radare2 Guide: Reverse Engineering Basics

x32x01
  • by x32x01 ||
If you’re serious about reverse engineering, then learning radare2 (r2) is a game changer.
This isn’t a beginner-friendly, click-and-analyze tool.
👉 It’s a powerful command-line framework used by professionals who want full control over binary analysis.
In this guide, you’ll understand how radare2 really works, how to use it effectively, and why it’s considered one of the most advanced tools in cybersecurity 🔐

Core Philosophy of radare2​

radare2 follows a very different approach compared to GUI tools.
Here’s how it thinks:
  • Everything is a command
  • Everything exists in a virtual address space
  • Analysis depth is controlled manually
  • Modular and fully scriptable
👉 Unlike automated tools, r2 doesn’t guess - you tell it exactly what to do.


Internal Architecture: How radare2 Works​

radare2 isn’t just one tool - it’s a complete framework.

Key Components​

  • r2 → Main command-line interface
  • r_bin → Handles binary formats (ELF, PE, Mach-O)
  • r_anal → Core analysis engine
  • r_debug → Debugging backend
  • r_asm → Assembler / Disassembler
  • r_core → Coordinates everything
👉 This modular design allows you to:
  • Analyze malware
  • Reverse firmware
  • Debug live processes
  • Patch binaries


Understanding the Interface​

To start analyzing a binary: r2 ./target
You’ll enter a command-driven shell.

Core Commands You Must Know​

  • s → Seek (move inside memory)
  • p → Print data
  • a → Analyze
  • i → Info
  • d → Debug
👉 Commands are short and cryptic - but extremely powerful.


Analysis Levels (Critical Concept)​

This is where most beginners fail.

❌ Wrong Way:​

Running random commands and expecting results.

✅ Right Way:​

Use proper analysis depth:
Code: 
aa     # basic analysis
aaa    # deeper analysis
aaaa   # aggressive (slow but detailed)

What Happens Internally​

  • Functions get identified
  • Symbols are resolved
  • Call graphs are generated
  • Cross-references are tracked
👉 The deeper the analysis, the more insight you get.


Function Analysis in Practice​

List all functions:​

Code: 
afl

Analyze a specific function:​

Code: 
af @ main

View disassembly:​

Code: 
pdf @ main

Visual graph mode:​

Code: 
VV
👉 Graph view helps you:
  • Understand program flow
  • Identify conditions and branches
  • Reverse logic faster


Memory & Registers Control​

radare2 gives you low-level control over execution.

View registers:​

Code: 
dr

Inspect stack:​

Code: 
px @ rsp

Read memory:​

Code: 
px 64 @ 0x00400000
👉 This is where real exploitation begins.


Debugging with radare2​

Start debugging:
Code: 
r2 -d ./program

Basic Debug Workflow​

Code: 
db main     # set breakpoint
dc          # continue execution
dr          # inspect registers
ds          # step instruction
👉 You can:
  • Trace execution step-by-step
  • Bypass protections
  • Analyze runtime behavior


Binary Patching​

radare2 allows live binary modification.

Example:​

Code: 
s 0x00400510
wa nop
👉 This can:
  • Bypass license checks
  • Disable conditions
  • Modify logic
⚠️ Always use this ethically and legally.


Advanced Capabilities​

Automation with r2pipe​

You can script radare2 using:
  • Python
  • JavaScript
👉 Automate repetitive reversing tasks.

ESIL (Emulation Engine)​

radare2 can emulate instructions without executing the binary.
👉 Useful for:
  • Safe analysis
  • Understanding behavior without risk

Malware Analysis​

  • Analyze packed binaries
  • Detect obfuscation techniques
  • Study malicious behavior

Firmware Reversing​

  • Analyze IoT devices
  • Extract embedded logic
  • Inspect low-level operations


radare2 vs Other Tools​

ToolStrengthWeakness
radare2Powerful CLI + scriptingSteep learning curve
GhidraBeginner-friendly GUISlower analysis
IDA ProIndustry standardExpensive
👉 Professionals often use all three together.


Reality Check​

Let’s be honest: 👉 You won’t master radare2 in a day.
To really use it effectively, you need:
  • Solid understanding of C programming
  • Knowledge of assembly (x86/x64)
  • Practice with CTFs and crackmes


Learning Roadmap​

Beginner​

  • Learn: aaa, afl, pdf
  • Understand basic assembly
  • Solve simple crackmes

Intermediate​

  • Use debugger (r2 -d)
  • Work with stack & registers
  • Patch binaries

Advanced​

  • Use ESIL
  • Automate with r2pipe
  • Analyze malware


Final Insight​

radare2 isn’t just a tool… 👉 It’s a mindset shift.
You stop trusting source code…
And start understanding how software behaves at the machine level.
 
Related Threads
x32x01
Reverse Shell Guide: Tools, Examples & Defense
  • x32x01
Replies
0
Views
2K
x32x01
x32x01
Register & Login Faster
Forgot your password?
Latest Posts
Latest Resources
Forum Statistics
Threads
808
Messages
814
Members
74
Latest Member
logic_mode
Back
Top