Esta página se muestra en inglés. Una traducción al español está en curso.
SkillsMay 4, 2026·3 min de lectura

radare2 — Open-Source Reverse Engineering Framework

A portable command-line reverse engineering framework providing disassembly, debugging, binary analysis, and patching across dozens of architectures.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
radare2 Overview
Comando de instalación directa
npx -y tokrepo@latest install fdf3230e-47f8-11f1-9bc6-00163e2b0d79 --target codex

Ejecutar después de confirmar el plan con dry-run.

Introduction

radare2 (r2) is a portable open-source reverse engineering framework that runs from the command line. It supports disassembly, debugging, binary diffing, and patching for a wide range of processor architectures and file formats, making it a staple tool in CTF competitions and malware analysis.

What radare2 Does

  • Disassembles binaries for x86, ARM, MIPS, RISC-V, and 30+ architectures
  • Provides an interactive shell with hundreds of commands for binary exploration
  • Debugs local and remote processes via GDB, LLDB, and native backends
  • Patches binaries in place for quick modifications
  • Supports scripting via r2pipe in Python, JavaScript, Go, and other languages

Architecture Overview

radare2 is written in C with a layered architecture: r_io handles I/O across files, processes, and remote targets; r_asm and r_anal provide disassembly and analysis; r_bin parses executable formats; r_debug manages debugging sessions. The r2pipe API exposes all functionality over a JSON protocol for external scripting.

Self-Hosting & Configuration

  • Install via system package managers or build from source with meson
  • Configure personal settings in ~/.radare2rc
  • Install community plugins via r2pm (radare2 package manager)
  • Use Cutter (the official Qt GUI) for graphical analysis workflows
  • Connect to remote targets with r2 -d gdb://host:port

Key Features

  • Visual mode for interactive graph and hex views in the terminal
  • Binary diffing (radiff2) to compare two versions of a binary
  • ESIL (Evaluable Strings Intermediate Language) for architecture-independent emulation
  • r2ghidra plugin integrating Ghidra's decompiler directly into the r2 workflow
  • Extensive format support including ELF, PE, Mach-O, DEX, and raw firmware

Comparison with Similar Tools

  • Ghidra — richer GUI and decompiler, but heavier and requires JDK
  • IDA Pro — commercial gold standard, faster for large binaries but expensive
  • Binary Ninja — clean API and modern UI, commercial license required
  • Cutter — the official GUI for radare2, for users who prefer graphical analysis

FAQ

Q: What is the learning curve for radare2? A: The CLI-first design has a steep initial curve. The built-in help system (append ? to any command) and visual mode help ease the process.

Q: Can radare2 decompile code? A: With the r2ghidra or r2dec plugins, radare2 can produce pseudocode output similar to commercial decompilers.

Q: Is radare2 suitable for malware analysis? A: Yes. Its sandboxed I/O layer and emulation capabilities make it effective for static and semi-dynamic malware analysis.

Q: How does radare2 compare to Ghidra for team collaboration? A: Ghidra has built-in multi-user project sharing. radare2 is primarily single-user, though r2pipe enables custom collaboration workflows.

Sources

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados