TOC
0.0 - Generality on radare2 framework 1.1 - Utility toolsuit 2.1 - Radare2 - Generalities 2.2 - Radare2 - Printing 2.3 - Radare2 - Info Commands 2.4 - Radare2 - Search 2.5 - Analysis 2.6 - Visual Mode(s) 2.7 - Student Practices - IOLI Set - Questions/Answers
1.1 Windows malware example 1.2 Linux malware example
2.1. General MIPS router firmware unpacking (15 minutes) Showing low-hanging vulnerabilities in a classic SOHO router.
2.2 General ARM firmware analysis - bootloaders and android executables (15 minutes)
- Texas Instruments bootrom analysis
- Qualcomm TrustZone analysis
- One of Android executables
2.3 HDD firmware analysis (15 minutes)
- Seagate firmware unpacking and disassembling
1.1 gdb (10 minutes) Since the current native debugger is not perfect (it will be the focus for the next release), Radare2 can use gdb as a backend to debug processes.
1.2 native (10 minutes) We'll show basic on-host debugging case, when you are brave enough to debug executable (or even malware) directly on your machine. Also:
- rarun2 - setup execution environment for a program (chroot, parameters, env, etc.)
- remote r2 debugging r2 -c=h && r2 -C https://.../cmd/
1.3 WinDbg and PDB (10 minutes) Essential part for the windows debuggind is loading PDB files, especially for Windows drivers.
2.1 qemu (10 minutes) Using embedded gdbserver to debug x86 bootloader/bios/uefi, and arm bootloader (see Part II, 2.2 section)
Basic scripting, pipelining radare2 commands, without any external plugins. Using python plugins, high-level analysis using python bindings
Using r2pipe for scripting with python, javascript.
Using 'classic' and 'ctypes' python bindings for the radare2 library
ESIL is an Evaluateable String Intermediate Language
ESIL syntax, opcodes, sources of the ESIL analysis
Using ESIL for the emulation, without qemu/bochs/vbox needed
To be able to use already existing tools based on REIL
THE END