radare2
install
git clone https://github.com/radare/radare2.git
cd radare2/
./sys/install.sh
menjalankan program
r2 (elf)
r2 -d (elf)
radare2 (elf)
beberapa instruksi :
- analisis blablabla :
aaa
- seek to main :
s sys.main
- print disassambly :
pdf
- break :
db break_point
- run/continue :
dc
- visual :
VV
- step into :
s
- next into :
caps + s
- info register :
dr
mengubah nilai : (misal ke memori 0x000)
dr rip=0x000
rename var-name :
afvn prev_name name
Praktik
source code didapat dari https://exploit.education/protostar/
ada banyak contoh, tinggal copas
Stack Zero
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
int main(int argc, char **argv)
{
volatile int modified;
char buffer[64];
modified = 0;
gets(buffer);
if(modified != 0) {
printf("you have changed the 'modified' variable\n");
} else {
printf("Try again?\n");
}
}
gcc stack-zero.c -o stack-zero
radare2 ./stack-zero
Dibawah ini adalah cheat sheet, dibilang urut jg tidak, tp dibilang berantakan jg tidak
V
V
V
q
p
p
P
p
P
`shift+:`
analyse :
aaa
afl
afll
seek to the main func :
s main
`enter`
u
?
xref
axt -> where is it being called
axf
ax?
enter : step into u : undo
ii
iE
iS
is
iz -> string
izz
...
menarik
https://radare.gitbooks.io/radare2book/content/
user interface mode :
r2 -c=H <file_elf>