Estic a 1 plugin d'acabar la primer etapa d'una reescritura de 90 plugins de r2 que porto 1 any fent. Ha sigut un llarg camí, però aviat podré treure'm aquest pes de sobre i començar la segona etapa que serà molt més divertida i important :radare2: #radare2

I found a nice blog talking about symbol versioning and how to disable versioning check.
Incorrect symbol version is a pain when distributing binaries for linux (ie games), one solution was to use an old ubuntu for building...
Needs for symbol versioning (VERNEED) can be easily removed by using radare2.
#linux #gamedev #radare2
https://maskray.me/blog/2020-11-26-all-about-symbol-versioning

r2svd has been updated to support the latest command call syntax which is faster and safer, avoiding command injection bugs on some specially crafted svd files.

Import your memory mapped device information from your favourite microcontroller into #radare2 with this tool

Run the following command to install the tool.

r2pm -ci r2svd

Someone posted a CVE for the latest #radare2 guess it's about the time to cut a new release which comes with zillions of bug fixes and important improvements, but i wont claim a cve for every bug i find which seems to be what moves some people

I took inspiration in FORTH when designing and implementing the ESIL vm for #radare2 , so here's a good book if you want to learn more about this beauty that is recently getting some traction because of IoT (and yep there's a yearly conference around Forth) https://www.complang.tuwien.ac.at/forth/gforth/gforth-0.7.0.pdf

Blog post introducing malware analysis with radare2 with a the focus on stack string obfuscation and LoadLibraryA usage

https://www.archcloudlabs.com/projects/loadlibrary-analysis/

#radare2 #reverseengineering #infosec #cybersecurity

“Open Source Reverse Engineering: 60 Things In 60 Minutes” showcasing tons of #radare2 features by @hexploitable https://www.youtube.com/watch?v=7l67hP23OIE

Yesterday, while trying to get gdb installed on an old riscv64/debian system image without gpg, wget, netcat or curl, so I end up writing a quickjs script for #radare2 that implemented a "wget" to download all the packages I needed to move forward.

Turns out all I need in life is just an r2 shell. I may probably expose that wget functionality in default r2 to not have to write scripts next time.

The good thing of r2 is that it can be easily crosscompiled to anywhere, ships a modern js runtime and understand all sorts of protocols and file formats without any external dependency (yeah no https). So dropping a static build anywhere is enough to mount a virtual filesystem, setup a webserver, transfer files, execute programs, etc.. without even the need for a posix shell.

The recording of the #radare2 presentation at #fosdem2023 will be soon published. Stay tuned!

#HacktheBox #HTB #CTF #HappyHacking Fun box I even had to open #radare2 for a bit for minor analysis #hacking

#radare2

Tech toot! Wow, #radare2 is worth installing even if just as a programmer's calculator! The assembler/disassembler, CLI interface, hex viewer, etc. are so versatile and modular. This seems so much better suited to debugging my exotic ELF output than GDB.

What I like is that you can learn enough to be useful in a couple hours, yet clearly there's enough functionality to continue learning for months (years?) to even see it all.

Oh, and the docs are excellent:

https://book.rada.re/first_steps/overview.html

Heap analysis with radare2: https://hackliza.gal/en/posts/r2heap/
#infosec #radare2

#radare2 frontend iaito-5.8 lands on Flathub

Source
https://twitter.com/radareorg/status/1606614833679536128

RT @radareorg@twitter.com

iaito-5.8, the official frontend of radare2 is now available in flathub! it ships the latest r2 with javascript, r2ghidra, r2dec and stays sandboxed for your safety concerns, that's the easiest way to get the latest

🐦🔗: https://twitter.com/radareorg/status/1606614833679536128

I hadn’t used radare2 in a few years until last night … tabbed panel mode is such a great terminal based keyboard driven disassembler experience. Will definitely revisit. https://book.rada.re/visual_mode/visual_panels.html #radare2

Figured I should do another #introduction post since my last one is ancient (it mentions a 500 character limit even).

Hi! I am Haystack! I am an automotive (embedded) security person, with experience in both red teaming and secure engineering/architecting. The latter job is mostly just writing requirements (I do not like this) but I always find excuses to actually touch computers whenever I can. I'm developing real strong opinions about secure software development and how to do it.

Tech-related hobbies, when I'm not too burnt out to touch technology, include reverse engineering, fiddling with #radare2, and poking at stray web services.

Non-tech-related hobbies include playing with my kid and #bjj (I am a solidly OK hobbyist purple belt who plays big-man jiu jitsu despite not being a big man). I'm a lapsed USPSA shooter who keeps meaning to find the time & money to pick it back up.

Likes: the over-under pass and properly-implemented secure boot.

Dislikes: Javascript outside the browser (Frida gets a pass) and lapel guard players.

Figured I should do another #introduction post since my last one is ancient (it mentions a 500 character limit even).

Hi! I am Haystack! I am an automotive (embedded) security person, with experience in both red teaming and secure engineering/architecting. The latter job is mostly just writing requirements (I do not like this) but I always find excuses to actually touch computers whenever I can. I'm developing real strong opinions about secure software development and how to do it.

Tech-related hobbies, when I'm not too burnt out to touch technology, include reverse engineering, fiddling with #radare2, and poking at stray web services.

Non-tech-related hobbies include playing with my kid and #bjj (I am a solidly OK hobbyist purple belt who plays big-man jiu jitsu despite not being a big man). I'm a lapsed USPSA shooter who keeps meaning to find the time & money to pick it back up.

Likes: the over-under pass and properly-implemented secure boot.

Dislikes: Javascript outside the browser (Frida gets a pass) and lapel guard players.

Reverse engineering #macOS #malware Part 4: Leveraging Xrefs, #YARA and Zignatures with #radare2 #apple #cybersecurity #security
https://www.sentinelone.com/labs/the-art-and-science-of-macos-malware-hunting-with-radare2-leveraging-xrefs-yara-and-zignatures/

RT @0xor0ne@twitter.com

Sigreturn-oriented programming (SROP) exploitation with radare2 examples by @CaptnBanana@twitter.com

https://bananamafia.dev/post/srop/

#exploit #srop #radare2 #infosec #cybersecurity #hacking

🐦🔗: https://twitter.com/0xor0ne/status/1596051111609237505

Reverse engineering #macOS #malware with #radare2 part 3: String #encryption & #decryption #cybersecurity #apple https://www.sentinelone.com/labs/techniques-for-string-decryption-in-macos-malware-with-radare2/