radare2-cheatsheet.tex

\documentclass[10pt]{article}
\usepackage{r2style}

%----------------------------------------------------------------------

\title{Radare2 Cheatsheet}
\begin{document}
\pagestyle{r2fancy}

\begin{center}
	\Large{\bf Radare2 Cheatsheet}
	\rule{\textwidth}{0.2pt}
\end{center}

\begin{multicols}{3}
\subsection*{Basic commands}
\cmd{s}{seek to a different address}
\cmd{b}{change block size}
\cmd{q}{quit}
\cmd{pd/px/p8}{print disasm/hexdump/bytes}
\cmd{pf}{print formatted}
\cmd{f name=addr}{set flag to the given address}
\cmd{-j}{enter the Javascript repl}
\cmd{?*{\url ~}str}{filter commands with the given string}

\subsection*{Command prefixes}
\cmd{.}{interpret output}
\cmd{:}{execute io command}
\cmd{\#}{comment}
\cmd{$\char18$}{avoid evaluation of special chars}
\cmd{N}{repeat n times, being {\tt N} a number}

\subsection*{Command suffixes}
\cmd{j}{json}
\cmd{q}{quiet (simplest output)}
\cmd{*}{radare2 commands}
\cmd{,}{table format}
\cmd{?}{help for the command}

\subsection*{Command modifiers}
\cmd{>}{redirect output to file or {\tt \$internalfile}}
\cmd{@}{temporal seek}
\cmd{@@}{repeat on every flag}

\subsection*{Binary information}
\cmd{ie}{entrypoint}
\cmd{is/ii/iE} {symbols/imports/exports}

\subsection*{Patching}
\cmd{wx}{write hexpairs (\ttc{wv} for endian values)}
\cmd{wa}{write assembly}
\cmd{wo}{write operation in current block}
\cmd{wtf}{write to file (use \ttc{wtff} for \ttc{@@})}

\subsection*{Search}
\cmd{/ str}{find string}
\cmd{/x hexpairs}{find hexpairs}
\cmd{/ad inst}{find instructions}
\cmd{/m}{search for known magic headers}
\cmd{w str0 @@/ str1}{write str0 on every str1}

\subsection*{Analysis and xrefs}
\cmd{af}{analyze function}
\cmd{aa}{analyze all program (\ttc{aaa}, \ttc{aaaa}, ...)}
\cmd{afn/afvn}{rename a function/variable}
\cmd{afl}{list functions}
\cmd{axt}{list xrefs to given address}

\subsection*{Disassembly}
\cmd{pdf/pdr}{disassemble function/recursive}
\cmd{pdc}{pseudo-decompilation (see \ttc{pdd}/\ttc{pdg})}
\cmd{pd/pi}{print disassembly/instructions}
\cmd{Cd}{define as data}
\cmd{CC}{add a comment in code}

\subsection*{Emulation (ESIL)}
\cmd{aeim}{initialize emulation registers + stack}
\cmd{ae}{emulate ESIL expression}
\cmd{aes}{step into (see \ttc{ds}, but also \ttc{aesu?})}
\cmd{aer}{for register manipulation (see \ttc{dr})}

\subsection*{Debugging}
\vspace{-8px}
\subsubsection*{({\tt r2 -d bin})}
\cmd{db}{set/manage breakpoints}
\cmd{dbt}{backtrace}
\cmd{ds/dso}{single step/step over}
\cmd{dr}{get/set register values (\ttc{drr} for telescoped)}
\cmd{doo/ood}{restart process}

\subsection*{Visual mode}
\vspace{-8px}
\subsubsection*{({\tt V} for visual, {\tt v} for panels, {\tt !} to toggle)}
\cmd{pP}{rotate modes ({\scriptsize$<$}tab{\scriptsize$>$} for submodes)}
\cmd{s/S}{perform step/step over}
\cmd{b}{browse (flags, config, classes, symbols, ...)}
\cmd{.}{seek to entrypoint}
\cmd{i/A} {insert mode for hexa/write assembly}
\cmd{V\_}{hud mode to seek flags while typing}
\cmd{Vd1}{visual bit editor}
\cmd{n/N}{seek to next/previous {\em scr.nkey} thing}
\cmd{x/X}{view xrefs/refs}
\cmd{hjkl}{move cur ({\tt HJKL} for faster movement)}

\subsection*{Graph}
\vspace{-8px}
\subsubsection*{({\tt VV} comand, {\tt agfv})}
\cmd{agn/age/aggv}{custom handmade graphs}
\cmd{t/f/u}{follow true/false branch, undo}

\subsection*{Settings}
\vspace{-8px}
\subsubsection*{({\tt e} command)}
\cmd{edit}{use {\em cfg.editor} with {\tt {\url ~}/.radare2rc}}
\cmd{anal.hasnext}{consider code is sequential}
\cmd{asm.bytes}{show/hide bytes in disasm}
\cmd{asm.emu/emu.str}{emulation analysis/show strings} %FIXME??
\cmd{bin.relocs.apply}{apply relocs}
\cmd{scr.color=n}{enable colors, where n = 0,1,2,3} %FIXME??
\cmd{search.in}{define search boundaries}

\end{multicols}
\end{document}