radare2 is one of the most famous RE frameworks out there. That said, it has some great features, and Easter-eggs that very few people know in details. This is going to be a thread – fasten your seatbelts and get ready for a journey into the less-known features of @radareorg! >> 
First things first, some history. The radare2 project was created by @trufae in February of 2006 to provide a free and simple command-line hexadecimal editor. Starting from a one-man-show, radare2 nowadays gathered a huge community and a substantial number of contributors >>
Since last year, @radareorg has an official GUI and it is awesome! Cutter (@r2gui) is the official cross-platform GUI of radare2 which aims to export radare2’s plenty of functionality into a user-friendly and modern GUI. Make sure to try it! github.com/radareorg/cutt… >>
Who said that CLI can’t be awesome as well? Visual Panels mode is one of the most useful visual modes of radare2. It provides a great way to view multiple panels on the same screen. It was recently improved by @Vane11ope to be even better! Try it for yourself with `V!` >>
Only a few users know that the famous game "2048" is included in radare2! In the past, it used to be hidden inside an undocumented key in Visual Mode. Now it is available in the Visual Panels Mode “help” menu. FUN! >>
Using `aaa` by default, as most of us are used to, is a heavy action and not recommended or needed in most of the cases. r2 has a lot of analysis commands like `aab`, `aav` and more. Take a look at `a?` and `aa?`.
Using `aaaaaaa` will reveal another Easter-egg 😉 >>
Using `aaaaaaa` will reveal another Easter-egg 😉 >>
Talking about analysis, you can fit it to your needs by configuring different analysis variables in r2 which are available under the rather suspicious configuration category named “anal”.
Check `e? anal` and my linked answer for more information: reverseengineering.stackexchange.com/questions/1611… >>
Check `e? anal` and my linked answer for more information: reverseengineering.stackexchange.com/questions/1611… >>
@radareorg has a package manager of its own. With r2pm you can easily install or discover plugins and utilities for radare2. Plugins including decompilers, disassemblers, and some of your favorite frameworks @fridadotre, @yararules, @RetDec, @keystone_engine, @unicorn_engine >>
radare2 even has its own Clippy who is much cooler than Microsoft’s. Just use `?E` to make it speak >>
Another easter-egg that was implemented in the last winter is the snow-mode in visual modes. While on visual mode, press “(“ to reveal the magic >>
radare2 supports emulation and allows you to emulate code using ESIL. The emulation commands can be found under `ae?`. Make sure to check @_xpn_’s great article on unpacking Metasploit encoders using @radareorg’s emulation: blog.xpnsec.com/radare2-using-… >>
radare2 can even generate QR codes. The `pq N` command will print a QR code containing N bytes from the current seek >>
We all are familiar with using “@” to perform a temporary seek, but did you know that you can use “@@” and “@@@” as a Foreach iterator? See “@@?” and “@@@?” >>
When you don’t know what a specific instruction is doing, you can enable the opcode descriptions to get some help by executing `e asm.describe=true` >>
Some commands in radare2 may sound fun – take `wtf` and `omfg` for example. There’s even an open issue asking for more suggestions so if you have any, feel free to comment: github.com/radare/radare2… >>
Obviously, you noticed that whenever you open radare2 you are getting a funny message or a useful tip. These are called "fortunes". Not many people know that there are two hidden fortune types that you can enable – “nsfw” and “creepy” >>
That’s it for today! I hope you enjoyed the ride 😊 There are many more cool features than presented here so I’ll probably make another thread soon.
Make sure to join our great communities for @radareorg and @r2gui in Telegram: t.me/radare & t.me/r2cutter!
Make sure to join our great communities for @radareorg and @r2gui in Telegram: t.me/radare & t.me/r2cutter!
