R0 CREW

Tips & Hacks

Topic for short tips

Changing numeric base of immediate in r2 -> mov eax, 0x41414141 -> ahi 2 -> mov eax, ‘AAAA’ -> ahi 10 -> mov eax, 1094795585 (@Maijin212)

Want to profit from r2 on OS windows ? Stop using cmd.exe and embrace @conemumaximus5: http://conemu.github.io (@Maijin212)

P.S. I use FAR Manager a very long time but didn’t know about conemu. And it’s a really good thing! :slight_smile:

“s function_name” (after “aa” or “aaa”) then “V” then “p” or “Vp” and “x” (after only V) you see there are number of xrefs displayed, you can type on the number corresponding on keyboard to get to the xref (@Maijin212 & my additions)

https://radare.gitbooks.io/radare2book/content/visual_mode/visual_disassembly.html

Find string with shellcode like a “\x90\x90…” and disassembly it:

curl -s http://pastebin.com/raw/T2zjAdZ5 | grep '"\\x' | tr -d '\\x' | tr -d '[" \r\n]' | rasm2 -d -

use rabin2 -D to detangle symbol names for java, c++, swift