Reverse engineering can very fun. Beginners are mostly scared away because there is a lot of things going on. Fortunately if you have the right tools this becomes manageable for anyone. The proper knowledge about the system and programming is also required.
gdb is still in the top list of disassemblers. However it has some limitations and it’s not that easy to implement scripting. Yes you can use certain plugins like peda and gef which help you out. But why not use radare2 which uses the capstone framework?
You’ll want to use it because…
What is and why use the radare2 ecosystem.
Radare2 is a set of tools used for disassembly and reverse engineering of binaries. You can disassemble and debug many binaries from many architectures by just sitting in your Linux x86 (_64) system without going through any virtual machine or emulation process.
Yes, that’s right you can live debug and modify PE’s on ELF architecture. Or MIPS architecture on your x86 system. Pretty cool.
The best thing about is that it’s scriptable thus you can automate it from your favourite programming language.
You can compare multiple debuggers at this page lovely http://radare.org/r/cmp.html
Is reverse engineering legal?
It is legal to reverse engineer programs for interoperability between
computer programs (look at code and learn from it, modify to make work
with something else).
While some EULA’s forbid it, the copyright laws allow some form or
another regarding compatibility.
Now to understand this better, if you purchased software and it doesn’t
work well on one of your systems you can reverse engineer it to fix
some issues.
Article 6 of the 1991 EU Computer Programs Directive allows reverse engineering for the purposes of interoperability, but prohibits it for the purposes of creating a competing product, and also prohibits the public release of information obtained through reverse engineering of software (source).
But to make it public or integrate features in other projects can make it illegal.
All our examples are custom written code or open source projects. When reverse engineering closed source apps, always read the EULA.
Reverse Engineering tutorials
I’m currently working on a series of tutorials on Reverse Engineering with Radare2 and other tools so you can learn assembly from C.
Installation and setup
Debian way
Installing it on Debian is extremely simple. Although I recommend using
the automated installer from the latest build.
These are the apps we need.
sudo apt-cache search radare2libradare2-1.1 - libraries from the radare2 suitelibradare2-common - arch independent files from the radare2 suitelibradare2-dev - devel files from the radare2 suiteradare2 - free and advanced command line hexadecimal editor
Install it
sudo apt-get install radare2
"Automated" installer
You can use this to either install the newest version or update it. It is very likely that you will need the whole GCC binutils.
Go to the latest release page
https://github.com/radare/radare2/releases
Download the latest version. In my case this was 2.2.0 while the debian
version was 1.1
Download it, unzip it, and open a command line to the radare folder.
Then to install it just type:
~./sys/install.sh
You’ll probably need to type your password and then you can view if it’s installed or updated.
r2 -v
There you go, the latest version!
Other platforms including MacOSX and Windows
Yes, you can get binaries for Windows and MacOSX. Get them from http://radare.org/r/down.html
Getting started
Getting started with radare may not seem pretty straightforward. I recommend going through all the links on the following pages
Aswell as reading the official book provided with radare2.
Or you can just follow the links provided at the top of this page.