radare2

The radare2 suite aims to create a comprehensive toolchain for reverse engineering tasks. It includes an hexadecimal editor (radare) with support for multiple backends for local/remote files, debugger for OS X, BSD, Linux, W32, stream analyzer, assembler/disassembler for architectures like x86, ARM, PPC, m68k, Java, MSIL, SPARC, code analysis modules, and scripting facilities. Additional tools include radiff for binary diffing, rax for base conversion, rasc for shellcode development, rabin for binary information extraction supporting PE, mach0, ELF, class formats, and rahash for block-based hashing.

Use cases encompass malware analysis, vulnerability research, software debugging, and binary patching across diverse architectures and formats. The suite's modularity allows seamless integration of components like r2pm for package management, r2r for testing, and r2agent for remote sessions.

Packages provided include libraries (libradare2-6.0.0t64), architecture-independent files (libradare2-common), development files (libradare2-dev), and the main radare2 binary along with companion tools.

radare2 operates through a wrapped IO layer supporting multiple backends for file handling and debugging across platforms. It features an interactive shell for commands like analysis ('aaa'), disassembly, and scripting. Binaries are loaded with specified architecture (-a), bits (-b), and base address (-B). Tools like rasm2 handle assembly/disassembly, rabin2 extracts metadata via parsers for ELF/PE/mach0, radiff2 computes diffs using graph or delta modes, while utilities like rahash2 perform block-based computations with configurable algorithms and endianness. ESIL expressions enable emulation, and SDB databases store signatures and metadata.