# radare2 — Open-Source Reverse Engineering Framework > A portable command-line reverse engineering framework providing disassembly, debugging, binary analysis, and patching across dozens of architectures. ## Install Save as a script file and run: # radare2 — Open-Source Reverse Engineering Framework ## Quick Use ```bash # Install on Debian/Ubuntu sudo apt install radare2 # Open a binary for analysis r2 -A ./target_binary # In r2 shell: list functions afl # Seek to main and print disassembly s main; pdf ``` ## Introduction radare2 (r2) is a portable open-source reverse engineering framework that runs from the command line. It supports disassembly, debugging, binary diffing, and patching for a wide range of processor architectures and file formats, making it a staple tool in CTF competitions and malware analysis. ## What radare2 Does - Disassembles binaries for x86, ARM, MIPS, RISC-V, and 30+ architectures - Provides an interactive shell with hundreds of commands for binary exploration - Debugs local and remote processes via GDB, LLDB, and native backends - Patches binaries in place for quick modifications - Supports scripting via r2pipe in Python, JavaScript, Go, and other languages ## Architecture Overview radare2 is written in C with a layered architecture: r_io handles I/O across files, processes, and remote targets; r_asm and r_anal provide disassembly and analysis; r_bin parses executable formats; r_debug manages debugging sessions. The r2pipe API exposes all functionality over a JSON protocol for external scripting. ## Self-Hosting & Configuration - Install via system package managers or build from source with meson - Configure personal settings in ~/.radare2rc - Install community plugins via r2pm (radare2 package manager) - Use Cutter (the official Qt GUI) for graphical analysis workflows - Connect to remote targets with r2 -d gdb://host:port ## Key Features - Visual mode for interactive graph and hex views in the terminal - Binary diffing (radiff2) to compare two versions of a binary - ESIL (Evaluable Strings Intermediate Language) for architecture-independent emulation - r2ghidra plugin integrating Ghidra's decompiler directly into the r2 workflow - Extensive format support including ELF, PE, Mach-O, DEX, and raw firmware ## Comparison with Similar Tools - **Ghidra** — richer GUI and decompiler, but heavier and requires JDK - **IDA Pro** — commercial gold standard, faster for large binaries but expensive - **Binary Ninja** — clean API and modern UI, commercial license required - **Cutter** — the official GUI for radare2, for users who prefer graphical analysis ## FAQ **Q: What is the learning curve for radare2?** A: The CLI-first design has a steep initial curve. The built-in help system (append ? to any command) and visual mode help ease the process. **Q: Can radare2 decompile code?** A: With the r2ghidra or r2dec plugins, radare2 can produce pseudocode output similar to commercial decompilers. **Q: Is radare2 suitable for malware analysis?** A: Yes. Its sandboxed I/O layer and emulation capabilities make it effective for static and semi-dynamic malware analysis. **Q: How does radare2 compare to Ghidra for team collaboration?** A: Ghidra has built-in multi-user project sharing. radare2 is primarily single-user, though r2pipe enables custom collaboration workflows. ## Sources - https://github.com/radareorg/radare2 - https://rada.re/n/ --- Source: https://tokrepo.com/en/workflows/asset-fdf3230e Author: Script Depot