in pd (#15925)
    • fixed esil for arm push/pop with conditional (#15922)
    • Fix Comment about RAnal.bb_tree (#15919)
    • Terminate on missing script when doing radare2 -i -Q (#15918)
    • Add realname to anj (#15917)
    • Fix a format string in arm (Fix #15915) (#15916)
    • Fix radare2 -i -Q output when script has no nl at eof (#15914)
    • Go back to 4.3.0-git after the minor release
    Source code(tar.gz)
    Source code(zip)
  • 4.2.0(Jan 21, 2020)

    On February 2, 2020, GitHub will capture a snapshot of every active public repository, to be preserved in the GitHub Arctic Code Vault. This data will be stored on 3,500-foot film reels, provided and encoded by Piql, a Norwegian company that specializes in very-long-term data storage. The film technology relies on silver halides on polyester. This medium has a lifespan of 500 years as measured by the ISO; simulated aging tests indicate Piql’s film will last twice as long.

    csm_Svalbard_Global_Seed_Vault_f25d850445

    Release Notes

    Version: 4.2.0 From: 4.1.1 To: 4.2.0 Commits: 175 Contributors: 23

    Authors

    Changes

    anal

    • Fix #15091 - Make 0 fcnsize warning more meaningful and verbose-only (#15866)
    • Fix jumptable size #13812 (#15822)
    • Fix afs not working without rettype
    • Fix a null deref in fcn_recurse
    • Remove Custom Analysis for Java (#15817)
    • Refactor RAnal Basic Blocks and Functions (#15169)
    • Change RAnalBlock.size to ut64
    • Make type matching independent of bb list order
    • Improve the op.type text representation when unhandled modifiers are used
    • Remove dupped basic block analysis in core (#15714)

    asm

    • 'push rip' is not a valid instruction

    bin

    • Improve realname support for symbols (#15702)
    • Add test for #15727 (smd strings) (#15777)
    • r_str_unescape: Support all izz esc seqs (#15770)
    • Force read permissions on all load maps in ELF
    • Initial implementation of LX/LE file plugin

    cons

    • Implement ar, and dr, commands to list registers in table format
    • Fix #14424 - Handle ~ operator in the ms shell
    • Implement r_strbuf_slice and use it in panels to solve a glitch

    core

    • Add ?V0 ?V1 ?V2 - for semver support
    • Upgrade to acr-1.8.1 to get semver support
    • Add pkgname in RLibStruct for r2pm on outdated plugins

    debug

    • Added reverse step and continue support to gdbr
    • Moved drC to drpC for profile comments and added drC for reg comments
    • Added register specific comment parsing to register profiles
    • Fix crash caused by rebasing a file without sections
    • Set cfg.debug to true before running oodf in doof
    • Fix multithreaded breakpoint behavior in linux
    • Attach to new linux threads on creation
    • Fix debugger build on linux-s390x
    • Always unset bps after continue and step hard
    • Add detailed location info to dpt using pc instead of path
    • Add packed sizes to gdb vector registers and improve mapping of target description to r2 regs
    • Fix drt not printing non 64bit/32bit registers and flags
    • Refactor breakpoint validation (#15754)
      • Refactor breakpoint validation
    • Revert "Validate bp addr on rebase and restore instead of preventing creation
    • Validate bp addr on rebase and restore instead of preventing creation
    • Fix hardware bp restoring and fix hwbp repeating errors
    • Add location in file to linux dpt output
    • Fix var rebasing by saving regname info
    • Refactoring ptrace register write for BSD
    • Implement bsd_thread_list for FreeBSD
    • Fix reopening of windows debug after detaching not working
    • Fix windows breakpoint rebasing
    • Prevent the restoration of disabled breakpoints

    diff

    • Add explicit fingerprint_size to RAnalFunction
    • Add ccdd command to diff decompiler output of two functions
    • Add ccdd command to diff using decompiler (experimental)

    disasm

    • Remove realname from strings (#15841)
    • Show flag realname when finding a function and realname is enabled
    • Hide flag comments when realname is shown (#15801) 
    • asm.symbol: Improve code/test a bit more (#15798)
    • asm.symbol: Fix flag name when disasm from non-flag addr with no anal

    esil

    • Add RISC-V 64 word instructions and test (#15742)
    • Correct RISC-V division and add test (#15712)

    io

    • Fix #15789: Increment offset for reads as well (#15865)

    json

    • Use PJ api in the output of isj and show realname
    • Fix issues in iCj, drlj and arlj
    • Fix izzzj json output
    • Fix gen json dwarf with pj api (#15755)
    • Fix is.j iEj and iaj json validation issue in r2 -- (#15724)

    panels

    • More fix for resizing issue (#15844)
    • Performance improvements for the cursor mode
    • Code clean-up and a little performance improvement for decompiler cache
    • All the available decompilers outputs will be properly shown with this
    • Make the decompiler cache work properly
    • Add H key for cursor mode which works like the one in vim

    print

    • Implemented pmj (#15864)

    r_debug

    • Debug, BSD systems refactoring

    search

    • Add elliptic curve private key search in /cr command (#15761)
    • izzzj: Add izzj attributes (#15759)

    signatures

    • Apply types on matching zignature data

    table

    • Add f, command to list flags in table format

    test

    • Fix V testsuite build with latest V from git (#15867)
    • Convert cmd_pd* tests from <<KEYWORD to <<EOF (#15823)
    • Support extras tests in r2r.v (#15821)
    • r2r.v, -j 0: Allocate 1 job per test (#15807)
    • Improve unit test execution using the new V suite and makefiles
    • Many improvements in the V testsuite (#15722)

    tests

    • r2r.v, -j 0: Allocate 1 job per test (#15807)

    util

    • Fix r_list_set_n() to allow empty element (#15820)

    visual

    • Limit panel tabs to 9 to avoid keybinding and click issues

    windows

    • Fix reading on invalid process memory

    To Review

    • Release 4.2.0 - Arctic World Archive
    • Fix resizing issue (#15863)
    • Fix pkgname version check for real now (#15862)
    • Enable V testsuite on GitHub CI (#15796)
    • Enable V testsuite on GitHub CI
    • Check version for pkgname correctly (#15860)
    • dot can be null
    • Using R2_VERSION_MAJOR/MINOR is wrong because they will be continuously updated and we want to check for exactly 4.2.0
    • The version check logic itself was wrong
    • Fix afb test (#15861)
    • Fix #15833 - Only print pkgname if the plugin is for r2 >= 4.2
    • Update/improve jmptbl size tests
    • Use specific commit of V to avoid build issues
    • A bit more picky fix
    • Add test for afs without type
    • Fix #15767 - Temporarily disable colors in drrj
    • Fix warnings
    • Update radare2-shell-parser
    • Use void because we don't do anything with the return value
    • Coverity fixes
    • Remove the wrong test
    • More tests fixes
    • Resizing works not perfectly yet but close
    • Fix #15604: Convert all tests from <<KEYWORD to <<EOF
    • Fix wrong tests (#15834)
    • Add test for env variables boolification
    • Introduce SETBPREF to handle "boolish" vars like asm.cmt.off
    • Do not try to convert to true/false, as it breaks integer vars
    • See discussion at https://github.com/radareorg/radare2/pull/15681 .
    • Unfortunately the change cannot be done for non-int vars only, because
    • right now vars are not statically typed, so a var that is initially
    • CN_INT can then become CN_STR if you set a string.
    • Changing vars to assign them a static type when they are created would
    • require a much bigger change and discussion.
    • A bit of refactoring in r_config.h
    • Move all version defines into r_version.h and handle it from meson too
      • R2_VERSION_MAJOR
      • R2_VERSION_MINOR
      • R2_VERSION_PATCH
      • R2_VERSION_NUMBER
    • Mach-O io: mem leak fix proposal. (#15829)
    • C89 Fixup for r_sign_fcn_types function (#15824)
    • Fix error: for loop initial declarations are only allowed in C99 mode
    • Implement new zignature types format
    • Adapt zignature types deserialization to new format
    • Integrate fcn types when zignatures match
    • Use node->i_value in the log.level/log.traplevel callbacks
    • Basic Blocks are now global instead of owned by a single function.
    • Fix dbg_bps tests that always succeeded (#15763)
    • Approved-by: Riccardo Schirone [email protected]
    • This feature only works with server implementations that have ReverseStep
    • and ReverseContinue enabled, such as rr. The official gdbserver doesn't support it.
    • Remove opt->sz checks and operations in r_bin_open_buf
    • opt->sz is not used anyway in r_bin_open_buf, so there's no need to
    • check its value or compute it.
    • Fix last coverities related to cbin
    • Add test for a8 command
    • Some more coverity fixes (#15802)
    • Implement pcV command to print byte array in Vlang
    • Fix a small bug by removing some useless codes (#15795)
    • Initial implementation of libname for flags in imports
    • Initial support for PE and real flag
    • Read libname for PE exports
    • implement pj for imports
    • Remove imp. prefix from symbol names
    • Fix r_core_bin_impaddr()
    • Fix some mdmp import stuff
    • Print libname in ii
    • Fix some imp. checks and reloc meta
    • Fix r_bin_filter_sym() for imports
    • Use realname for noreturn check
    • Fix asm.flags.real for direct calls
    • Fix realname for direct calls with fcn
    • Fix resolving names from ordinal
    • Co-authored-by: Florian Märkl [email protected]
    • Add sha256 hash to "it"
    • Refix #15331 (-nn filename with @) (#15788)
    • C prototypes fixed
    • Fix broken AppVeyor due to rejected apostrophes (#15785)
    • Some coverity fixes
    • Third fix attepmt for musl builds
    • Second fix attempt for Alpine/musl builds
    • Aim to fix the alpine build
    • The plugin wouldn't properly trace breakpoint hits on different threads
    • since they weren't switched to and the events weren't always handled.
    • Also, since the breakpoints are removed after they are found in one of the
    • threads, it's best to stop all threads for now even if dbg.threads is false.
    • New threads were only added after being attached to manually or if
    • dbg->trace_clone was true. dbg->trace_clone stops debug and switches the
    • new thread now.
    • Fix a format string vuln in the disassembly with comments (#15783)
    • Add s390x reg profile
    • Add missing pc register
    • Use gregset instead of regset
    • ww: Support esc seqs (#15780)
    • Breakpoints were left in disassembly after a signal/break and there
    • are probably other cases that may lead to it.
    • Offset for each panel was not correct (#15778)
    • Add null to pj and use for relocs (#15776)
    • Add pj_null() and pj_knull()
    • Print reloc name as null in json if not available
    • Omit reloc name in json
    • Improve shell injection check
    • Fix Coverity fixes (#15779)
    • Some coverity fixes
    • Fix #15331 - rabin2 -rk code injection issue (#15678)
    • Rewrite r_str_unescape() using switch
    • Do not compile radare2-shell-parser by default (#15769)
    • Last release (4.1.0) did compile it by default, but the build requires
    • internet access to download the repositories. For now, since the feature
    • is anyway very experimental, we disable it at compile time so that
    • distributions can just compile their packages without internet access.
    • In the future we may want to use submodules or augment the release
    • tarball to include the tree-sitter and radare2-shell-parser archives.
    • Pass 64-bit sdb_fmt parameters as 64-bit (#15758)
    • Fix double free in r_bp_del_index and other breakpoint index bugs
    • Lack of cleanup in r_bp_del_all causing use after free in other dbi
    • commands
    • Copy paste error turning dbix into dbx
    • Add dbi- command
    • Allow dbi commands to operate with index 0
    • izzzj: Use pj api (#15760)
    • Some xmm registers were printed as fpu and bnd registers were shown in
    • all drt categories.
    • dr will still only show 64bit/32bit registers to avoid printing all
    • of the flags and d/w/b register variants.
    • This fixes situations that if a read contained even a byte inside invalid memory, the entire read would fail
    • Added RCoreBind.syncDebugMaps() and RCoreBind.getDebugMaps() api
    • Reenable db tests and add new tests to check validity
    • Add perm check to isMapped and remove map sync to improve performance
    • Fix two tests
    • Add RCoreBind.isMapped() api
    • This reverts commit e503bdd9c212c2da221abe31091c6e9753ce018e.
    • This way it is possible to set breakpoints before starting debug through
    • 'db' and the user will be notified when a breakpoint points to an
    • invalid map.
    • Instead of unsetting breakpoints they were set again without removing
    • the previous drx values, which also caused the "Invalid DRX length (0)
    • must be 1, 2, 4, 8 bytes" error because of the wrong len values.
    • Also, when resetting twice, del failed since there weren't any hw
    • registers to delete, which caused the "hw breakpoints not yet
    • Shows the module, offset and function name instead of showing the executable's
    • path for all threads
    • Upgrade node-r2r 0.2.8 (#15751)
    • Fix windows dp showing the parent's path for all processes (#15741)
    • Fix #15734 - Automatically download PDB file if pdb.autoload=1 (#15738)
    • Automatically download PDB file if pdb.autoload=1
    • Don't re-download pdb if it already exists on the symstore
    • Only download if file doesn't exist
    • Fix wrong filtering of equals sign on PDB enum define (#15745)
    • Fix all PDB tests
    • Update node-r2r 0.2.7 to solve the json lost promise issues
    • Hide warning message
    • Fix warnings
    • Add a fortune (#15736)
    • Fix Vdv start_off calculation (#15735)
    • Fix #15691 harder (#15733)
    • Fix #15691 - avoid reading invalid memory
    • izz: Fix printing of string with backslash if str.escbslash=false (#15731)
    • More improvements for the cmd tests using r2r.v (#15728)
    • Fix #15717 - Update scroll panel when stepping with F7
    • Fix infinite loop in panels - vttq (#15729)
    • Check for error when analyzing instructions in vmenus
    • Fix #15719: Reduce false negatives in 'U' strfilter
    • Added path escape and unescape
    • Unescape paths only if r_str_argv was successful
    • Use r_str_replace instead of r_str_arg_(un/)escape to avoid breaking escaped filenames
    • Fix debug and 'o' not being able to open paths with spaces #debug
    • After starting debug the register deltas weren't mapped to the same
    • registers in remote and native debug. This made wrong registers appear
    • as vars and in remote gdb none showed up since the remote's list is much
    • shorter than r2 reg lists.
    • Kill some more tests using <<RUN
    • Improve r2r.v quite a lot up to 0.2
    • Delete stale temporal files in the unit test
    • Use executable path instead of dbpath and more cleanup
    • Move manpage and move old bins into the attic
    • This api honors ansi escape characters
    • Delete the use and definition of "eprint" (#15716)
    • After release version bump
    • Add sys/r2env.sh: Set up env for r2 in non-standard loc (#15696)
    • Fix invalid JSON in rabin2 -j (#15709)
    • Fix Field Seek in Visual Menus (#15710)
    • Fix some warnings (#15705)
    • Fix some warnings
    • Remove unnecessary duplication
    • Co-authored-by: Anton Kochkov [email protected]
    • Few warning build fixes proposal.
    • attach_new_process was called instead of regular attach because the
    • saved pid and tid in core->dbg weren't reset before calling r_debug_select
    • in a new session. Made sure this won't be a problem when using dp= after
    • dp- either.
    • Calculate the diff ourselves since bp->delta is calculated with the
    • dbg->bp->baddr at the time of breakpoint creation, which may not
    • reflect the correct baddr and break the rebase.
    • Previously, disabled breakpoints were restored and then hit during
    • execution. The debug logic ignored them and continued but that's
    • an unnecessary slow down. To achieve this type of behavior the user
    • should use tracepoints.
    • Minor syntax issues in panels
    • Use v fmt to indent the new testsuite
    • Change Semantics of r_rbtree_upper_bound() and simplify Iter Fcns (#15698)
    • Remove RAnalBlock members only used in Java (#15679)
    • Remove RAnalBlock members only used in Java
    • Remove R_ANAL_BB_TYPE_(HEAD|BODY|LAST|FOOT)
    • Fix a Test
    • Fix afb+ help
    • Try to test with PowerPC and SystemZ (#15452)
    • When setting non-bool config var, set false/true if r_str_is_false()/_is_true() (#15681)
    • When setting non-bool config var, set false/true if r_str_is_false()/_is_true()
    • Fix for cmd_open tests
    • Fix for cmd_print test
    • Separate pure BSD calls into its separate compilation unit.
    • Fix #15682 - Fix getting noreturn info from invalid addr (#15693)
    • fix some crashes of the widget (#15694)
    • fix some crashes of the widget
    • JK moves the cursor by a page and g moves the cursor up to the first line, plus a few improvements (#15690)
    Source code(tar.gz)
    Source code(zip)
Android Reverse-Engineering Workbench for VS Code

APKLab The ultimate Android RE experience right inside your VS Code. APKLab seamlessly integrates the best open-source tools: Quark-Engine, Apktool, J

APKLab 1.5k Dec 23, 2022
Xposed OneLineClock - Always use one line clock on Android 12 lock screen

Xposed OneLineClock - Always use one line clock on Android 12 lock screen

null 3 Feb 3, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 29, 2022
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2.1k Jan 3, 2023
Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Mobile Security Framework 13.2k Jan 4, 2023
Soot - A Java optimization framework

Using Soot? Let us know about it! We are regularly applying for funding to help us maintain Soot. You can help us immensely by letting us know about p

Soot Program Analysis Framework 2.5k Jan 2, 2023
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Nedal Hasan Ibrahem 5 Sep 3, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
Android virtual machine and deobfuscator

Simplify Generic Android Deobfuscator Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it beh

Caleb Fenton 4.1k Dec 25, 2022
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
A simple and opinionated AES encrypt / decrypt Ruby gem that just works.

AESCrypt - Simple AES encryption / decryption for Ruby AESCrypt is a simple to use, opinionated AES encryption / decryption Ruby gem that just works.

Gurpartap Singh 158 Oct 18, 2022
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Scott Alexander-Bown 636 Dec 18, 2022
A program to flip every private, protected and package-private access flag to public in an Android dex file!

DexExposed A program to flip every private, protected and package-private access flag to public in an Android dex file! Building Simply run gradle mak

John Doe 2 Aug 29, 2021
A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

Jonah 5 Oct 18, 2022
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022
CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

Luca Piccolboni 139 Dec 12, 2022
A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS) A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffold

null 231 Dec 29, 2022
Burp extension to create target specific and tailored wordlist from burp history.

Burp extension to create target specific and tailored wordlist from burp history.

Dexter0us 173 Jan 2, 2023