I would like to greet all people hacking on radare this past sunday.
Lot of work has been done to stabilize r1 for the inminent release
(1.3), thanks
to elektranox for the huge testing and their build fixups for packaging
radare
on x86-32, x86-64 and ARM.
For ARM I has added some little work to make the code analysis follow
the stack
frame size and detect local frame variables plus some auto-xrefs while
following
inner-code data pointers referenced by the PC register which is pretty
common in
ARM programs. Here's a shot of the analysis of a simple crackme without the
stackframe analysis (i did the shot before pushing the SF fix :P)
http://radare.org/img/r13arm.png
There's a new toy widget for ragui to graphically assemble shellcodes
which is
a PoC, but will be enhaced soon and you'll be able to fetch blobs from:
http://radare.org/ragui/get
here's a shot:
http://radare.org/img/grasm.png
About portability I fixed some minor issues to enable and fix some minor
stuff
for netbsd, powerpc-linux and mips-linux (thanks graz for the linux-ppc
shell).
The r1.3 release is going to be the most stable release :) We managed to
backport
some stuff from r2 to r1 (just for bugfixing and minor useful features):
- multiopcode assembler can be done with the 'wa' command. (wa nop;mov
eax,33;jmp 0x8048000)
- # command has been renamed to 'h' to fix .. hmd5, hcrc32, etc..
- comments are now done with '#' (lines starting with ';' are also
ignored atm)
- we use the ';' to split opcodes or multiple parameters to radare
commands.
- Backported PE64 and fixes for ELF32/64 in rabin (Thanks nibble!)
- asm.xrefsto has been added to display/hide the destination of an xref)
- Fixed the arm disassembly and some fixups for static code analysis
(vaddr, paddr, ...)
- ARM code analysis is now much faster than before (problems with
function boundaries fixed)
Another guy started writing standalone plugins for r2 to support an own
virtualmachine code that runs on smartcards, and we managed to teach it
to properly implement all those plugins.
From the r2 side we also fixed lot of issues and the debugger is
actually only working
on x86-32 and x86-64, porting to other architectures shouldn't be hard,
but I prefer
to stand on these two native architectures until we reach 0.4 to avoid
rewriting so
many things at analysis level. You can use the --without-debugger
configure flag to
build radare2 on non-intel archs.
rasm2 currently supports labels and multi opcodes in a single line, so
you can use it to
write your own shellcodes or assembly snippets to inject them where you
like to.
There's also some offline work on rahash2 by graz, and we will get an
initial working version
ready for the 0.2 release.
This week we will continue working on r1 and r2, and the release of both
will be done before
the end of the week. We need them to give a talk on saturday ;)
Hopefully the debian
packages will be pushed soon and we will get lot of feedback for their
farm build systems,
warnfixing and usage testing.
Thanks to everybody who made the hackaton possible!
Next one will be even funnier ;) and hopefully with more screenshots
--pancake
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
