Radare2, building a new IDA

so we're going to be presenting no prior to which is the open-source reverse-engineering framework and tool set so the on we were

expected to the media but unfortunately it's today so you can make it that will the so my name Jeffrey Krolik

among us suffer engineer at Google on my work on things completely unrelated to work hard to on if you know me it's probably from together at the play for a shellfish and they run the Boston Tea Party circuit an engineer was only answers be graduated and so I'm looking for a job and you can find me on history the book and like my friend of sports morning Paul got up in franchise the so in most of the reverse engineered tool bag it's if you're professional it's most likely at a pro and you need about honoring development the top 3 tools if you're an amateur it's probably also I'm a pro whined about Hopper all about but for amateur on 1 pretty sure that almost not everyone was working at a certain and diverse company in 2011 had here using went about your windows is probably pirated Hopper maybe probably not on an knowledge about this kind of different I don't think anybody is still developing so why is a pro and everyone's like so it's like the de-facto reverse-engineering tool created by the FARC on its 1st was from data rescue and no x-rays it's not open source it's not really affordable supply images don't use it almost every architecture that you could want supported and it has this magic bullet the the compiler and its overall in Austin piece of software and we're trying to make something equally also of this talk is not the book crushing fight or to be here we want to do that summative repulsed by the users yeah for the weapons um so rather to um

rather started in 2006 by Spanish going time that with a forensic tool and the small little and uh you come to the wrong to be some friend of in in 2009 of computing the so it's really portable you can compare it with anything you want and their relation to of all the lines and GPL so you can embed it in your proprietary software and so the the um it's somebody to propose a suite of tools it's not only the compiler all on in you can do really traditional of them with the it's slightly packaging inferring distributional which would be that have that but you could have so centered on source because we're moving really fast from 4 that's really that applicable of weeks ago we've got more than 50 contributors so it's not that should he software written by only 1 kind In this house we are many people behind it are we did the about some of crude because can rejected it so we just say fuck you were going to make all on I think that it was a suite of tools and then we're going to defend them little bit so what type of part 2 of his are 2 comes with the large suite of tools all of them and their names are relatively descriptive what they do so on if the some of the included tools are are and 2 which is a front-end to show code compiler which called R eg on MIT can compile-time programs into tiny binaries generational codes and but this generally what you'd expect of social control ready is using for binary addition so you don't have to succeed you with the craft and I part of the there are added to it so it's a binary programme info extractor basically if you're familiar with read up but this is a similar tool although work on any binary that are 2 works on so P E L off I just Michael basically anything not you can understand our them to understand refine these use research patent firing like you can use it to when you're reversing femur for example a has to is of what its hashing utility of it can do and if I shot 1 shot to physics on basically you want to compute hash on what's the filer of entire file can do this from prior is pretty useful when you're doing city for example because you can prevent exotic environments latent redirected to being there to subjects or put somewhere the lady on it so whatever it is meant to confront completed environment of the binary vectors the what some 2 is assembler-disassembler it's might the most useful part of our to it so for assembling disassembling of various architectures of explained later it's possible so if are 2 does not include the architecture that you like it's very easy to add a new CPU module um rocks some kind of contradictory because you may be tired of spawning a Python shell that we want to want to have a thing that's 1 value and this was value so just use rights to and got to is basically it combines all of the previously mentioned tools into 1 of useful falls CLI before me of is along almost everything ranging from Windows to Linux to be is the you Rosa to QNX who Android and even some smart watches and I know that there are some of the stuff people in the room that we actually managed to run the rather too long the Mazda car or if you want us to run it from from from popular of so that you can do lots of different file formats like Windows file formats PE and z akin to Elf 64 bit self and OSX file formats Marco fat Michael of Java of DEC's basically lots of different types of binaries including someone's that you might not ever want to use like Plan 9 were the only with the countries to the the of Pokémon stories adding support for every type of gambling at another like can make little disorder and this is the 1st about we superbrain fact we've got to working branch the about the DDC use 16 or gamble oil does because so much data that you want to know about like a shitload Geo the meaning actually I think that through the judgment of the some people think inclined to from the other and they want to speak so raw also implements its own the of the basically specify for the raw file type which is but so much is that per cent of a person and it has its own the mn the are 2 can be used to develop a deeper are disassembled and it was presented never think about the future when all we have to support stock white space and properly and that for a single 1 so it's population of such the if you favorite 1 isn't listening to and went on to us and will help you to implement in order to some

more what are the 2 intervals so

at its heart are 2 is generally expose itself as a library of so you can write C you can write anything a hook into the E. R. to share objects on we also have slig envelop around so you can use directly from Python Ruby on of the few other vowel and a few other languages so it's generally pretty easy to build your own tools on top of our so you can reuse analysis features disassembler features things like this but

other by means a pretty boring it's much more difficult to calls his library is it takes more effort if you want is something very quickly it can we have of something called occupied where you basically in spontaneity in the background and issue commands to it and a lot of new tools are being built on us or like quick things for the city of for a quick the quick tools that things like Borken which is a going from you know makes us Spanish guys going going on is based on this so it's we have packages in Ruby gems Python pair of rust crates basically because of 2 things role go basically any language that you we like to use for scripting we probably have a larger pipe for this also it can speed chase them so if you don't want to pass for that to it but by hand you can just as for treason 0 are 2 is

portable so as I mentioned before I you can write a very simple for against you added at a new CPU so you can add Bleecker assembler-disassembler on could analysis so we have 4 for every opcode we can have like the type so you say this is a stop or remove something like this on the registers on that are available on the machine and it's a skull that are available for a system and the dividing layer of new stuff for search we suffer I O basically anything that you would want to add 4 new architecture you can write a applying for this but future

comparison because his talk is entitled in that in that tutorial so that's uh I guess the grade

book and the other 2 receptor the command but we also have a look and that's his like him are there any user in the room maybe units OK so that the sum of the norm um for example you can see on the screen showed that there thing that was David is by a question mark based in for that I this is taken a fall in question not because we wanted the commendation so once you add you to common once since the opportunity can intuitive you can remember them just that the question mark everywhere every single common there that we've documented is way and I got some plug-ins and we've got more been being so that it should have written in the event of a point on is to other than these will come or whatever you want to go through really should of been in a 2 byte even legislation online some as some

graphs and the threat to those but enough jokes I we don't ever succeed you we have some shall and the 1 that the great Spanish she they're woke up and implement as um there is also a meaning that if you don't have a description and you just want to so the rescue you can if the bigger compliance so you can step into the graph and it's completely interactive you can move the graphs around and this is very bright I think buy the bond and this for the and I

they secure an interactive and that was most interactive the um you can do anything you want you can tell anything that you want to read it to um we're mostly using it for 6 years so we don't really care about analyzes support from the eyes capability we just wanted to be interactive to deal with whatever we want so together these common name mark everything modified you can see that there are some rules this odd jumps there are some of the involved including include references and this thing that you want most of the time it's really implementing their attitude

but some well we don't have a you I yet no actually we have some July but the facts their work in progress and in and and the then it

actually stops and that's we've got a visual mode uh solidified due to you staffing either approach but in a more orderly way and we've got to do like to bending over the previously with a question mark or whatever all people print if you want to show a function you just have to eat P for print the forties assembly it f function is the that for element we've got to when you i because I don't know why but it can be used for collaborative reversing the for example you can go and shredded to new i form only what I've watched and divergent from your laptop using you would like but this is pretty cool and you can communicate about applied so for example you can spun application 0 I watch a new friend at the was end of the world candidate on his computer this critical

but he 1 model we've got a better 1 no emotions he's like a little bit like cases and it can be used if you will find the show you can use of Israel it's like a you initial and for example you can see the configuration portal prostitutes in the 80th and think so you cannot buy cross-references use tabs the change this and the t the and you've got the preview in real time but pretty sweet we but will be like a pretty

complete 1 with some uh it doesn't quite that should be endings so we won't be lost there is the meaning that there is some directed graph is assembly function symbols whatever you want but in the world and by as the

bigger so doing and it does everything that you might expect from under the it working visual suited to the visual mode it's a little bit like a product if you know about it it was predicted that black I think and it's mode phylogeny to and you've got this fact compelled to register and it shows his thing you can see that the RIP so really cool and we've got several backends you can use GDP From attitude you can use line DBG deserve you must have that and you can even use the wind the G the window stuff so you can deduct do Windows however is a relative bomb

some grave and I this and we've got analysis that function the diction of love 1st the identity of the to recommence function the works whether to so you can just apply signature and it works and the good thing that you that uh to call then you have to prove that the other 2 like signature to and limbic like but not the other way cross-references were also support to dwarf symbols and PDB with automatic so you can see that there are some single very such color except uh and there are some internal representation language lined and also in add to its goal is to it for a variable string intermediary language on like that and that uh I stepped in each so it's awful to read the the but it's documented and it's easy to write and box uh to some example is so as this continues formulation we've got some kind of simulation walking that is pretty useful for 6 years fault bones from key keychain or correcting and it's currently used also for the compilation and maybe later from the latest we've got to Google Summer of Code students tend to the open or projects the junction working on the compilation and we'll talk more about this later

uh there are some complaints for I that upon stuff but rather to some core this is a screenshot of full rocketed Hunter that work with regular expressions so I'm looking for work 1 and 1 character so in the oath pop pop pop the producer on we also do some of the previously we can we have the path of the magic stuff from at this point and 1 that to mitigation detection of and control ways there but things and rural this is rare and and from rejects crop and stuff then from binary different was

supported you can see a diff between being true and being forced and the only properties changing DM their effects so it's from the last and that move makes 1 on the right so in summary the

so where we currently refer to that so currently we have students who are working with the Google Summer of Code of they're working on a new intermediate languages is called radical our which is going to be the basis for open source C compiler on were working on getting everything to be more stable and faster so we have a key-value store which is currently not use for most things but we expect that once this is more in use everything will be much faster and we just had a new release of 0 . 9 . 9 in june which was just a few weeks ago about this but please shouldn't be using that just use from get there after on we're having a 2nd edition of the Aurora 2 Summer of Code which is I'm going to be starting I think next week their inference on and in general about thousand lines of code are modified each week or moving very quickly new features are being added all the time in general improvements all the time it's the exciting stuff so the drawbacks are compared either with a super steep learning curve of the user interface is not generally friendly to new users we have a lot of features and almost nobody knows how to use all of the targets are very fast moving because new technologies are made all the time the times of great binary analysis tool chains times of great tools for all of us and to keep up with the speeches is pretty tough and is generally much friendlier tool for people that are both used to it and to new users but we have a lot of

benefits so as being a free suffer projects anybody can contribute so anybody can read the source anybody can add new features on 1 of the great community we have the ROC generally we have the over 200 people now we support a lot of exotic architectures maybe ones that either doesn't support new ones that you want to implement yourself it very active development so uh cassette there's a thousand lines the changed every week of what's of new features are added all the time and are using basis is increasing very rapidly

don't because we have this amazing to all who actually uses it so some of the best city of teams in the world is it's of shellfish we use it and how they on I've seen some right from the dragon sector Museum of some popular reverse engineering projects like core core Buddha of magic lantern the from where for of cameras use it there been writeups from Monte my were companies like involved trial active on in a lot of war games have it installed on the Earth and like smash the Sakai 0 and over the wire haven't solved by default so we use it so thank I don't know if you do but maybe you should give it a try the so the

future plans are mostly working on analysis and the violation and emulation so as you know we have yes i l which is our intermediate representation for simulations currently we can emulate most things in x 86 arm of the invoice there's still some functions missing and some syscall stuff is missing so we're working on getting this to 100 % but the compile ation where in a very early stage for this but we expect to have something usable relatively soon and 1 of the major features that everyone wants is going we don't have this but it's something that might be made soon might not be on basically you whatever that users want to model developers want is what goes in 1st and if you want these features let us know so in conclusion I that is

the number 1 tool right now but we should question thus and never 1 should be using the same tools and don't be pirating Ida M. rather is nice then you should use this you should try it the but we've got some summaries like a TV channels from voxels for that and we'll release a practical Miocene and you're free to talk to us if you want to get through threaded through or whatever thank you very much for your attention here

the but do we have some time for questions all questions maybe question there are no questions out of the down to question him right the maybe you can you can read the questions are by I hand so we store things in a project file and you could delete the functions from the project file with the it the the undue is an overrated feature anyway thank you was working I think it working now but the right 1 2 1 2 PM have as a thank you for a presentation I was wondering uh I does like 15 years of existence maybe you should strive to different street and try to uh of something that I does not then now try to replicate I doubt because well you probably at the work resources to reach the point there where you you can't compete with lighter and you mentioned something that's really interesting where I days really bad is for collaborative reversing so maybe Florida for example you could work on the collaborative reversing party using the web UI that would be radio some I guess I don't have enough money to afford either he if it's often a copy of it yeah that's that's a a good point in thinking the the it is the program thank you do uh but I'm Ch