Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,92 @@ | ||
| ## Annotations | ||
|
|
||
| Annotations are a powerful feature introduced in Radare2 5.9.6 that allows users to associate cross-project metadata with specific functions. Unlike comments or other metadata that are tied to a specific project or session, annotations are persistent and stored globally. This makes them particularly useful for tracking notes and observations across different projects without needing to worry about manually saving them. | ||
|
|
||
| The annotations are associated with each function and stored in a dedicated cache directory, making them available even after you leave the session. You can think of annotations as a place to store function-specific notes, decompilation output, or other important information that you want to keep handy. | ||
|
|
||
| ### Using the ano | ||
|
|
||
| Annotations can be managed using the `ano` command. Below is an overview of the available options: | ||
|
|
||
| ```console | ||
| [0x00000000]> ano? | ||
| Usage: ano [*] # function annotations | ||
| | ano show or edit annotations for the current function | ||
| | ano-* remove all annotations of the current file | ||
| | ano* dump all annotations in `ano=` commands | ||
| | ano=[b64text] set annotation text in base64 for current function | ||
| | anoe edit annotation | ||
| | anos show annotation | ||
| | anol show the first line of function annotation if any | ||
| [0x00000000]> | ||
| ``` | ||
|
|
||
| ### Key Features | ||
|
|
||
| 1. **Persistent Across Sessions:** | ||
| Annotations are stored globally in the `~/.local/share/radare2/cache` directory. This ensures that they are accessible across different sessions, even if the project is closed and reopened later. | ||
|
|
||
| 2. **Multiline Annotations:** | ||
| Annotations can contain multiple lines of text, making them ideal for storing detailed notes, such as decompilation output, comments, or any other observations about a function. | ||
|
|
||
| 3. **Cross-Project:** | ||
| Since annotations are not tied to any specific project, they can be shared across different projects that analyze the same binary. This is useful when working with multiple teams or revisiting an old analysis. | ||
|
|
||
| ### Examples | ||
|
|
||
| #### Setting an Annotation for a Function | ||
|
|
||
| To add an annotation to the current function, you can simply use the `ano=` command with base64-encoded text: | ||
|
|
||
| ```console | ||
| [0x00000000]> ano=[b64text] | ||
| ``` | ||
|
|
||
| #### Editing and Viewing Annotations | ||
|
|
||
| If you want to manually edit the annotation for the current function, use the `anoe` command, which allows you to modify the annotation interactively: | ||
|
|
||
| ```console | ||
| [0x00000000]> anoe | ||
| ``` | ||
|
|
||
| You can also view the full annotation using `anos`: | ||
|
|
||
| ```console | ||
| [0x00000000]> anos | ||
| ``` | ||
|
|
||
| If you only want to see the first line of the annotation (which is useful for quick reference), you can use `anol`: | ||
|
|
||
| ```console | ||
| [0x00000000]> anol | ||
| ``` | ||
|
|
||
| #### Removing Annotations | ||
|
|
||
| To remove all annotations for the current file, you can use the `ano-*` command: | ||
|
|
||
| ```console | ||
| [0x00000000]> ano-* | ||
| ``` | ||
|
|
||
| ### Annotations in Action: Using Annotations to Cache Decompilation Output | ||
|
|
||
| Annotations can also be used to improve efficiency when working with decompiled code. For example, the `-e cache=true` setting in Radare2 enables the caching of decompiled output. This prevents Radare2 from having to re-decompile the same function multiple times, thus saving time during the analysis. | ||
|
|
||
| Here's an example of how this works: | ||
|
|
||
| 1. Decompiling a function in language mode normally requires Radare2 to call the decompiler for each function. | ||
| 2. By enabling caching with `-e cache=true`, Radare2 will store the decompilation output in an annotation. The next time you view the same function, the cached annotation will be used instead of calling the decompiler again. | ||
|
|
||
| This is particularly helpful when working with large binaries or performing repetitive decompilation tasks. | ||
|
|
||
| ```bash | ||
| $ r2 -e cache=true <binary> | ||
| ``` | ||
|
|
||
| By leveraging annotations in this way, you can significantly reduce the overhead of reprocessing functions during analysis. | ||
|
|
||
| ### Conclusion | ||
|
|
||
| Annotations are an essential tool for efficiently managing function-specific metadata across multiple sessions and projects. Whether you are adding notes, decompilation output, or general observations, annotations allow you to persist important information and retrieve it at any time. The ability to use annotations for caching decompilation results further enhances the analysis workflow, saving both time and effort. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| ## Challenges Managing Projects | ||
|
|
||
| Managing metadata during binary analysis is a critical aspect of reverse engineering. Metadata includes function names, comments, analysis flags, decompilation results, and much more. However, there are several inherent challenges that reverse engineering tools need to address to ensure efficient project management. Let's explore some of these challenges: | ||
|
|
||
| ### Key Challenges | ||
|
|
||
| 1. **Lack of a Standard Format** | ||
|
|
||
| There is no universally accepted format for saving or sharing metadata associated with binary analysis. Different tools may have their own methods, making interoperability and collaboration across tools challenging. | ||
|
|
||
| 2. **Tool Evolution and Metadata Changes** | ||
|
Check failure on line 11 in src/projects/challenges.md
|
||
|
|
||
| As tools evolve, their analysis algorithms and metadata formats may change. This means that older analysis data may become obsolete or incompatible with newer versions of the tool, potentially leading to discrepancies when reloading projects. | ||
|
|
||
| 3. **Metadata Storage and Analysis Dependency** | ||
|
Check failure on line 15 in src/projects/challenges.md
|
||
|
|
||
| The order in which metadata is stored and loaded is crucial. For example, you cannot name a function before it is analyzed, and any changes to the analysis steps could affect the final outcome. This creates dependencies between analysis steps and metadata storage. | ||
|
|
||
| 4. **Impact of Analysis Order** | ||
|
Check failure on line 19 in src/projects/challenges.md
|
||
|
|
||
| The sequence in which analysis steps are performed can significantly impact the final results. Skipping or reordering analysis commands can lead to different interpretations of the binary. | ||
|
|
||
| 5. **Versioning and Rebaselining** | ||
|
Check failure on line 23 in src/projects/challenges.md
|
||
|
|
||
| Projects can be versioned over time, but rebasing metadata can lead to unexpected outcomes. For instance, changes in one version may conflict with updates in another version, making it difficult to reconcile differences. | ||
|
|
||
| 6. **Real-Time Syncing and Conflicts** | ||
|
Check failure on line 27 in src/projects/challenges.md
|
||
|
|
||
| Synchronizing metadata in real-time between different clients or sessions can lead to conflicts. This can occur when multiple users are analyzing the same binary simultaneously, or when working across distributed systems. | ||
|
|
||
| 7. **Large Metadata Sets** | ||
|
Check failure on line 31 in src/projects/challenges.md
|
||
|
|
||
| As analysis progresses, the amount of metadata grows, and storing or loading large sets of metadata becomes slower compared to keeping it in memory. This adds overhead to project management and can affect performance. | ||
|
|
||
| 8. **Address Space Layout Randomization (ASLR)** | ||
|
Check failure on line 35 in src/projects/challenges.md
|
||
|
|
||
| When debugging, binaries can be loaded at different addresses due to ASLR (Address Space Layout Randomization). This means that metadata must be adaptable to different memory layouts, complicating the process of restoring projects in different environments. | ||
|
|
||
| Note that this problem happens also when working via frida or remote gdb instances. The project metadata needs to save the information relative to the mapthat it is associated, which doesnt needs to be in the same order or even allocated at all because that depends on the state of the execution of the child. | ||
|
|
||
| 9. **User Settings and Metadata Registration** | ||
|
Check failure on line 41 in src/projects/challenges.md
|
||
|
|
||
| User-specific settings can influence how analysis and metadata are registered. For example, if different users have different analysis preferences, the resulting metadata could vary significantly even for the same binary. | ||
|
|
||
| 10. **Handling Incremental Metadata Patches** | ||
|
Check failure on line 45 in src/projects/challenges.md
|
||
|
|
||
| Metadata must be updated incrementally during the analysis. Each change to the analysis (e.g., renaming a function, adding a comment) must be stacked properly, and failure to do so can lead to inconsistency or corruption of the project state. | ||
|
|
||
| ### Why These Challenges Matter | ||
|
|
||
| Looking at the challenges listed above, it's clear that managing reverse engineering projects is a complex task. Each of these issues can affect the accuracy, consistency, and efficiency of the analysis process. This complexity is magnified when working in collaborative environments or when dealing with long-term projects that may span multiple tool versions. | ||
|
|
||
| ### Challenges Specific to Radare2 | ||
|
|
||
| In the case of **Radare2**, the flexibility of the tool—while powerful—adds an additional layer of complexity. Radare2 allows users to configure many aspects of the tool, from analysis steps to how metadata is handled. This makes it harder to find a one-size-fits-all solution for serializing project information into a file and restoring it accurately. | ||
|
|
||
| Unlike other tools that may impose stricter constraints or fewer configuration options, Radare2's versatility requires more care when saving and loading projects. This flexibility, while advantageous for advanced users, can lead to additional challenges in managing project metadata. | ||
|
|
||
| ### Conclusion | ||
|
|
||
| Understanding these challenges helps users troubleshoot potential issues that may arise when managing projects. Whether it's dealing with metadata conflicts, loading times, or tool versioning, addressing these problems head-on will improve both the efficiency and accuracy of reverse engineering workflows. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,28 @@ | ||
| ## Handmade Projects | ||
|
|
||
| When you need full control and complete flexibility over your project metadata, you can choose to create a set of scripts that manage your binary analysis. This allows you to: | ||
|
|
||
| - Load the binary. | ||
|
Check failure on line 5 in src/projects/handmade.md
|
||
| - Set the base address. | ||
| - Configure the memory layout. | ||
| - Run specific analysis commands. | ||
| - Have full control on the steps | ||
|
|
||
| Note that having full control on the commands you run is important in a variety os sutations (read the section on challenges for more details). | ||
|
|
||
| As long as handmade projects are organized in directories and files it is ideal to use it with git, allowing other people to jump into the same files and have a proper versioned. | ||
|
|
||
| These scripts are essentially the entry points for your analysis. However, this approach comes with a trade-off: comments, flags, or function names won’t be saved automatically when exiting the session. Instead, you’ll need to manually type them into the scripts every time they are required. | ||
|
|
||
| This workflow demands consistency and discipline from the user. It’s crucial to maintain an organized system to ensure that important metadata isn’t lost, as nothing is auto-saved unless explicitly written into the project script by the user. | ||
|
|
||
| ### Advantages and Best Practices | ||
|
|
||
| Handmade projects allow you to fully customize your setup. Since they are typically organized into directories and files, they are ideal for use with Git, which provides version control and enables collaboration. | ||
|
|
||
| ### Folder Organization | ||
|
|
||
| To begin, create a directory to store the binaries you want to work on. Then, you can create a **Makefile** or a shell script to automate running commands: | ||
|
|
||
| ```console | ||
| $ mkdir project/bins | ||
|
|
@@ -21,40 +33,65 @@ $ echo r2 -s main -i script.r2 bins/ls > main.sh | |
| $ chmod +x main.sh | ||
| ``` | ||
|
|
||
| Next, you can edit the `script.r2` file to include the commands you need: | ||
|
|
||
| ```bash | ||
| aaa | ||
| CC good boy @ sym.success | ||
| ``` | ||
|
|
||
| Running the script is simple. Just execute `./main.sh` to open the project. You can set up custom memory maps, load contents from RAM, enable cache, patch instructions, and much more. | ||
|
|
||
| ### Radare2 Primitives | ||
|
|
||
| Much of Radare2’s environment is built around shell commands. Many commands include a `*` suffix or subcommand that lists data in Radare2 commands. | ||
|
|
||
| For example, to save flags: | ||
|
|
||
| ```console | ||
| > f* > flags.r2 | ||
| ``` | ||
|
|
||
| And to reload them: | ||
|
|
||
| ```console | ||
| > . flags.r2 | ||
| ``` | ||
|
|
||
| You can apply this same principle to comments (`CC*`), function names (`afn*@@F`), and more. | ||
|
|
||
| ### Default Script Behavior | ||
|
|
||
| If you save an `.r2` script in the same directory as the binary, Radare2 will prompt you to run it upon opening the binary. This can save time by eliminating the need to use the `-i` flag: | ||
|
|
||
| ```bash | ||
| $ echo '?e hello world' > ls.r2 | ||
| $ cp /bin/ls . | ||
| $ r2 ls | ||
| Do you want to run the 'ls.r2' script? (y/N) | ||
| ``` | ||
|
|
||
| ### Advanced Customization | ||
|
|
||
| You can learn more about custom handmade projects in the firmware reversing chapter of this book, where you’ll find examples of setting up memory layouts and project configurations. | ||
|
|
||
| For users who enjoy customization, Radare2 allows you to modify the environment by tweaking variables such as `scr.prompt` for a custom command prompt. For example: | ||
|
|
||
| ```bash | ||
| $ r2 -p jeje | ||
| -- The more 'a' you add after 'aa' the more analysis steps are executed. | ||
| [0x00000000]> e scr.prompt.prj=true | ||
| <jeje>[0x00000000]> e prj.name | ||
| jeje | ||
| <jeje>[0x00000000]> | ||
| ``` | ||
|
|
||
| ### Autosaving Options | ||
|
|
||
| Radare2 also provides a mechanism for users to define actions that are performed when leaving the shell. The `cmd.exit` configuration variable can be set to run specific commands or scripts when the session ends. For example, you could create a `.r2.js` script that saves all comments and function names before closing the session. | ||
|
|
||
| However, it’s important to remember that it’s up to the user to manage and manually update project scripts with new flags, analysis commands, or comments. While this approach requires more effort, it offers unmatched flexibility. | ||
|
|
||
| ### Conclusion | ||
|
|
||
| The handmade project approach in Radare2 provides full control over your workflow but requires meticulous organization and manual updates. Over time, these processes will improve, and user contributions are always welcome, whether through feedback or pull requests. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,26 +1,7 @@ | ||
| # Introduction to Projects | ||
|
|
||
| When working on a binary analysis, there are scenarios where you need to continuously work on a single or a set of binaries over a long period of time. This could be due to the complexity of the binaries or the amount of time required for in-depth analysis. | ||
|
|
||
| In such cases, you often want to store and keep track of your progress, such as comments, function names, and other metadata, so you don’t have to redo or reanalyze the same information every time you reload the binary. | ||
|
|
||
| This chapter will explore how to handle these needs efficiently by introducing Radare2 projects. We will also discuss the challenges and limitations inherent in this process. Although managing projects may seem straightforward, it is one of the more difficult issues to address, and it's essential to understand why before delving into solutions. |
Oops, something went wrong.