Welcome to Day 14 of the Advent of Radare!
Today, we shift our focus from analyzing specific binaries to customizing Radare2 itself.
After all these days learning its features applied to practical usecases, we’ll now learn how to tailor the environment to perfectly match your individual workflow and preferences.
Radare2 comes with a well-considered default configuration, and we probably won’t need to change it, but this session is all about refining these settings to improve your comfort. As we explore the various configuration options, we might discover some interesting features that could enhance our reverse engineering workflow!
The configuration system in Radare2 is quite flexible and allows users to customize nearly every aspect of the tool, from visual appearances to analysis behaviors. You can modify these settings either temporarily for your current session or permanently by saving them to your configuration file. Whether you’re a beginner or an experienced user, understanding how to configure Radare2 to match your preferences can significantly improve your productivity and make the tool more enjoyable to use.
We’ll examine how to change settings that impact your daily use (Yes, I expect you to use r2 every day for everything):
NOTE If you find a default setting that is consistently inaccurate or counter-intuitive, that should be shared with the community to improve the overall Radare2 experience for everyone, please report or comment them!
So, let’s dive into optimizing your Radare2 setup and make it truly your own reverse engineering toolkit!
The primary method for persistent configuration in radare2 is through
configuration files, specifically the ~/.radare2rc file in
the user’s home directory .radare2rc. This file contain a
series of radare2 commands that are automatically executed at startup.
The global ~/.radare2rc file applies to all radare2
sessions.
We can have file and project-specific scripts by just having a file
ending with .r2 in the same directory of the binary:
$ echo 'echo hello world' > ls.r2
$ cp -f /bin/ls .
$ r2 ls
hello world
[0x00000000]>The configuration can be viewed and modified using the e
command family, where e lists all variables,
e <var> shows a specific variable’s value, and
e <var>=<value> sets a new value. For example,
e asm.syntax=att would set the assembly syntax to AT&T
style.
The e variables can be defined at startup time from the
commandline using the -e flag. But those can be also
changed at runtime or in visual mode using the visual eval editor
(Ve command).
This flexible approach let’s you configure anything at any time from the shell or even from scripts. But be careful running code from untrusted sources! Configuration files are actually scripts that are executed.
The most comprehensive method is using the e command
within radare2 or in configuration files. Common configurations include
e asm.bytes=false to hide byte display,
e asm.comments=false to disable automatic comments, and
e scr.color=1 to enable colored output.
Users can explore available options using e? for help,
and e?? for a detailed list of all variables. But in short
this is how it works:
e # list all variables
e <var> # show value
e <var>. # list all variables starting with <var>
e <var>=val # set value
e?? # detailed variables listYou don’t need to open a separate terminal and find that file in your
home, creating it if it’s not there, radare2 can do all this for you!
Actually, radare2 even have a text editor implemented inside, so you
don’t even need vim. But let’s assume you have one in your system, and
if not, you can choose it by changing the cfg.editor eval
variable.
Then try these two commands:
edit open cfg.editor to edit your
configuration fileed+ to hardcode options in the radare2rc in
non-interactive modeed* display contents of the ~/radare2rc fileSee r2 -H to find out (or override the environment
variable) the path to the rc file is.
Additionally we can just use . (dot include),
-i command or commandline flag to include an external
script at any time.
Note that other projects like r2frida also have their own rc files.
Do you wanna have clippy remembering how late it is right now? Try adding this line in your r2rc:
$ cat ~/.radare2rc
?E `date`Or maybe you want to have some seven-segmented ascii art text, use
the ?ea command.
[0x00000000]> ?ea PWNRLZ
__ __ __
|__|| ||\ ||__|| /
| |/\|| \|| \ |__ /_
[0x00000000]>Or even run cat /etc/motd if we like
By default, radare2 will show you the fortune messages, sometimes they are useful, sometimes they are just fun, and in the past they were also a little harsh. But they are there and you can disable them by changing this option if you don’t like them:
e cfg.fortunes = falseAbusing the hud operator with the eval help messages we can easily inspect them all with the following command:
[0x00000000]> e??~..In visual mode, all the function keys F## of your keyboard can run a command; which can be an r2 oneliner, or anything else that can be executed inside radare2, like, for example a javascript file or even a system program.
These keys can be configured by changing the following eval variables and are only accessed when in Visual mode.
[0x00000000]> e key.<TAB>
key.S key.f1 key.f10 key.f11 key.f12 key.f2 key.f3 key.f4
key.f5 key.f6 key.f7 key.f8 key.f9 key.s
[0x00000000]>As you can see it’s also possible to override the command that will
be executed when pressing s or S, aka, the
default step-in and step-over keys.
There are many options that can change the way r2 looks, the disassembly the hexdumps, the colors and layouts. These are the most used ones you may want to look at.
e scr.highlight highlight some words (Same as
V/)e scr.color=3 enable truecolore scr.utf8=true use utf8 chars for the arte scr.demo=true - add some nice effectse scr.wheel=true - mouse wheel enabled for
scrollinge scr.wheel.speed=8 - make wheel scrolling faster
(default is 4)The prompt pcan be also tweaked in different ways to improve the tab autocompletion, include the flag or section name instead of the offset, use VI mode for the input, etc
[0x00000000]> e??scr.prompt.
scr.prompt.code: show last command return code in the prompt
scr.prompt.file: show user prompt file (used by r2 -q)
scr.prompt.flag: show flag name in the prompt
scr.prompt.mode: set prompt color based on vi mode
scr.prompt.popup: show widget dropdown for autocomplete
scr.prompt.prj: show currently used project in prompt
scr.prompt.sect: show section name in the prompt
scr.prompt.tabhelp: show command help when pressing the TAB key
scr.prompt.vi: use vi mode for input prompt
[0x00000000]>Radare2 provides extensive customization options for formatting both tables and JSON output. For JSON serialization, you can configure numeric values to be rendered as strings, which circumvents the inherent limitations of 31-bit or 63-bit numeric parsing constraints. The framework offers comparable configuration options for string formatting as well.
[0x00000000]> e cfg.json.
cfg.json.num = none
cfg.json.str = none
[0x00000000]> e cfg.json.num=?
none
string
hex
[0x00000000]> e cfg.json.str=?
none
base64
strip
hex
array
[0x00000000]>The RTable API, which is used for all the comma-suffixed commands that display listings using tables, so we can choose which is the default format we like for those tables:
[0x00000000]> e cfg.table.format =?
simple
fancy
html
json
csv
tsv
sql
r2
[0x00000000]> e??cfg.table.
cfg.table.format: Change the default output format for tables
cfg.table.maxcol: Define maximum column width in tables
cfg.table.wrap: Wrap text to not exceed maxcol
[0x00000000]>Try with the fancy output, note that setting this variable will be
the same as using the :fancy modifier in the comma
commands. The other options give us the ability to restrict the width in
characters of the size of each column, improving the rendering on small
terminals or just to avoid alignment problems when some fields take too
much horizontal space.
There are several color themes in radare2, they are precompiled as C
headers and distributed as plain r2 scripts in the filesystem, you can
modify them and create your own ones saving them in your home and
loading them at startup time from the .radare2rc
script.
All this is done with the eco command:
[0x00000000]> eco~?
34
[0x00000000]> eco
ayu
basic
behelit
blood
bluy
bobcrawl
bold
bright
cga
chrome
...These scripts just use the ec command which sets the
foreground and background color for a specific class of data.
ec call red custom detailsYou can visualize them by using the ec command with no
arguments:
[0x00000000]> ec
<font color="red">##</a> comment
<font color="green">##</a> usrcmt
<font color="green">##</a> args
<font color="yellow">##</a> fname
<font color="yellow">##</a> floc
<font color="white">##</a> fline
<font color="green">##</a> flag
..You can also rotate between all the color themes in visual mode by
pressing the R key. And actually there’s even a visual
theme editor using the VE command.
As expected, all the color theme can be saved and restored as a
radare2 script by just using the * subcommand.
ec* > mytheme.r2 # save it
. mytheme.r2 # load itOne of the aspects of radare2 is more configurable is the disassembly listing, you can change from column widths, the amount of information you want to visualize, its colors, layout and more! take a look at all the asm. variables to find out what makes you more comfortable!
These are the most relevant:
e asm.bytes=false - Hide instruction bytese asm.comments=true - Show commentse asm.lines=false - Hide function linese emu.str=true - show strings referenced from computed
emulatione asm.syntax=att - use AT&T syntax by defaulte asm.cmt.esil=true - show esil expressions next to the
disasme asm.describe=true - explain what each instruction is
doing in a commentI won’t be pasting the complete list in here because there are so
many, but you may want to use e??asm~.. to inspect them
easily.
[0x00000000]> e??asm.~?
139
[0x00000000]>There are so many other options that may help you get better results depending on your target, these are usually not good to be in the radare2rc because different kind of targets may result on wrong behaviours or inconsistent results, but it’s good to know them and maybe create a conditional configuration to run them depending on the target file you are analysing.
Binary settings:
e bin.strings=false # e anal.strings=true (load strings from analysis instead of disasm)
e bin.dbginfo=false # dont load dwarf information, for performance reasons usually
e bin.demangle=false # do not demangle symbo namesAnalysis settings:
e anal.hasnext=true # assume there's a function after
e anal.a2f=true # use alternative function analysis loop
e anal.depth=50 # dont go much deepSearch settings:
e search.in=? # specify where to search for stuff
e search.align=4 # assume stuff is always aligned to 4 bytes
e search.overlap=false # dont take overlapping hits as valid
e search.prefix=foo # use 'foo' instead of 'hit' in the flagsSometimes we want to run some commands depending on some
configuration options, for example in this case we want to use
arm.v35 instead of arm when loading an ARM
binary:
[0x00000000]> -a
arm
[0x00000000]> ?== arm `-a`;?! -a arm.v35
[0x00000000]> -a
arm.v35Which is the same as the script below:
[0x00000000]> e asm.arch
arm
[0x00000000]> ?== arm `e asm.arch`;?! ?e its arm
its armYou can create custom commands that run r2 oneliners with the
$ command. That’s a common approach for having your own
oneliners easily accessible.
$ # list all aliases
$x=x 32 # the 'x' alias runs 'x 32'
$x # execute the '$x' alias.Today’s challenge is about writing our own radare2rc script. Run
ed to launch your cfg.editor to tweak it for
your own taste!
I would encourage you to test every single color theme by pressing
the R key in visual mode (V) and tweak them in
case you find any graphical inconsistency, additionally you can also
create your own color theme and share it with everyone!
Now that you have properly set up radare2 on your system, you’ll likely feel more confident and be able to solve upcoming challenges more efficiently!
Feel free to read more on the topic in the r2book.
Stay tuned for tomorrow - exciting content is coming!