The state of r2land
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 542 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/61439 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2023339 / 542
2
5
10
14
15
16
22
24
27
29
31
36
43
48
56
63
74
78
83
87
89
95
96
99
104
106
107
117
119
121
122
125
126
128
130
132
134
135
136
141
143
146
148
152
155
157
159
161
165
166
168
170
173
176
180
181
185
191
194
196
197
198
199
206
207
209
210
211
212
216
219
220
227
228
229
231
232
233
236
250
252
256
258
260
263
264
267
271
273
275
276
278
282
286
292
293
298
299
300
302
312
316
321
322
324
339
341
342
343
344
351
352
354
355
356
357
359
369
370
372
373
376
378
379
380
382
383
387
390
394
395
401
405
406
410
411
413
415
416
421
426
430
437
438
440
441
443
444
445
446
448
449
450
451
458
464
468
472
475
476
479
481
493
494
498
499
502
509
513
516
517
520
522
524
525
531
534
535
537
538
541
00:00
String (computer science)CodeRead-only memoryMotion blurElectronic signatureEmailMathematical analysisSlide ruleServer (computing)Spherical capGamma functionRange (statistics)ArchitectureFocus (optics)Suite (music)Ideal (ethics)Uniqueness quantificationLevel (video gaming)Web pageAnalogyFingerprintTerm (mathematics)Default (computer science)Port scannerMenu (computing)Hacker (term)Fuzzy logicProof theorySet (mathematics)Presentation of a groupPosition operatorProjective planeAuthorizationGame theoryBlogMobile WebCartesian coordinate systemSoftware developerTraffic reportingInformation privacyDynamical systemReverse engineeringDifferent (Kate Ryan album)MiniDiscPattern languageText editorSoftwareOpen sourceComputer fileSlide ruleComputer fontPlug-in (computing)Information securityVirtual memoryGraphical user interfaceAddress spaceUser interfaceFile systemOperating systemLevel (video gaming)MappingHard disk driveFlow separationInterface (computing)Semiconductor memoryProcess (computing)CodeEndliche ModelltheorieComputer architectureContent (media)SpacetimeFunction (mathematics)Formal verificationString (computer science)BefehlsprozessorFrame problemPlanningElectronic mailing listHacker (term)Focus (optics)Library (computing)Video game consoleMultiplication signInstance (computer science)PhysicalismRemote procedure callFormal languageKeyboard shortcutRun time (program lifecycle phase)DampingDisassemblerWritingReading (process)Network socketReal numberCore dumpObject (grammar)Scripting languageSingle-precision floating-point formatComputer programmingVariable (mathematics)Software bugConstraint (mathematics)Router (computing)Web browserComputer configurationWebsitePhysical systemResultantBitGrand Unified TheoryPhase transitionBoss Corporation1 (number)ECosIdeal (ethics)Office suiteVideoconferencingCombinational logicRight angleControl flowFamilyPoint (geometry)Binary codeGrass (card game)Bit rateMetropolitan area networkAsynchronous Transfer ModeFitness functionDiagram
08:25
Server (computing)EmailCodeFocus (optics)Mathematical analysisHacker (term)Electronic signatureInformationThread (computing)Electronic data interchangeWeb pageCAN busHidden surface determinationHash functionModul <Datentyp>Port scannerRead-only memoryLipschitz-StetigkeitSoftware repositoryRange (statistics)Form (programming)Internet forumSocial classComputer architectureOperator (mathematics)NumberStatement (computer science)Virtual machineControl flow graphLevel (video gaming)Interface (computing)2 (number)MetadataData structurePattern languageFunctional (mathematics)outputDebuggerInformationLibrary (computing)Single-precision floating-point formatString (computer science)Different (Kate Ryan album)Binary codeEmailSemiconductor memoryFile formatSocial classFile systemPlug-in (computing)Remote procedure callCodeMultiplication signMathematical analysisGenerating functionBinary fileComputer fileJava appletCartesian coordinate systemVirtualizationBootingSymbol tableDigitale VideotechnikKeyboard shortcutElectronic signatureCompilation albumDisassemblerCompilerScripting languageRepository (publishing)WindowData managementGastropod shellLine (geometry)Local ringParsingContent (media)SpacetimeProper mapFlagComputer programmingEndliche ModelltheorieBlock (periodic table)Parallel portDifferenz <Mathematik>MereologyNeuroinformatikBarrelled spaceBlogMusical ensemblePhysical systemGroup actionGraph (mathematics)Offenes KommunikationssystemLatent heatExpected valueBitDivisorComputer configurationIncidence algebraHypermediaAsynchronous Transfer ModeGoogolWhiteboardCycle (graph theory)Video gameRight angleHoaxQuicksortElement (mathematics)
16:45
Java appletCodeInterface (computing)Object (grammar)Slide ruleWeb pageErlang distributionVideo game consoleFingerprintWebsiteGroup actionInteractive televisionFormal languageComputer programmingSource codeRun time (program lifecycle phase)Plug-in (computing)File systemData structureLibrary (computing)Functional (mathematics)Row (database)Video gameQuicksortMetadataProfil (magazine)TelecommunicationTap (transformer)Service (economics)Type theoryFile formatDescriptive statisticsCommunications protocolDifferent (Kate Ryan album)Web 2.0Process (computing)Network socketLengthSlide ruleBlock (periodic table)CodeAlgorithmCryptographyLatent heatServer (computing)Interface (computing)PasswordParameter (computer programming)Projective planeConstraint (mathematics)Buffer overflowScripting languageFront and back endsPOKEBoundary value problemThread (computing)Repository (publishing)Electronic signatureMultiplication signAssembly languageCartesian coordinate systemHash functionAndroid (robot)outputRemote procedure callInjektivitätComputer configurationInterpreter (computing)Visualization (computer graphics)Field (computer science)Control flowDesign by contractFunction (mathematics)Web browserRadical (chemistry)Patch (Unix)Physical systemHand fanPhysical lawBlogRight angleWorkstation <Musikinstrument>Limit (category theory)GodHydraulic jumpTraffic reportingLie groupPlanningView (database)Focus (optics)Coefficient of determinationGame theoryBoss CorporationForm (programming)Speech synthesisMessage passingDataflowClient (computing)Arithmetic meanFreewareSheaf (mathematics)Musical ensembleCondition numberLine (geometry)
25:05
Musical ensembleData typeGamma functionSolid geometrySlide ruleWeb pageReduction of orderSoftware testingSlide ruleContent (media)CircleAsynchronous Transfer ModeFunction (mathematics)Special unitary groupDrop (liquid)Interface (computing)Drag (physics)ResultantLatent heatDialectFile formatFrame problemGraph (mathematics)Software testingFreewareWindowTunisTerm (mathematics)Projective planeServer (computing)MultiplicationINTEGRALMultiplication signLine (geometry)Graph coloringDirection (geometry)AuthorizationGraphical user interfaceWeb 2.0BuildingArithmetic meanRight angleMusical ensembleLink (knot theory)Revision controlControl flowWritingSelf-organizationGroup actionInteractive televisionDataflowUser interfaceGUI widgetGastropod shellPerturbation theoryStability theoryPlanningSoftware developerCore dumpControl flow graphRobotInstallation artPhysical systemComputer programmingAddress spaceCodeBitVolumenvisualisierungVertex (graph theory)
29:23
Program flowchart
Transcript: English(auto-generated)
00:05
So in this presentation I will try to show you the project, what's the current state, the features, most used plugins, and which are the main features. Okay, so first of all, a quick presentation. I'm Sergio Alvarez. Everybody knows me by my nickname, which is Pancake. I'm the author of her tool.
00:23
I live in Barcelona, and I work at NavSecure, which is a company from the U.S. We basically use different static and dynamic instrumentation tools for analyzing applications and find out privacy issues, like identifying if the application is leaking data, stuff like that, and then generate some reports for the customers and developers to improve the quality of the applications.
00:47
So I work as a senior mobile security analyst. I like command line tools. I like command line text interfaces. I wrote many open source software, so my first goal is basically publishing all the stuff that I'm doing, so I like free software.
01:05
I'm maintaining the whole R2 ecosystem nowadays, so I'm basically focusing on R2, but I also maintain R2Kedra, R2Frida, and many other plugins that work with R2.
01:20
We have to reduce the font size here. This slide is a little bit crowded. So it's a 17-year-old project, so I started this tool basically as a forensic tool. I wanted to recover some files that are lost in a hard drive. The thing is that I was working as a forensic analyst, but I was not going to use the private software that was in the company,
01:45
so I wrote a simple external editor that was able to find some patterns in the disk and then dump like one megabyte from there. After this, I was interested in participating in some CTF and different competitions for reverse engineering, and I found out that there were so many tools that didn't really solve my problem.
02:05
So starting by, for example, GDB, it was not possible to script it at the time, and typing comments all the time was kind of tedious, and I just wanted to automate many things. Also, there were external editors, but it was not possible to extend them with plugins or anything like this. There were disassemblers, but object dump is cool, but it's not interactive, and the only interactive tool was private, which is IDA.
02:28
Anyway, there was no real ecosystem for open source to solve any of these problems at once. There were so many little tools that were solving one problem, but not really being able to integrate with the rest of the ecosystem or other tools.
02:41
So I decided to start picking ideas, picking tools, developing everything from scratch. That's why I did R2, because R2 is not depending on anything, so you only depend on the POSIX, like SLPSY, and all the rest of the dependencies are written from scratch, like console handling, read-line interface, all the socket interface, parsing libraries, disassembling things, etc.
03:03
It's less sensitive than the LGPL3. The focus of the project is basically to read other tools and be useful for hackers. It's not going to be a general-purpose solution for all the problems, because, for example, I don't plan to write disassemblers from scratch.
03:21
I think that there are better projects for this, so I'm integrating them into R2. The same goes for lip-hook. It's one of the tools that is able to use R2. It's fully written in C. I mainly focus on portability, because I like the things that I write to run everywhere, so the only option nowadays is C.
03:41
I mean, there are some vast haters around, but anyway. The thing is that R2 can be compiled into WebAssembly, so you can run R2 inside your browser. You can also build it in a statically-linked single binary, so you can drop it in a router. This year, I plan to port it to a UFE, so you can run R2 inside your bootloader,
04:01
and then you can use an operating system to use R2 on file systems and things like that. There are some really high constraints on all the code that are shipped in R2. There is a CI that is basically verifying everything. There is a 24-7 fuzzer that is running and finding bugs and fixing them.
04:20
My policy is I don't let bugs stay for more than one day. The code cannot contain set-jump or aborts or asserts or anything like this, because if you are doing something in hot, you don't want things to crash or to break. The idea is that all the code that is running in R2 must be used from a library,
04:43
so I don't want to use double variables. I don't want to depend on something that, if it's not parsing properly, I don't want to crash. If the malloc is failing, I want the program to still run, things like this. This is the main concern that I have when I write code for R2.
05:02
It's developing a single repo, but it's separate in different models. It's a big project in one repository, but there is a bunch of libraries. Each library has a bunch of plugins, and many of these plugins are integrated or expose interfaces for extending it with scripting languages.
05:20
At the end, it's basically different layers of capabilities that can be extended pretty easily at different layers. There is a command line interface. You have a prompt, you can type things. There is a visual mode, which is basically a list of commands that you execute every time that you press a key. And then you have the panels mode, which is you can make splits,
05:43
you can have different tabs, you can have different frames and so on. And then there is web interface. There are some people writing graphical interfaces for it, like Yaito, which is the QT interface for it. For scripting, the easiest way for scripting R2 is R2Pipe, which is basically the simplest interface for interfacing with anything,
06:03
which is basically you run something, you pass a string with a command, and then you get the output of the command as a string. But there is also bindings for the C API. There's automated bindings for Python, for Rust, et cetera. And there is also support for using these bindings
06:22
from different scripting languages. So what are the libraries implementing or exposing? So you have the IO library, which is basically abstracting the access to the IO. This basically defines how you access a file. Everything is abstract. This means that a file doesn't need to be anything physical.
06:43
You cannot map a full file in memory and then work on it because this is abstracted by the IO. So you can map a remote file running in a remote instance of R2, so you can run R2 as an instance. Then you can map, for example, a ptrace, a backend,
07:01
which is basically reading and writing memory from another process. And this is like another IO interface. And all that stuff is just the file descriptor. So when you have one IO open, then you can map this file descriptor into separate maps. A map is basically a portion of the memory taken from the file descriptor. So you say that from this offset to this offset from this file descriptor
07:22
will be mapped in this virtual address in the IO space of R2. And then there are IO banks. IO banks are basically a bunch of maps. So you can have separate memory spaces. For example, you want to emulate a thread-local stretch. You can have one IO space that only contains the contents of the thread-local stretch.
07:42
But then there is another bank that contains all the memory layout of the processing memory. And you can do that just by typing commands. You can do this also by using the API. Anyway, it's also possible to create circular memory maps and memory layouts. For example, B850 is like an architecture
08:01
that is used for automobile and things like that. And this architecture basically relies on having some solid infrastructure. So you see there are some models that have two CPUs executing the same code at the same time. And there is a verification that two CPUs are doing exactly the same at runtime. And the memory of this CPU is basically circular.
08:23
So there are some references that are going backward. So you have like one instruction at the zero address that is referencing something up. And this something up is basically going to the negative of other space. And this negative other space is not 32-bit in size. It's 26, for example.
08:41
So you can basically configure this kind of things inside R2 and you can basically get emulation, all the flags which are basically naming assets in all these things and everything will be shaped properly. You can also define bit-sized memory spaces like 7-bit bytes and things like this. It's also able to parse binary formats.
09:02
This works on any of the memory layouts that I just said before. So you can parse from memory, you can parse from disk. There is support for the most well-filed formats from console, binary, ROM, headers like Gameboy, etc. But there is also for L, P, Markov, etc.
09:21
It's also parsing, DWARF, PDB and other debug information. This is only for getting like an address of memory, taking like a file name and so on. It's not really exporting all the structures and so on but it's also possible to do that in the future or using external libraries. It's also parsing like class information from Swift, Objective-C or C++ binaries.
09:46
And all that stuff is integrated inside R2. It's abstracting all the information from all these final formats into a single naming. So for example, imports in P is not the same as like an import in L
10:01
but for R2 it's the same. So when you list what a binary is importing from other libraries you can just use, give me the imports. You don't have to use like different APIs or different commands depending on the file format. So it's unifying all the formats into a single naming. It's also for disassembling and assembling.
10:23
It's using like one API so there is like a library that exposes an interface for doing this. And this library exposes plugins so there's like plugins that are used by this API and then you can basically implement like new architectures like writing plugins for this library.
10:41
But it's not only used for assembling and disassembling which is basically text bytes. There is more low level detailed information like you can, for some architectures you can get like structure metadata like which is the first operand which is the size of the second argument, things like this. But it's also exposing a seal. A seal is like a very simple text interface
11:02
for explaining what an instruction is doing at low level. It's very similar to FORTH, like a stack-based machine and it's basically one statement separated by comma. So you have like O comma A X comma equals means that it will be pushing the number then pushing the resistor name and then pushing the operation which is the equal
11:22
and then popping up from the operation to execute the statement. The reason for that is because there is so many ways to extend or to define an architecture and there is some really fucked up things that can be done in so many architectures. So I was not going to define extensible structures
11:43
or doing some really complex things because at the end I was always finding something that was not compatible with another architecture and I ended up saying okay I just can define a comma separated string that it's just located in a single memory chunk and I can just split it by comma and then emulate that.
12:01
So there is a bunch of tools or libraries that are using CIL to extract this information and then use that for emulation, use that for extracting information from a specific instruction or even for the compiling. It's very portable so it works and supports debugging also so you can do local and remote debugging.
12:23
This means that you can run R2 as a local debugger in your Linux, Mac, or iOS device but you can also attach to a remote gdb or one dbg, etc. It has functionality for searching for different patterns so you can search for strings, access model values, you can also find me something
12:43
that is repeated multiple times and then it will be finding if there is any pattern that is repeated many times and give you the offset of these things. It's also able to generate function signatures so by taking all the whole analysis for the program it will identify all the functions, basic blocks, etc. and then you can generate metadata for each of these functions
13:02
and this metadata can be imported again to search for this information in another binary. So you have one binary with DORF information or debug symbols, then you can reimport this into a binary that is a stripit and then you can basically identify these data structures or functions in another binary that is not containing this data.
13:22
It's also possible to diff code at code level but you can also diff data, you can find using delta diffing so you have two binaries that contain the same data but in different offsets it will identify which offset is the stripit in the other binary and which is the main difference from that. It's not byte per byte level instruction checking.
13:44
You can also diff basic blocks like two control flow graphs and then identifying which basic block is added, which removed or if there is a percentage of difference so you can use that for bind diffing and you can also find differences like abdiff
14:00
for getting like there is new symbols removed or things like that. And I also took code from GRAP, GROOP which is basically the bootloader and I used that for parsing file systems. The thing is that GROOP is doing a lot of things for like assuming that the file system is correct
14:20
and R2 will never assume that anything is correct so if there is like a corrupted file system I want to be able to mount it. So R2 is using this code basically for mounting file systems you can have like a fake or like a virtual file system interface in Sartor 2 and you can use that for mounting local or remote file systems. You can use R2 free, I will show that later
14:40
but I don't have time for showing it but anyway I will. You can use Frida which is like a tool for injecting code in remote applications and you can use TCP or USB for communicating with that and then Frida can expose like an interface for accessing files remotely. So you can mount zips in a remote file system extract the zip contents from one binary parse the binary in local
15:01
mount that memory layout in local and then whatever you like to do with these things. Okay, obviously there is like a huge amount of things that can be done with that so there is a need for a packet manager. So I wrote R2-PM, it was like a 200 line shell script so it's not really a big thing
15:21
but one year ago I decided to write it in C so this way you can basically run the packet manager anywhere even in Windows. So it doesn't depend on anything that is not the same R2. So this packet manager is basically pulling a zip repository and this repository contains like scripts and this script is basically defining a very simple way for installing and uninstalling.
15:44
So it defines instructions for compiling and installing the plugin and there is basically a bunch of tools that are installed in your home and also plugins that are loaded by R2. So the most common or most used plugins for R2 are
16:02
for example about the compilers you have like r2-deck you have r2-gidra, r2-red-deck so if you know Ghidra for example they provide like a compiler there is like a part of the compiler which is written in C++ not in Java and this code can be reused for writing other compilers
16:20
depending on the whole Java thing. Then there is red-deck which is the compiler based on LLVM and a bunch of parallel scripts that mess the thing and they basically use the compiler toolchain to do the backward steps to get from the binary disassembly to get like C-like code for the compiling.
16:42
Then you can also use the Afora there is support for signatures for IDA there is like native signatures there is like some repository of people writing this. And then there is support to Frida if you know Frida who knows Frida? Raise your hand. Okay, half of the room.
17:01
Is that the compiler, right? No, Frida is a tool that basically injects code in a remote process and then there is an agent that is running in a separate thread inside the process so you can basically instrument the process at runtime and you can basically inject JavaScript code or C or assembly inside the remote process and instrument that.
17:21
You can use that for profiling you can use that for modifying behavior you can use that for tracing APIs identifying when the specific function is called with some arguments and then execute some code inside the remote process. Most people use JavaScript for doing this but you can also use C with libGAM or whatever
17:41
and we basically use that for GAM instrumentation on iOS and Android applications. So you can use R2 Frida to have like a R2 interface for interfacing with Frida which means that you don't need to type long JavaScript one liners you can also use R2 comments which are pretty mnemonic and easy to type if you know them.
18:01
And there is also support for external assemblers like Nu gas or the Unicorn library which is kind of like a stripping code from LLVM and there is also problem solvers like Radios, SLsolve or Anger that are plugins that basically you define some constraints
18:20
and you have like a function and you define okay I want to know which are the arguments that I need to pass to this function to reach these specific others. Like you want to know for example if it's possible to create like a buffer overflow in a specific variable in a local stack or you want to know which is the password that matches a specific crypto algorithm so you can use that to define
18:41
okay I want to know which is the block of bytes of one specific length that generates this hash for example, things like that. And this won't be brute forcing it's like using problem solvers like Z3 and so on so there is like different plugins that are integrated in R2 to use from R2 comments and then you can define the preconditions, postconditions
19:01
and the boundaries of the function to emulate. Then there is also support for parsing data structure there is support for KITI, there is support for POKE this was integrated last week because I didn't know it was possible to have like a library of POKE I was seeing it as a program, not a library. So it's integrated but it's not fully integrated
19:21
so I plan to continue integrating it to use like for disassembling, for parsing headers, etc. So what can you do with R2 Frida? R2 Frida is basically as I said before, a front-end for Frida you can run scripts in your host, in your Asian site
19:41
so you can write a JavaScript program that runs in R2 but it can be also loaded in the remote site and you can load and unload plugins so you can basically extend the R2 Frida comment set with JavaScript plugins that are loaded and unloaded at runtime. It's also scriptable with R2 pipe so you can write a program in Python, JavaScript or the language you like
20:01
that interacts and automates comments and actions in the host site or the remote site of the Frida site. So you can spawn applications, you can attach to local or remote processes you can use different protocol or communication channels like USB, TCP, etc. and you can remote mount the file systems and you can use that for interfacing with tracing, APIs, profiling
20:26
and also supports extracting metadata from Java, Dalvik, Objective-C and Swift support will be ready by the end of this year because right now it's supported but it's kind of unstable and the API is changing, so yeah sort of life will get better.
20:42
Okay, so let's talk about R2 pipe. Since the release, well the first release that they did this year was the 5.8.0, I plan to keep ABI stable actually I use ABDIF in the CI so I recommend or pull records that people send to the project they verify that it's ABI stable
21:00
this means that I'm not breaking the ABI you can rebuild or update R2 without recompiling all the plugins all the tools that are using R2 libraries this is pretty cool I was having some kind of contract with myself that I don't break ABI but this is something that you end up doing reviewing code by hand and having a tool that can automate this is great
21:25
but I wanted to have a runtime something that you can run from R2, like interpreter that is not a custom language or an external library that needs to be integrated and it's really big so I was experimenting for some time with different languages
21:43
I ended up realizing that QuickJS is the only option Lua is using setjump so you cannot compile with Lua as a WebAssembly plugin also if you want to use setjump with threads it's kind of a mess so I ended up picking QuickJS which is the same JavaScript runtime that Frida is using
22:00
I picked the code from there and as long as every commit in R2 is verifying with fuzzers other sanitizers and so on I ended up finding a lot of issues there I sent like 12 patches to the project so it's basically the fork that is used by Frida so all these patches are upstream now and the idea is basically that you can use TypeScript and JavaScript from R2
22:24
and you can write code like this so you basically have an R2 pipe interface but it's running inside R2 you can use this from WebAssembly so you can basically open radare2.online and then you have a terminal that you can run R2 drag and drop a binary inside the browser
22:41
and use JavaScript to automate a bunch of actions for analyzing the binary and basically as I said before you have a command that you run and then you get the output of the command in exchange as long as both of the commands in R2 spit out JSON you can basically use the CMDJ
23:01
which basically gets the output of the command and parses the output as JSON and then you get a structured data that you can use for extracting it or processing it with the tools you like I think that JavaScript and JSON are quite standard and useful nowadays so you don't need to learn new things but there is support for so many other languages
23:22
like I said here, there is Python support Rust, Node.js, Rabi, Guile, Nublisp, Haskell, D-lang, Swift, etc. so it's very easy to write this simple interface and you can use basically different interfaces to communicate with R2 so you can use like a fork and a pipe or you can also use like a TCP socket
23:41
or an HTTP interface, web sockets, whatever you like and for the TypeScript thing it's pretty cool because I'm writing like a types description that basically defines the APIs of R2 and also the structures that the commands are returning in JSON format this means that you can get the JSON of a command
24:01
and then you can generate a schema out of that and this schema can be used like a types so if you use a TypeScript LISP server like the language service that autocompletes all the code you can basically use that for using TAP to autocomplete all the code so for example you can analyze function
24:21
you press p.i and then you get all the function names you can get all the basic blocks for each basic block you can use TAP to get all the fields of this basic block like the address, the amount of instructions, etc. and for each instruction you can get the mnemonics, etc. and everything runs, I mean you can use like
24:41
Visual Studio Code or NLP or whatever you like or MX, I guess, that's also Supercellsp and use that for automating and scripting using these languages so R2 is able to visualize data and code in so many different ways so all this, I mean I can press E so you can get the source code of the slides
25:09
so you can see here, this is the content of the slide so it's running a bunch of commands in R2 and the output is generated inside the Visual mode that you saw before
25:22
so you can generate graphs, you can, from the control flow graph you can also generate like a vertical horizontal line graph like frame things, you can disassemble, you can render pictures in bit formats, in RGB format you can also generate like a different, like comparing data
25:41
and identifying which bytes are changing by changing colors you can define like a color for a specific bunch of addresses so when you are disassembling you can mark some regions like hot code or this is like a portion of code that you're interested in and then you get headlights for one specific register so you want to highlight SP and then you get SP highlighted in the whole disassembly
26:04
things like that but also there is also UIs but I'm like command line guy so I prefer to use the shell but there is like a Qt interface but also I started to write like a new graphical interface using WX widgets because, I mean, Qt is great because it's big and it solves so many things
26:25
but I don't like the license, it's so huge it's getting like really huge and it's not handy for the kind of things that I like to do so when I'm developing I like to have fun and I don't want to be suffering because of license
26:40
or companies that are developing things in the background so I wrote so many UIs for it too like in GTK, in using Imblip also other HTML, CSS for the web UI to have like a web server inside so at the end I want to have fun and I don't want to spend time like learning new APIs and so on
27:05
so I'm writing like a WX API I use interface and the idea for this is to not follow the same flow interaction flows that people use so I want to have like a command line interface but integrated in the UI
27:21
so I want to be able to have multiple windows using multiple sessions or drag and drop things from one window to another one instead of having like a big thing with panels and the common interaction ways so what's the future? so there is short and long term plans it all depends on my time
27:41
because most of the things I maintain are done by me there is a lot of contributors but they come and live so there is not really a core developer team or there is no really big plans for having like big organizations and so on but the thing is that I want to be able to keep pushing like stable releases
28:01
I want to have like ABA stability mainly because there is some people or companies or users that are writing tools on top of this and I don't want them to rewrite things every time that I make a release or break without updating this I want to have like a CRATE so which is a rushed API that you can basically specify the version of R2 that you want to ship
28:21
and then this CRATE will build R2 inside with a specific version then you can use your R2 statically linked inside your program so you don't need to depend on system installations or depend on other things like that I want to basically reduce the tech depth because as long as I'm alone doing most of the things I don't want to depend on humans
28:40
so I want to reduce the amount of things that are done manually so for example a friend of me wrote the Flatpak integration so there is like a bot that basically detects when there is like a new release in R2 or Yaito and when this happens it's basically pulling the code from all the projects generating a changelog, generating a new build and publishing that automatically
29:02
and you basically get like a graphical interface for Linux and Windows for free I want to improve the code coverage and all the testing for fuzzing there is like a lot of things that you can see and if you have questions
29:22
please let me know after the talk with some beers I guess that everyone is hungry