Everyone knows IDA and Ollydbg, but not everyone has 2700€ to spend on a software, nor wants to trust/use closed-source applications.
But who uses radare2 as a replacement ?
Some reverse-engineering/security-oriented projects are using radare2, thanks to its convenient license (GPL/LGPL).
- some coreboot developers are using radare2, since it supports not only x86 but also 8051, H8, CR16, ARM, used as embedded controllers.
- Droid Developers / MILEDROPEDIA using radare2 for the reversing baseband DSP firmware/RTOS (TMS320C55x+ architecture, unsupported in IDA Pro).
- radare2 is included in Kali, ArchAssault and the Remnux Linux distributions.
- The malware must die team is using radare2.
Since radare2 has some useful features for the exploit hunter/developer, it was expected to be found here.
IT security companies and researchers
Since radare2 is open and scriptable, it is slowly being adopted as a malware reversing and classification tool.
- Alien Vault is using radare2 and they even did a workshop about it at Blackhat!
- Bloomcraft is mentioning it on their career page.
- Craig Heffner from Tactical Network Solution mentionned it during its Blackhat talk.
- nitr0usmx from IOActive wrote a binary diffing article about radiff2 and they discuss radare2 during their Blackhat 2012 talk.
- Pau Oliva from viaForensics wrote an article about how to hack MAME with radare2.
- Maijin from FireEye.
- Futex from Malware.lu wrote an article about usage of radare2 for malware in French ITSec magazine “MISC”.
A lot of talks about radare2 were given in various places: rootedcon, lacon, blackhat, phdays, nopcon, owasp, ncn, campus party, summercamp, fiberparty, …
You can get slides here.
Capture the flag is a competition that is composed of a number of security-related challenges like exploitation and reverse engineering. If you’re dealing with convoluted and exotic binaries, radare2 is the right tool for you!
- The Dragon Sector, one of the best ctf teams in the world.
- The LSE
- The Sexy Pandas
Feel free to tell us if you are using radare2 and want to be listed on this page.