The well-known free and open source reverse engineering framework radare2 is becoming more popular among the computer security community with a large variety of people using it to deal with all kinds of different situations: from hobbyist CTF players to professional low-level reversers and malware analysts. Despite that, we notice that there is still a lot of fear, uncertainty and doubt around its capabilities and usage, which, in our honest opinion, is unjustified and not well-founded.
In this talk we will focus on explaining how easy is to actually start working with radare2 to accomplish meaningful results as well as demystifying it, with the aim of helping users and professionals to get comfortable with radare2 and get the maximum of it with no sweat.
The didactic approach of the talk will be eminently practical with examples and demos complementing each section being discussed. The contents of the presentation and the general outline will be as follows:
Overview of the radare2 framework: Tools included and capabilities
Basic commands and interaction with radare2
Visual modes and navigation
Configuration and customization
Code emulation with ESIL: architecture abstraction and applications
Extensibility and scripting: r2pm package manager, native bindings and r2pipe
Common use cases: static reversing, exploiting, & debugging
Extras: Cutter, r2frida etc
Conclusions
Documentation, resources and support
There are no specific knowledge requirements for attendees, although the following is desired:
Basic understanding of computer organization and operating systems.
Basic understanding of x86/x64 ASM and C language is desired.
Please bring a laptop running a GNU/Linux distribution (natively or on a VM) with the following installed:
Latest version of radare2
Latest version of Cutter
Latest version of r2frida
Latest version of r2pipe (for python)