RSoC 2015

It seems that our rejection from the GSoC is becoming a tradition: along with Mozilla, Tor, The Linux Foundation, and OWASP, we weren't accepted. But fear not, like last year, we're going to do our very own Radare Summer of Code: welcome to the RSoC'15!

Last year was our first time. Some things went wrong, others went well; but at the end r2 gained both shiny features and happy new contributorsa and those are the only things that really matter. This year, we'll try to improve our weak points, to make it ever more awesome for students, mentors, and users!

Of course, if would have been great to be accepted by Google. Their program has more visibility, more money, and a larger student pool.

However, this situation also has advantages: we accept everyone, not only students, we don't have country-based restrictions, and we don't have strict deadlines: if you want to work a bit less, or a bit more, this is not an issue; we're flexible on everything.


So, stay tuned, you'll hear about our RSoC soon, we promise!

Google Summer of Code 2015

We have applied to be a mentoring organization for this year’s Google Summer of Code.

Google Summer of Code logo

We recognize that GSoC is always a fierce competition, but we are, as ever, hopeful that we will join many other fine organizations in a great summer of hacking. If you are a student interested in applying, please head over to our ideas page and begin thinking about what you might like to hack on. Furthermore, we have several low-hanging fruits if you want to play a bit with the codebase.

We already applied last year, but were rejected; maybe we'll make it this year. And if we don't, we'll do a RSoC again!

Interactive ASCII graphs

The graph feature of IDA, ImmunityDBG or Hopper are great to have a quick overview of what you're dealing with. This is why we have graphs too in radare2, but since we're terminal-lovers, ours are cooler in ASCII!

After analyzing a function with af or any other method, type VV to get:
functions graphs

We've got call graphs, which are way more understandable than simply listing the XREF adresses. To see it, simply press V when you're in graph mode.
call graphs

Unfortunately, the classic 80x24 terminal size is not that convenient when it comes to having an overview of a big function. This is why we also have VVn, to show a mini-graph.

On the left, you can see the code of the current node (The one with @@ on it. You can switch nodes with <tab>). The t branche stands for true and f for false.

mini graphs

Every graph is interactive: you can move their nodes around, walk them (t,f,u), show bytes/flags (O), debug within them (z/Z), jump around xrefs (x/X), …

To scroll the RConsCanvas use the asdw keys. The hjkl ones are used for moving the nodes around. Also bear in mind that ASDW and HJKL will do the same as the lowercase ones, but faster!

And of course, it's documented, with ?
graphs documentation

If you think that we're missing your favourite type of graph, feel free to come rant about this on irc ;)

There's also three different graphs implementations in the WebUI, which works fine with touchscreens, but its still not perfect, you can check the default one by pressing space in the disasm view of r2 -c=H /bin/ls

Ho, and speaking of graph, tracing information from the debugger or the esil emulation is now displayed in the web interface!
tracing in web interface

Future plans for graphs are:

  • Better layout (no more overlapping nodes)
  • Support Colors
  • Support UTF-8
  • Group nodes
  • Add comments in nodes
  • Save/Restore graph states (wip in the webui)
  • Print graph to file
  • Generic API and commandline tool to create graphs like dot does.
  • Better WebUI graphs

If you want to do any of those things feel free to checkout the code libr/core/graph.c.