SBN

How to use Radare2 for reverse engineering

Introduction

This article defines reverse-engineering as it is used in the analysis of software. We will explain in detail how to use radare2 for reverse engineering.

It exposes techniques that can benefit self-starters, security analysts, engineers, software auditors and hobbyists who want to improve their understanding of low-level aspects of a piece of software. It offers a system approach to understanding reverse-engineering and real-world examples.

What is reverse-engineering?

Reverse-engineering is the creative process of analyzing software and understanding it without having access to the source code. It is the process by which software is deconstructed in a way that reveals its innermost details such as its structure, function and operation.

Reverse-engineering is one of the core skills required in the software security industry. Most attacks, which are usually launched in the form of malicious software, should be reversed and analyzed. After a malware attack is launched within a system, the key requirements are to clean the system and nodes and protect them from being compromised. 

It is the work of a software analyst to determine how the malicious software installed itself within the system and develop steps for uninstalling the software. Reverse-engineering is used in malware analysis to understand what that piece of code is doing and to create a detection process to prevent it from re-infecting the system again.

Claroty

What is radare2?

Radare2 is an open-source framework that can perform disassembly, debugging, analysis, comparing data and manipulation of binary files. This framework works on Windows, Linux and many other platforms and architectures. The Windows installer can be downloaded from GitHub.

Radare2 utilities

Radare2 comes with a few other important tools. These tools are command-line utilities which can be used together or independently. This article will discuss four key utilities that are shipped with radare2.

rax2

rax2 comes in (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Richard Azu. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/sKu44_wwfkA/

Avatar photo

Richard Azu

Richard has over 16 years of experience in Network/Telecom Engineering. Experienced in the deployment of voice and data over the 3 media; radio, copper and fibre, Richard – a system support technician currently with First National Bank Ghana Limited is still looking for ways to derive benefit from the WDM technology in Optics. Using Kali as a springboard, he has developed an interest in digital forensics and penetration testing.

richard-azu has 12 posts and counting.See all posts by richard-azu