Forked from williballenthin/yet another radare2 cheatsheet.md
Created
April 3, 2021 22:40
-
-
Save Blackbeard-Stack/09b358abf3147b21bdd9ee28bb97bef9 to your computer and use it in GitHub Desktop.
Revisions
-
williballenthin revised this gist
Feb 8, 2021 . 1 changed file with 20 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -82,6 +82,26 @@ graph mode is not visual mode! - if bb has conditional branch: - seek to True target: `t` - seek to False target: `f` ## pipe,grep,etc ### - exec multiple cmd: `;` - pipeline cmd: `|` - run shell cmd: '!' , and give output back to r2 buffer: '!!' - grep: - `<cmd>~<string>` grep string from command output - `<cmd>~[n]` grep also the 'n' column - `<cmd>~:n` grep also the 'n' row ## analysis, assembly, memory ### - analyze functions: `af` - analyze stack: `ad@rsp` or `ad@esp` - search for opcode: `/a` - search for rop/jop/etc: `/R` - search for bytes: `/x ` - get offset for the actual seek point address: `?p` ## configuration -
Feb 8, 2021 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -71,6 +71,8 @@ graph mode is not visual mode! - seek to function: `g<identifier>` - undo seek: `u` - define new function at cursor: `df` - rename function at cursor: `dr` - show comments: `'` - add comment: `/` - add comment (complex): `:CC!` -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -86,7 +86,7 @@ graph mode is not visual mode! recommended contents of `~/.radare2rc`: ``` # Show comments at right of disassembly if they fit in screen e asm.cmt.right=true # Shows pseudocode in disassembly. Eg mov eax, str.ok = > eax = str.ok e asm.pseudo = true -
Mar 17, 2017 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,7 +3,10 @@ load without any analysis (file header at offset 0x0): `r2 -n /path/to/file` - analyze all: `aa` - show sections: `iS` - list functions: `afl` - list imports: `ii` - list entrypoints: `ie` - seek to function: `s sym.main` ## project management -
Mar 15, 2017 . 1 changed file with 4 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,14 +44,15 @@ multiline comments are not rendered handled well. they don't look pretty. - you can update the list of commands shown here by changing `$R2HOME/hud`. - ref: http://radare.today/posts/visual-mode/ - show cursor: `c` - set function name: `d` - add comment: `;` - remove comment: `;-` "flag" means give something a type. like function or symbol. ## graph mode graph mode is not visual mode! - enter graph modes: `VV` - cycle types of graphs: @@ -69,6 +70,7 @@ graph mode is not visual mode - undo seek: `u` - show comments: `'` - add comment: `/` - add comment (complex): `:CC!` - select bb: `???` - seek to next bb: `tab` - seek to previous bb: `TAB` -
Mar 15, 2017 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -40,7 +40,8 @@ multiline comments are not rendered handled well. they don't look pretty. - enter visual mode: `V` - select function, variable, xref: `v` - quick command/seek: `_ <search string>` - custom quick command list: `??` - you can update the list of commands shown here by changing `$R2HOME/hud`. - ref: http://radare.today/posts/visual-mode/ - show cursor: `c` - add comment: `:CC!` @@ -50,6 +51,8 @@ multiline comments are not rendered handled well. they don't look pretty. ## graph mode graph mode is not visual mode - enter graph modes: `VV` - cycle types of graphs: - forward: `p` -
Mar 15, 2017 . 1 changed file with 2 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -43,10 +43,8 @@ multiline comments are not rendered handled well. they don't look pretty. - apparently, you can update the list of commands shown here by changing `$R2HOME/hud`. doesn't seem to work though. - ref: http://radare.today/posts/visual-mode/ - show cursor: `c` - add comment: `:CC!` - set function name: `d` "flag" means give something a type. like function or symbol. -
Mar 15, 2017 . 1 changed file with 19 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -73,4 +73,22 @@ multiline comments are not rendered handled well. they don't look pretty. - seek to previous bb: `TAB` - if bb has conditional branch: - seek to True target: `t` - seek to False target: `f` ## configuration recommended contents of `~/.radare2rc`: ``` # Show comments at right of disassembly if they fit in screen e asm.cmtright=true # Shows pseudocode in disassembly. Eg mov eax, str.ok = > eax = str.ok e asm.pseudo = true # Solarized theme eco solarized # Use UTF-8 to show cool arrows that do not look like crap :) e scr.utf8 = true ``` via: https://github.com/radare/radare2/blob/25fec0ebec47b2df5d5413f81db773d674cc65bb/doc/intro.md#configuration-properties -
Mar 15, 2017 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -38,6 +38,7 @@ multiline comments are not rendered handled well. they don't look pretty. ## visual mode - enter visual mode: `V` - select function, variable, xref: `v` - quick command/seek: `_ <search string>` - apparently, you can update the list of commands shown here by changing `$R2HOME/hud`. doesn't seem to work though. - ref: http://radare.today/posts/visual-mode/ -
Mar 15, 2017 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,7 +29,7 @@ disable them in V visual mode using ' (single quote). multiline comments are not rendered handled well. they don't look pretty. - add comment (using editor): `CC!` - note: multiline comments are not formatted nicely - append comment: `CC <text>` - overwrite comment: `CCu <text>` - show comment: `CC.` @@ -39,8 +39,8 @@ multiline comments are not rendered handled well. they don't look pretty. - enter visual mode: `V` - quick command/seek: `_ <search string>` - apparently, you can update the list of commands shown here by changing `$R2HOME/hud`. doesn't seem to work though. - ref: http://radare.today/posts/visual-mode/ - show cursor: `c` - add comment: `;` - add multiline comment: `;!` -
Mar 15, 2017 . 1 changed file with 55 additions and 50 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,70 +1,75 @@ # radare2 load without any analysis (file header at offset 0x0): `r2 -n /path/to/file` - analyze all: `aa` - list functions: `afl` - seek to function: `s sym.main` ## project management - open project: `Po <name>` - save project: `Ps <name>` - edit project notes: `Pn -` ## inspecting a function - show basic block disassembly: `pdb` - show function disassembly: `pdf` - show function arguments: `afa` - show function variables: `afv` - rename function variable: `afvn` - set function variable type: `afvt` - add/analyze function: `af` ## comments: by default, these get displayed in disassembly listings to the right of a line. disable them in V visual mode using ' (single quote). multiline comments are not rendered handled well. they don't look pretty. - add comment (using editor): `CC!` note: multiline comments are not formatted nicely - append comment: `CC <text>` - overwrite comment: `CCu <text>` - show comment: `CC.` - show comment in this function: `CCf` ## visual mode - enter visual mode: `V` - quick command/seek: `_ <search string>` update the list of commands shown here by changing `$R2HOME/hud` ref: http://radare.today/posts/visual-mode/ - show cursor: `c` - add comment: `;` - add multiline comment: `;!` - remove comment: `;-` - set function name: `dr` "flag" means give something a type. like function or symbol. ## graph mode - enter graph modes: `VV` - cycle types of graphs: - forward: `p` - backwards: `P` - types of graphs: - graph view - graph view + opcode bytes - esil - esil + comments - overview - seek to function: `g<identifier>` - undo seek: `u` - show comments: `'` - add comment: `/` - select bb: `???` - seek to next bb: `tab` - seek to previous bb: `TAB` - if bb has conditional branch: - seek to True target: `t` - seek to False target: `f` -
Mar 15, 2017 . 2 changed files with 70 additions and 64 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,64 +0,0 @@ This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,70 @@ # radare2 load without any analysis (file header at offset 0x0): r2 -n /path/to/file analyze all: `aa` list functions: `afl` seek to function: `s sym.main` open project: `Po <name>` save project: `Ps <name>` edit project notes: `Pn -` show basic block disassembly: `pdb` show function disassembly: `pdf` show function arguments: `afa` show function variables: `afv` rename function variable: `afvn` set function variable type: `afvt` add/analyze function: `af` ## comments: by default, these get displayed in disassembly listings to the right of a line. disable them in V visual mode using ' (single quote). multiline comments are not rendered handled well. they don't look pretty. commands: add comment (using editor): `CC!` note: multiline comments are not formatted nicely append comment: `CC <text>` overwrite comment: `CCu <text>` show comment: `CC.` show comment in this function: `CCf` ## visual mode enter visual mode: `V` quick command/seek: `_ <search string>` show cursor: `c` add comment: `;` add multiline comment: `;!` remove comment: `;-` set function name: `dr` ## graph mode enter graph modes: `VV` cycle types of graphs: forward: `p` backwards: `P` types: graph view graph view + opcode bytes esil esil + comments overview graph: seek to function: `g<identifier>` undo seek: `u` show comments: `'` add comment: `/` select bb: `???` overview graph: seek to next bb: `tab` seek to previous bb: `TAB` if bb has conditional branch: seek to True target: `t` seek to False target: `f` -
Mar 15, 2017 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,6 +22,7 @@ comments: add comment (using editor): CC! note: multiline comments are not formatted nicely append comment: CC the comment text overwrite comment: CCu the comment text show comment: CC. show comment in this function: CCf -
Mar 15, 2017 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,6 +23,7 @@ comments: note: multiline comments are not formatted nicely append comment: CC the comment text show comment: CC. show comment in this function: CCf ## visual mode -
Mar 15, 2017 . 1 changed file with 7 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,8 +17,13 @@ show function variables: afv rename function variable: afvn set function variable type: afvt add/analyze function: af comments: add comment (using editor): CC! note: multiline comments are not formatted nicely append comment: CC the comment text show comment: CC. ## visual mode enter visual mode: V -
Mar 15, 2017 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,7 +17,8 @@ show function variables: afv rename function variable: afvn set function variable type: afvt add/analyze function: af add comment (using editor): CC! multiline comments are not formatted nicely ## visual mode enter visual mode: V -
Jun 20, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Jun 20, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Jun 20, 2016 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,6 +16,7 @@ show function arguments: afa show function variables: afv rename function variable: afvn set function variable type: afvt add/analyze function: af ## visual mode -
Jun 20, 2016 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ # radare2 load without any analysis (file header at offset 0x0): r2 -n /path/to/file analyze all: aa list functions: afl seek to function: s sym.main -
Mar 21, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,53 @@ # radare2 analyze all: aa list functions: afl seek to function: s sym.main open project: Po <name> save project: Ps <name> edit project notes: Pn - show basic block disassembly: pdb show function disassembly: pdf show function arguments: afa show function variables: afv rename function variable: afvn set function variable type: afvt ## visual mode enter visual mode: V quick command/seek: _ <search string> show cursor: c add comment: ; add multiline comment: ;! remove comment: ;- set function name: dr ## graph mode enter graph modes: VV cycle types of graphs: forward: p backwards: P types: graph view graph view + opcode bytes esil esil + comments overview graph: seek to function: g<identifier> undo seek: u show comments: ' add comment: / select bb: ??? overview graph: seek to next bb: tab seek to previous bb: TAB if bb has conditional branch: seek to True target: t seek to False target: f