HITB LAB: Overcoming Fear: Reversing with Radare2

The well-known free and open source reverse engineering framework radare2 is becoming more popular among the computer security community with a large variety of people using it to deal with all kinds of different situations: from hobbyist CTF players to professional low-level reversers and malware analysts. Despite that, we notice that there is still a lot of fear, uncertainty and doubt around its capabilities and usage, which, in our honest opinion, is unjustified and not well-founded.

In this talk we will focus on explaining how easy is to actually start working with radare2 to accomplish meaningful results as well as demystifying it, with the aim of helping users and professionals to get comfortable with radare2 and get the maximum of it with no sweat.

The didactic approach of the talk will be eminently practical with examples and demos complementing each section being discussed. The contents of the presentation and the general outline will be as follows:

1. Overview of the radare2 framework: Tools included and capabilities
2. Basic commands and interaction with radare2
3. Visual modes and navigation
4. Configuration and customization
5. Code emulation with ESIL: architecture abstraction and applications
6. Extensibility and scripting: r2pm package manager, native bindings and r2pipe
7. Common use cases: static reversing, exploiting, & debugging
8. Extras: Cutter, r2frida etc
9. Conclusions
10. Documentation, resources and support

There are no specific knowledge requirements for attendees, although the following is desired:

• Basic understanding of computer organization and operating systems.
• Basic understanding of x86/x64 ASM and C language is desired.

Please bring a laptop running a GNU/Linux distribution (natively or on a VM) with the following installed:

• Latest version of radare2
• Latest version of Cutter
• Latest version of r2frida
• Latest version of r2pipe (for python)