5.5.4 - stability release

Release Notes

Version: 5.5.4
Previous: 5.5.2
Commits: 30
Contributors: 8
Days: 9

Highlights

More details

## Authors

• Claudemirovsky (linking issues)
• Dennis Goodlett (search + signatures)
• Francesco Tamagni (dyldcache)
• Lazula (pD and git pull issues)
• condret (crash in omf command)
• gogo (8051 assembler and AVR disassembler improvements)
• pancake pancake (everything else)

Changes

Architectures support

Changes related to disassembly, assembly and analysis:

• Use cs_disasm_iter in anal.x86.cs to use less heap and speedup analysis and disassembly
• Disable the disassembler logic in the asm plugin for 8051
• Handle jbc [reg] in 8051 assembler
• Handle registers on push on 8051
• Improve pD, reading too many bytes on loop
• Better Analysis plugin handling from the asm module

Binary parsing

• Dont depend on case-sensitive FS to load the DLL sdbs
• Support Mach-O DYLD_CHAINED_PTR_64_OFFSET format

Build/ CI

• Check for an existing upstream remote in install scripts
• Fix libr_lang linking issue (introduced in 5.5.2)
• Do not remake on modules with d/ (faster 'make' builds)

Search

• Cleanup public API for
• Add JSON output to zb commands

Security

• Fix #19476 - heap overflow in aao
• Fix #19478 - null deref in symbols file

5.5.2

Release Notes

Version: 5.5.2
Previous: 5.5.0
Commits: 92
Contributors: 16
TimeDelta: 20 days

Highlights

More details

Authors -------

Ashwin Kumar Dennis Goodlett Lazula Octavio Gianatiempo Richard Liu Rick de Jager Sergi Àlvarez i Capilla aemmitt-ns aviciano condret gordon-quad meme meme pancake pancake slowhand99

Changes

ARM/THUMB

• Fix #19464 - incorrect assembly for adrp on arm64
• Use null plugin when using unexistent asm plugin
• Handle more ELF relocs for ARM binaries
• Fix #18967 - Fix emulation for the mov-pc thumb instruction

Binary parsing

• Add Plan 9 symbol parsing
• Fix PE Metadata header name parsing (.net related)
• Add bin_xtr.xtr_pemixed for PE user plugin

build

• Use remote URL for git pull in install scripts
• Enable mingw32/mingw64 builds in the CI (new first class platform)

cons/ui

• Improve the snow experience in panels mode
• Add eco! and eco* and sort eco listing
• Show prev nodes in graph.few
• Improve cursor up/down in visual disasm when code is analyzed

crash

• Fix invalid pointer read issue in dwarf parser
• Fix #19455 - Negative tainted offset used in buffer for pyc causing oobread
• Fix #19448 - Fix atoi on non-null terminated string in PE section headers
• Fix #19446 - null derefs in the x509 parser
• Fix #19443 - UAF in marshall null object
• Fix #19442 - Fix heap underflow in pyc marshalling
• Fix #19444 - Null derefs in PE signature logic

Other

• Fix #19463 - io write error reporting regression
• Fix #19473 - Support libc filename w/o version for heap analysis
• Fix Dalvik’s esil conditionals
• Initial support for VLIW on hexagon
• Fix infinite loop in r_str_replace

Diff / Signatures

• Implement symbol name list diffing in radiff2
• Fix zj vars output
• Add binary search alg to pvector

r2pipe

• Fix r2pipe.cmd("Z") when command fails returns no output
• Updated R2pipeSide support for Go and V

5.5.0 - 希

Codename: Nozomi 希
Commits: 381
Contributors: 25
Associated Releases:

• r2dec https://github.com/wargio/r2dec-js/releases/tag/5.5.0
• r2ghidra https://github.com/radareorg/r2ghidra/releases/tag/5.5.0
• r2frida https://github.com/radareorg/r2ghidra/releases/tag/5.5.0

Breaking changes in api, esil, abi and commands. Plugins will need to be recompiled as usual.
Special thanks to giantbranch from NSFocus Tianji Lab for reporting several crash reproducers

• New IOBanks APis and commands replacing skyline and making io faster (2-10x) @condret
• Faster analysis, type matching, binary parsing (2-4x) @trufae
• [] and =[] esil operations has been removed (size is mandatory) @condret
• Lots of important bugs fixed in bin parsers and disassemblers @Lazula
• Add support for the latest iOS15 dyld4 Atlas-style cache formats @mrmacete
• Autorename signature matching collisions and faster search @swoops
• Add assembler for riscv and disassemblers for PDP11, Alpha64 and armv7.v35 @trufae
• Improved integration with r2frida remote filesystems @as0ler
• Cleaning debugger for windows (32 and 64) and macOS makes it more reliable and stable @trufae
• Add seven segment printing (?ea for ascii-art text titles) @trufae
• Improved xrefs visualization with new axfm and axtm commands @trufae
• Add avg command to manage global variables @trufae
• The sixref plugin is now easier to use to find xrefs on arm64 code @hot3eed
• Improved multibin (select all bins or one) and multidex support in apk:// @trufae
• Better build scripts for Windows (add asan and w32 profiles) @trufae
• Added armv7.v35 and improves esil emulation with the arm64.v35 @aemmitt-ns
• Add more help messages and set scr.prompt.tabhelp true by default @trufae
• AES key wrap algorithm support in rahash2 @sylvainpelissier
• Fix var serialization issues in debugger reloading (ood) and projects saving (Ps) @RHL120
• Add Amiga and MSX rom/bin parser plugin and test @romerojoseant @trufae
• Visual slides (r2s) allow interactive content to be used within r2 @trufae
• Print and convert ternary values back and forth @trufae

Continue reading ...

Authors

0mhu Abdelrahman Eid Antoni Viciano Dennis Goodlett Fernando Domínguez Francesco Tamagni Jose Antonio Romero Lazula Murphy RHL120 Sergi Àlvarez i Capilla SkUaTeR Sylvain Pelissier aemmitt-ns condret devnull850 dogtopus hot3eed junchao-loongson meme murphy pancake pancake rhl120 thymol0

analysis

• Check if ax[ft] argument is valid before showing xrefs to 0
• Implement axtm, axfm and add helps for axf? and axt?
• Improve debug message when misleading a function name
• Add serialization API for vars
• Improve sixref plugin UX
• Copy the z80.archinfo into the gb plugin
• Honor (min|max)-opsz and buffer bounds in aar
• Hide the 'no calling conventions' warning and add =R0 for x86
• Improve the reg profile for python
• Fix crash when using the pyc disassembler without pyc bin
• avr requires aeim before aaaa to not assert
• New 'avg' command and RAnal.global to manage global variables
• Remove unused enum
• Fix tests for RAnalVar function relocation
• Fix variable relocation on ood (#19219)
• Fix 1 bb function analysis with a2f
• Fix null deref when using anal.a2f
• Improve sixref plugin UX

asm

• Add the first multiarch assembler plugin: vasm
• Initial implementation of the RISCV assembler
• Minor refactors in disasm.c, primarily r_core_print_disasm()

bin

• Use r_str_ndup in another bound check in dwarf
• Fix crash when elf symbol initialization fails
• Always init Mach-O options with defaults
• Add Support For dyld4 Atlas-style Shared Library Caches
• Handle allbins in im, iM, iT, iC, iV, iz
• Implement multidex and proper multibin in apkall://
• Handle allbins for iz, ic, iI, ie and iM
• Implement 'ob *' to select all bins and honor in is,ii,ir,il
• Add MSX rom/bin parser plugin and test
• Fix some null checks around the open_many apis
• Implement 'is,' for table query for symbols
• Handle the ARM32 COFF case
• Improve swift demangler and add bin.demangle.trylib config
• Initial implementation of the HUNK file parser
• Detect canary on statically linked RT and stripped PEs

build

• Generate bin/d the same way as other sdb paths with meson
• Fix wasi builds and update wapm package in the new dist/wapm
• Respect v35 repos for offline builds
• Dont user latest meson because its broken :D
• Initial work towards supporting mingw32/64 again
• Rename MD5 symbols to prevent OpenSSL collision

cons

• Fix buffer overflow in RConsPixel API affecting the braile renderer
• Improve default theme
• Add scr.prompt.tabhelp enabled by default
• Move more context fields out of the globals
• Move the console flushing decision to the console context

core

• Deprecate the file.openmany config variable

crash

• Fix null deref in r2 -c 'oc 3' -
• Fix #19178 - UAF in aaft when anal.detectwrites is enabled
• Wrong bounds initializing dwarf dies (tests_64901)
• Fix oobread in z80 disassembler (tests_65081)
• Fix oobread crash in the ELF parser (tests_64931)
• Fix oobread crash in DWARF's parse_die (tests_64926)
• Save and check the reg arena size when peekpoking (Fix tests_64923)
• Fix oobread crash in DWARF parser (tests_64922)
• Fix oobread crash in dwarf parser with non-null terminated strings
• Fix oobread crash in DWARF parser (tests_64924)
• Fix oobread crash in the analysis loop with corrupted ELFs (tests_64928)
• Fix uaf crash in aaft (tests_64927)
• Fix UAF in aaft (tests_64923)
• Fix oobread in VAX disassembler (tests_64920)
• Fix oobread crash in RAnal.hexagon (tests_64900)

crypto

• Remove global usage in AES encryption
• Add AES Key Wrap Algorithm

debug

• Make the macOS debugger more stable
• Handle PPID on macOS debugger

diff

• Add ci commands to compare two rbinobject data

disasm

• Add disasm+decompiler side by side api for the codemeta api
• Use hints to follow dwords
• Add armv7 to the arm.v35 plugin
• Fix pdi~invalid bug, at least when bbsize > 32
• Add support for the ALPHA disassembler
• Add PDP-11 disassembler support from binutils

esil

• Improvements on the arm64.v35/cs plugins
• Kill esil [], []= and related operations
• Fix r2wars regression with REP cycle detection
• Use sdb_itoa instead of snprintf for emulation

fs

• Always use b64 encoded filepaths on the fs.io calls

help

• Add help for the an command

io

• Add r_io_map_add_bottom
• Fix mapslit in r_io_map_add
• Remove r_io_map_new from public API
• Free maps on r_io_maps_fini
• apk:// is the new apkall:// (add AndroidManifest.xml)
• Use io banks by default
• Speedup repetitive access to the same submap in io banks
• Speedup r_io_map_get (O(2n) => O(2))
• Add iobank support to r_io_read_at_mapped
• Use new rbtree API in io_bank.c
• Fix io bank cmp cb functions
• Refix r_io_submap_set_to (typo)
• Enable io bank support in r_io_map_resize
• Kill r_io_map_location
• Enable io bank support in r_io_nread_at
• Implement r_io_bank_{read_from/write_to}_submap_at
• Enable io bank support in r_io_v{read/write}_at
• Enable io bank support in r_io_map_depriorize
• Implement new r_io_desc_get_byuri() API
• Enable io-bank support in r_io_map_get_paddr
• Enable io-banks for r_io_map_del_for_fd
• Fix return value in io_default close entry
• Fix resource leak and logic bug in r_io_reopen
• Check for access bytes in r_io_bank_{read/write}_at
• Enable io-banks support in r_io_map_remap
• Enable io-bank support in r_io_map_new
• Kill r_io_map_add_batch
• Remove unnecessary return val from r_io_map_del
• Enable io-bank support in r_io_map_del
• Rename r_io_map_next_available to r_io_map_locate and add use_banks support
• Kill r_io_map_next_address
• Improve r_io_bank_locate for replacing r_io_map_get_next_available
• Add alignment support to r_io_bank_locate
• Enable io banks in search; Kill search.in = io.sky.*
• Add 2 comments for clarification
• Improve "om"-command, show '*'-marker for current map
• Implement map depriorization in io banks
• • Add r_io_bank_map_add_bottom and r_io_bank_map_depriorize
• • Fix potential bug in r_io_bank_update_map_boundaries and add some comment for clarification
• Some cleanup and code deduplication
• Fix oob write in r_io_bank_{read/write}_at
• Fix omb-command map ids
• Initial io.banks management commands
• Rename r_io_bank_update_map_location to r_io_bank_update_map_boundaries and make it useable for map resize (siol eternal)
• Some code cleanup (siol eternal)
• Use incremental timestamp on map creation instead of real ones (siol eternal)
• Implement r_io_bank_update_map_location (siol eternal)
• Use r_list_iter_get_prev (siol eternal)
• Implement r_io_bank_delete_map and fix some bugs (siol eternal)
• Add r_io_bank_drain (siol...

5.4.2

CI / build and portability

• Added macos-arm64 (M1) builds into the CI
• Add configuration file for Vinix builds
• Improve the CI to keep consistent directory names in dist zips

Windows related fixes

• Fix w32 and w64 builds by not statically linking the runtime
• Dynamically load more vista-related APIs to fix w32 startup crash
• Support VS2019Pro, not only the Community toolchain in preconfigre.bat
• Arrow keys working again in the prompt
• Fix crash in dd command in debugger mode

Signatures

kudos to @swoops for those awesome improvements

• Add support for collision calculations, improving speed in matches
• rasign2 is now able to generate signatures for archive files (.a)
• Load signatures from sdb file
• Implemented 'next' signature types to detect functions based in context

Esil

• Fix emulation of xchg rax, rax
• Fix 16 bit pop/push sizes
• Add aoeq command with just the esil expression
• Correct FPU and SIMD register types

Shell

• ls output is now alphabetically sorted
• Add 'woi' command to inverse the contents of the block
• Add isotp:// io plugin to let r2 talk to your car.
• Autocomplete options in asm.assembler
• Cleanup and fix some uaf bugs in @@@ actions
• Fix glitch when moving cursor when scr.color=0
• The o and mg commands now accepts base64: argument
• Add s. and s.? commands to reload current block (same as s $$)
• Fix /ai search for arm64 movs instructions
• Handle ^C in @@ and @@@ as well as in macros
• Support fish and tcsh

Disasm and Analysis

Kudos to @Lazula for properly analyzing and fixing the 15yo disasm bug! great job!

• Fix a 15 year old bug that was causing invalid disassembly when doing large listings
• Add anal.cs variable to better support segmented memory addressing
• Detect inlined strings in immediates using the movabs instruction under some circunstancies
• Improve x86.nz assembler for better handling register/argument size

RBin

• Fix loading PE binaries with tiny segments (like 1 byte in size)
• Projects containing PE binaries don't break after reopening now
• Add support for COFF files for ARM

Projects

• Add more tests, ensure projects exists
• Ravc2 - added rimraf, and reset action

Scripting

• Fix flagspace issue spotted when using it via r2pipe and ccall://
• Add REXX scripting support
• Fix loading r2ghidra when using r2 via r2pipe (RTLD issue only for Linux)
• Previously the whole configuration was serialized to disk on every command, this is now gone

Security

• Fix some null derefs found in RCons, RConsGrep
• Oob read in macho parser
• Fix crash caused when io.cache was set
• Support non-PIE builds (required for Vinix)
• Support any value in http.webui fixing for the new wip webui
• Add rmrf command for recursively removing directories

5.4.0 - Rainy Smell

Release Notes

Version: 5.4.0
Previous: 5.3.1
Commits: 258
Contributors: 20

Highlights

• Add the vector35 arm64 for analysis, esil and disasm and r2 can be built without capstone
• Improved integration to use r2ghidra analysis and disassemble mainly tested for avr, v850 and arm64
• Fix emulation of several x86 and arm64 instructions, including an scripted way to import official arm64 instruction descriptions
• Bring back the cmd.pin to instrument the esil emulation when a specific address is hit
• Small steps towards Projects with improved management for version control
• Improved visual and panels with better interactions and fixed glitches

Shell

• 500 more commands are now listed in the recursive help command: ?*
• Backslash is now completely gone. Please use ':' or the original '=!' instead.
• Implement @@== foreach word iterator operator
• Add mwf command to write local files into remote targets
• wv1,2,4,8 accept many space-separated numbers now

Search

• New /c subcommands are now available for searching crypto stuff
• To find references to the UDS CAN table use /ru
• Find PGP and RSA encrypted keys in memory with /cg
• Search for common hashing and crypto constant tables in /ck
• Add /ab to find backward jumps (mostly loops) and handle ^C
• Initial implementation of spp, snp, /bp and /pp to find next/prev preludes

Analysis

• Improved VAX analysis, disassembly and analysis
• Esil function emulation is performed properly spotting many more xrefs and reduces falses positives.
• Default aa, aaa and aaaa analysis commands are now faster and produce better results
• Analysis plugins can be now used as a replacement for the asm ones only for disassembling. Next release will start removing unnecessary asm plugins, reducing compile times and build size.
• The new 'wan' command nops the partial instructions left, making binary patching much simpler
• Faster exit times for ^D, making interactions more fluent and reducing CI times
• Initial implementatil of ESIL macros and start reducing the instruction set
• Better x86.pseudo and varsub for strings

Debugger

• Signal handling is now displayed in human form and C with better stop reasons
• Use DRX APIs to handle breakpoint recoils only on x86-64

Signatures

• Support FLIRT v5 file format compression
• Fix bug in zaf creating zignspace
• Expand r_sign API and major refactor

New platforms:

The build system and CI packaging has been improved quite a lot, simplifying the release process and testing.

• serenityOS: unix based OS that looks like w95, with its own kernel, libraries and userland. Debugger support in r2 is not yet available for SerenityOS, but APIs are there, so it's just a matter of getting it
• Vinix: Kernel completely written in V, able to run bash, gcc or python, is now able to run r2!
• Vax/netbsd: after discovering SIMH, a Vax emulator, took me few minutes to run NetBSD and run r2 in there, no debugger support yet.
• WebAssembly is now build and published in the CI
• Tic80: For now it's just identifying and parsing the headers and placing the flags

Windows

• Building on windows is as easy as running: preconfigure, configure and make
• That will detect VS, Python, Git and setup the PATH and install Meson and Ninja for you.
• Resolve Windows APIs at runtime to fix build with mingw and improve backward compat

More details

Authors

Alex Bender Apkunpacker Azox Davide Pizzolotto Dennis Goodlett Enshin Andrey Ilya Trukhanov László Vaskó Maijin Murphy Paul I RHL120 Royos90 Sylvain Pelissier aemmitt-ns gogo hot3eed lasek0 pancake pancake

Changes

anal

• Properly stringify the RAnalOP.type field
• Implement aaff command and improve aaf? help message
• • Extend afj command to handle all jump table parameter options
• Implement 'afs*' command to export function signature info in r2 commands
• Fix afsj, taking signature args instead of fcnargs in json
• Initial import of the arm64v35 disassembler and analysis plugins
• Optimize infinite loop on non-quantum computers
• Avoid assert on avr's null cmpreg test
• Finish the tolowering of anal.noNULL
• Fix aef and aaef to actually find xrefs at least

asm

• Fix #18813 - Cannot assemble cmp w26, 0 in arm64
• Fix #18876 - Check imm bounds for some instructions in the x86.nz assembler
• Add pushf/popf instructions to x86.nz
• Use RAnalBind in RAsm to reuse RAnalPlugins to disassemble
• Update ARM64 arm.sdb.txt opcode descriptions from documentation
• Update the VAX disassembler from binutils

assembler

• Fix #18872 - New command 'wan' to write and nop affected instructions

bin

• Fix #18783 - Support ELFs with phnum > 0xFFFF
• Allow RBinPlugins to use RBinFile at check()
• Initial support for the TIC-80 Fantasy Computer cartridges
• Replace SDB with HtPU in RBin.filter_name()
• Put archinfo.{minopsz,maxopsz,align} in the output of i
• Implement ELF relocs for VAX

build

• Add portability support for Vinix
• Add meson support for the anal.arm.v35 plugin
• Add preconfigure/configure/make batch scripts for Windows
• Initial import of ./preconfigure for packaging purposes
• Improve the macOS packaging scripts
• Import radare2-win-installer files into dist/windows
• Fix meson build and proper use of cgen
• Fix system() on arm64 macOS targets (#18877)
• Initial support for capstone-less compilations
• Build and publish the ZIP with the WASI bins
• Add initial support for building r2 on WASI

ci

• Version the artifacts

cons

• Dont check out of bounds last chars
• Honor faster ^D on interactive execution path
• Fix arrow handling after fixing mouse clicking glitches

core

• Honor bool in io.va, scr.interactive, scr.prompt and cfg.fortunes
• Optimize and improve r_name_filter calls
• Add &w command to wait and run for queued commands
• Implement &: for queue commands
• Implement @@== foreach word iterator operator

debug

• Fix the windows debugger and make it more stable
• Add tests for the improved signal handling messages
• Change the way wait events are handled in the unix-debug backend
• Add 'sigstr' to the 'di' output for verboser stop reasons
• Add RSignal.toHuman() and improve RDebugReason.toString()
• Use DRX APIs to handle breakpoint recoils only on x86-64

disasm

• Support arch.* namings for the parse plugins
• Better x86.pseudo and varsub for strings
• Fix r_str_ansi_len() causing unaligned 'unaligned' words
• Improve invalid address and string parameter issues in emu.str and pd comments
• Improve x86.parse for asm.pseudo

esil

• Fix emulation for AARCH64 ldr,str,stp,ldp instructions
• Fix #18860 - mul and imul for *dx operands and 64 bit widths
• Bring back pins to esil land
• Fix POPF POPFD POPFQ not increasing stack pointer
• Add wide and math instr esil for dalvik, pac esil for arm64
• Initial implementatil of ESIL macros

fs

• Add mwf command to write local files into remote targets

io

• io.plugin.lseek -> .seek for portability (wasi related) (#18840)

panels

• Add xX key descriptions in the help message

print

• Improve the pdc output to allow recompilation
• Initial implementation of the pdo esil2c output

projects

• Dont save projects when no project is used
• Exclude files of nested rvc repos from repo_files()
• Use r_sys_whoami as the author name for r_vc_commit
• rvc add r_vc_find_rp
• Rework r_vc_checkout and fix some mem leaks
• Rework the rvc_commit functions
• Take advantage of prj.vc.type and merge rvc & git
• Fix r_vc_commit and other functions
• Major rvc api refactor to use sdb

rvc

• Fix memory leak and infinite loop in r_vc_find_rp

search

• Implement /ck command to search for crypto constant tables
• Rename /cu UDS CAN table search to /ru command
• Add PGP search for signature and RSA encrypted private keys (#18961)
• Add /cg command to search for GPG artifacts
• Update tests and add /a[?]q for quiet-legacy mode
• Use pdi in /ad output
• Initial implementation of spp, snp, /bp and /pp to find next/prev preludes
• Add /ab to find backward jumps (mostly loops) and handle ^C

shell

• Autocomplete :. command
• wv1,2,4,8 accept many space-separated numbers now
• Remove other useless and incomplete treesitter leftovers and get +400 new commands in the recursive help
• Remove colons in "?" number conversion output
• Honor < and > comparison operators in RNumMath
• Use RNum.math in "?b" to make '?b 1<<1' work
• Add scr.hist.filter to toggle the filtered history up/down search
• Improved reverse-search in command history
• Faster ^D (leave r2 without freeing the core)
• Completely eliminate the deprecated backslash command
• Add some help and better parsing for the anal hints

signatures

• Add r_sign_metric_search to r_sign.h
• Fix bug in zaf creating zignspace
• Expand r_sign API
• • Use r_sign in rasign2
    ...

5.3.1

• Assembling invalid arm64 instructions dont result in invalid representations
• Add http.basepath to support sub directory handling for proxying purposes
• Support instruction descriptions when using the r2ghidra disassembler plugin
• Fix issues and enable the garbage collector when running @vlang scripts
• Fix arm16 ldr post indexing esil expression
• Fix r2pipe regression caused by a change in RCons buffering when chaining multpile commands
• Support user defined REgg plugins
• CI: Fix macOS builds and build debian packages on ubuntu18 instead of ubuntu20
• Fix prj.vc issue on Windows
• Add support for armhf/armv7 musl builds as well
• Enable build on less capable systems disabling threads, pty and other platform functionalities separately
• Fix sorting issues on RList and foreach_prev

5.3.0 - Root Powder Goety

This release comes with a large list of bug fixes contained in 246 commits from the last 6 weeks thanks to 19 contributors. Kudos to everyone hanging out in the chats, testing, discussing, asking, helping and building up this community that makes r2 what it is. Hope all the users appreciate and enjoy this update as much as we did coding for it.

Greetings to: Alex Bender Anthoine Bourgeois condret David CARLIER Dennis Goodlett Giovanni Di Santi gogo2464 Jing Liu meme Michal Ambroz murphy pancake Rene Laemmert RHL120 Shadorain Siguza Simon Vareille StefanBruens Sylvain Pelissier

I could shout: aaaa is no longer breaking the debugged process! or Go scripting support!, but the list of changes and security bug fixes is quite large to summarize in just one line.

Some important bugs has been fixed in the build system, not just reflected in the README and the CI but also for both meson and acr, previous old installations of r2 no longer breaks the build. The rpath builds are now fixed for both acr and meson, this is required for r2env! also, and most important one, all the sdb databases are now precompiled in C and loaded at compile time instead of having to map disk files. This fixes the need to depend on side files installed in the system to make your static binary builds of r2 to work. This feature is now enabled by default and tested in the CI, but it can be also optionally disabled if you prefer the old behaviour which is more flexible. musl static builds are now officially supported and tested in the CI.

Friendly reminder that license documentation has been updated in doc/license.md and you can check at runtime all the licenses of the core and plugins used in your builds of r2 in case you need to care of such things.

Support for the S390 architecture and the z/OS architecture has been improved from RBin, RCharset and RAsm by adding support to extract ebcdic37 strings with rabin2 honoring cfg.charset and loading MVS OFF S/390 module objects, in addition, the latest S390 disassembler from GNU Binutils has been imported, which works side by side with the Capstone one.

Some important bugs has been fixed in the debugger. From infinite loops, fixed reg profile for arm64 debuggers, reseting the heap analysis on restart and other undefined behaviours that happened randomly on Linux and macOS. We greatly recommend you to update!

Multiline comments are better displayed on hexdumps and disasm, the order of flags and xrefs is now sorted to be more meaningful to the reader. The variable asm.sub.jmp is now working again. Other improvements with asm.meta=false for displaying data in the middle of code and better displaying of switch table comments. A new variable asm.hint.imm is now accessible from visual mode to pick immediates from instructions using hot keys. All those additions make visual and panels look even better!

The commandline have received some bold updates. The newshell parser has been removed from the codebase, which resulted in the following changes: improved commandline parser to fix all the tests working in newshell with the good-old-C-based parser, deprecate the backslash and single quote aliases for =! and promote the use of :. This is an important change for r2frida users!. The autocompletion tab is working again and has been extended to support more config var types. The whole refactoring end up with 30s less in CI builds and 512KB less sources.

New commands!

• afxm : x/y map of function xrefs
• wcf : write file contents + cache patches into given file
• aev : the visual esil debugger (same as VbE)
• aeis: initialize stack for given argc, argv, envp
• x/w : long standing issue improves gdb-like examine commands in r2
• ===stderr : allows to redirect r2's stderr thru the new r2pipe.side api
• px-- context hexdump command (like pd--)
• : this always-undefined command is now replacing \ and ' aliases

Command changes:

• px now honors cfg.charset in the ascii column
• pr : supports printing raw null bytes
• Mark ' and \ commands as deprecated. use :
• Implement @@@e and @@@E to iterate over entries and exports

The RBin library ships with some important security bug fixes, covering some public CVEs for corrupted PE, Python and MACHO files. Additionally a cache has been added to greatly speedup the loading of DWARF files and adding support for two new file formats (OFF for zOS/S390 and WAD (the DOOM map files).

From the analysis perspective this release comes with some important changes: capstone5 is now the default disassembler and analysis library for most common architectures. The anal.calls variable is now honored in aa, which results in better code coverage when performing automatic analysis. Running aaaa no longer breaks the debugged process! There's some little improvements in the type propagation analysis and the missing char** type is now included, which works in sync with the new aeis command to redefine the stack contents for a specific argc, argv, envp.

ESIL has deprecated the REPEAT keyword and extended the Thumb emulation by supporting the ldrd instruction, The arm64 assembler has been also improved a little bit warming engines for the r2wars. Non-intel users will also enjoy a more native experience along all the tools because.

A new IO plugin is available in default builds, the socket://, this plugin was implemented in r1.. but it never really reached r2 codebase until now! This plugin connects or listens to a tcp host:port and records a flag for every read operation that happens, writes are sent to the endpoint, this enables r2 to be used for protocol debugging, which can be easily scriptable with r2pipe for fuzzing or testing purposes. The old tcp plugin is now named tcp-slurp:// to avoid confussions.

Signature search, matching, storing and management has been improved, handling collisions of multiple metrics to better decide which match pick, bytes are now available as a metric for signature matching, diffing and comparison. This makes z/ run quiet faster and generate better results than before.

Better error messaging has been added in visual, panels as well in many commands like the infamous pf which use to spit confusing messages, now supports writing enums and bitfield values in mapped structs. Same goes for the pa command which now suggests pd in case the user mistypes it (as it seems to be from the feedback from users).

Summarized Highlights

• removed newshell improved oldshell
• switch to capstone5 and honor anal.calls for better code coverage and type propagation
• initial support for analyzing s390/zOS module objects
• \ and ' aliases are now deprecated. Use =! or : from now on.
• Improved ESIL with visual word level esil debugger for Thumb, arm64 and x86-64
• Import socket:// from r1 for tcp network protocol debugging
• Type information from the binary is now loaded by default
• Improved stability of analysis and debugger on linux-arm64
• Musl static bins with compiletime databases for better portability
• Custom charset supported to find strings and hexdump ascii column
• Disassembly listing improved for multiline comments and multiflag offsets

Changelog Highlights

Changes

anal

• Improve aaaa log messages and avoid aaef to run in debugger mode
• Fix many zero cases in some jump table analysis
• Fix disasm alignment of data words in s390x disassembler plugins
• Fix s390.gnu disassembly and add test for 6 byte instructions
• • Better debug messages instead of r_warn in jmptbl analysis
• Better debug messages instead of r_warn in jmptbl analysis
• Use gperf on anal/d and improve build and checks
• Implement afxm command to show an call refs map
• Apply fix in sixref plugin to be in sync with the latest xref
• Type added: "char**" to SDB, ref #18633 (#18636)
• Fix boundary check in aao to parse more refs
• Fix 'Cannot find return type for' calling convention issues when saving a project (#18638)
• Fix 13482 - Remove anal.jmp.after variable (#18629)
• Improved type propagation analysis
• Fix #18323 - honor anal.calls in aa

asm

• Fix #18619 - Wrong assembly generated for: "add x0, x0, 1, lsl #12" (ARM64)
• Fix rasm2 -w in termux (honor R_SYS_ARCH)
• Fix rasm2 -w in termux (honor R_SYS_ARCH)
• Handle je and jne as aliases for jz and jnz in wao
• Rename sysz to s390 and add the s390.gnu plugin from binutils 2.36
• Update sdb and use of SdbGperf in asm.d
• Switch to Capstone5 as default

bin

• Dont trust the unaligned rich PEs
• Add initial toy IBM S390 Object File Format parser
• Fix #18724 - Use RCharset in rabin2 -z
• Always load bin types as pf. format strings
• Add WAD file parsing (#18659)
• Fix #18679 - UAF when parsing corrupted pyc files
• Fix #18667 - division by zero in the macho parser
• Speedup dwarf loading when no files are found in disk

build

• Fix #12335 - ignore system-installed r2 includes
• Add use_cgen meson option
• Add support for acr/musl-gcc static builds
• Improve the xxhash system library detection
• Make meson compatibl...

5.2.1 - Bugfix release after 5.2.0

See 5.2.0 release notes for changes since 5.1.x

Bug Fixes:

• Fix all the high impact issues from coverity (non null terminated strings, oobreads, ub and uaf mainly)
• Fix loading symbols from nested elfs
• Fix i*j output on different environments
• Improved bindiffing and signature matching results
• Fix empty R2_GITTAP version string issue
• pdcj (json output of the internal decompiler) is now ready for consumtpion
• Fix build --with-openssl
• Fix regexp search issues

Performance:

• Optimize RCodeMeta API (about 10x faster decompilation in iaito)
• Linux debugger is now 35 times faster (aaaa now takes 6s instead of 4 minutes)
• Set anal.in=dbg.map on cfg.debug, speedups analysis

Improvements:

• Load binary header structs before generating the ih json output
• Extended ESIL support for more MMX instructions
• Rafind2 output similar to grep by default, better for scripting
• New color theme named bluy
• Updated to the last GNU disassembler with support for all the last MIPS asm.cpu
• oss-fuzz has been fixed and radare2-fuzz project created

Debugger improvements on Linux:

• Fixed debugger step on ubuntu-arm64
• Fix REGREAD errors on Linux debugger (not all kernels support that)
• Fix Alpine linux debugger attach issue

5.2.0 - codename: "morens"

Release Notes

Version: 5.2.0
Previous: 5.1.1
Commits: 316
Contributors: 35

Contributors

Alexandr Alexandr Alexis Ehret Alucowie Basstorm Dennis Goodlett Florian M"arkl Francesco Tamagni Khairul Azhar Kasmiran Lars Wrenger Murphy Pamplemousse Paul I RHL120 Reviakin Evgeny Roman Valls Guimera Sylvain Pelissier Taggggy condret el-goe gogo gogo2464 intruder-kat ivan tkachenko meme mio mrglm murphy pancake ramikg soroosh-chabi temp1337 valdaarhun wargio

TLDR

**anal**

• Use =RS 8 for avr
• Add =RS directive in reg profiles to define default value
• Fix jump table analysis issue for r2ghidra.v850 (#18550)
• Test for pcdelta ARM ldr fix
• Fix pcdelta for ARM esil LDR
• V850 jmptable fix, cmpval is almost always -1 and slows anal to a crawl (#18498)
• Add missing v850 calling convention definition file
• Remove unused type FcnTreeIter
• Fix oobread ppc plugin
• handleMidFlags: Reset ds->midflags on entry
• asm.flags.middle: Don't split bb instruction
• aae: Realign on fcn start if not in bb
• Fix duplicate vtable entries after 'aaa'
• af-*: Remove function flags too
• Fix cX command and minor cleanup
• Fix PSW register bits definition for v850
• Add support for jump tables on v850
• Fix #18284 (json command returning empty string)
• Cd1 Cd2, Cd4, Cd8 are aliases for Cd[1248]
• Fix SN register value for linux-arm64
• Improve reg profile parsing and error handling
• Detect shift for the first switch case
• • Fix gcc 9.2.0 kind of x86_64 jumptables
• New command: aaw, flag all words pointing to known flags

android

• Add r_file_binsh() and avoid hardcoding /bin/sh for Termux

api

• Remove some exit() calls in libr
• Rename r_cons_memcat to r_cons_write
• ABI/API break. RAnnotationCode->RCodeMeta
• Use more r_str_ncpy and improve it to not alloc beyond nullbyte
• Add r_vector_flush()
• Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
• Add r_anal_esil_{syscall/interrupt}_{get/del}

bin

• Parse the symbols from the ELF .gnu_debugdata section
• Support x86_64 and macOS dyld caches (#18570)
• Fix wrong demangling of tiff swab16 bit data
• Use r_bin_import_free() as cb for imports list (#893)
• Improve python disassembler and binary parser
• Fix large loading times when parsing encrypted/fuzzed macho
• Do not consider ELFs with .gnu_debugdata section as stripped
• Fix Mach-O related coverity issues
• Fix coverity issues in xnu kernelcache
• Fix ASAN crash when allocating more relocs than the filesize
• Fix long time analyzing oob objc data
• • Fix long time analyzing oob objc data
• Fix asan crash found in r2_hoobr_dex_loadcode
• Fix oobread bug in r_str_(ndup|nlen) APIs spotted by ASAN in SMD parser
• Fix UAF in rz_bin_reset_strings()
• Fix assert in iSj for invalid size sections
• Minor ELF cleanup, using more size_t and ut64.max instead of 0
• Add Support for new CoreSymbolication element format
• Unset io.cache when not needed after bin.cache
• Fix warning message when loading files with relocs

build

• Move shlr/tcc into libr/parse/c
• Fix meson build issues related to grub (#18554)
• Fix the failure in finding the executing user's ID during install (#18508)
• Add the nogpl meson option
• Fix version not being updated after running sys/termux.sh
• Update doc/license for more clarifications
• Add plugins=nogrub option for meson
• Improve sys/termux.sh checks
• Do not run sys/ldconfig on Android
• Add missing use_fork and use_dylink to meson
• Fix #18397 - Be less strict when running sys/install.sh as root
• Fix debian32 in CI
• Allow custom CFLAGS for Debian packaging
• Add meson -Dplugins=a,b,c to build only the specified plugins
• Fixes to make the r2blob shine again
• Add 32bit Debian packaging and bonus CI fixes
• Add use_ssl meson option to be in sync with acr behaviour

charset

• Implement ps, psz, psj and psj with charset support
• Support multi-byte input in charset
• Add more runes to pokered

ci

• Fix linux-static pub action

cmd

• Sync om and omj output

cons

• Fix Ctrl-J issue and remove redundant code in 'Ctrl-J' block
• Implement RConsPixel and RBraile APIs
• Fix #16254 - grep expression parse improvement
• Fix null derefs on RCons when no context is provided

core

• Fix #18412 - Add R2_IGNVER variable to load plugins ignoring the version
• Remove asm.bb (asm.bb.line -> asm.lines.bb, asm.bb.middle -> asm.bbmiddle)

crypto

• Update to use keys that can be programmed onto a CPS2

debug

• Implement drcq and show it in visual debug/emu
• Fix #18502 - dangling pointers issues in dbm
• Revert "dmi commands handle symbols, exports, main, entries too
• dmi commands handle symbols, exports, main, entries too
• Implement dmis command as an alias for .dmi*
• Workaround the dmi issue by using rabin2 in macOS for now
• Add dbg.maxsnapsize to avoid snapping huge maps

debug"

• Revert "dmi commands handle symbols, exports, main, entries too

decompiler

• Detect retdec decompiler (pdz) in cmd.pdc

diff

• Add abstract Levenshtein dist
• Abstract r_diff_levenshtein_path
• Add Levenshtiend path API to

disasm

• Honor asm.cpu for asm.arch=ppc.gnu
• Fix #18511 - Add dwarf info in pdj
• Add the m68k.gnu disassembler plugin
• Show overlapped flags if requested and show them differently (#706)
• Honor cfg.debug in asm.section using dmi.
• Improve asm.meta=false for 16, 32 and 64 words
• Fix #17761 - Do not trim the "ptr " when asm.syntax=masm
• Add pi+ and pi- commands as aliases for 'pi +' and 'pi -'
• Fix asm.lines.bb with asm.sections set

dwarf

• Implement CLj command and improve CL output

emu

• Apply desired lifecycle of esil syscall and interrupt handlers in esil_dummy plugin
• Add dummy interrupt and syscall handlers

esil

• Add r_anal_esil_{syscall/interrupt}_{get/del}
• Boolify all the ESIL callbacks
• Fix some asserts and nullderef spotted on arm64
• Esil plugin management APIs
• • Add r_anal_esil_{get/del}_op
• • Fix deactivating plugins on r_anal_esil_free
• • Add local getter for active esil plugins

fs

• Fix absolute paths and add r_return guards
• Fix fs.posix.cat and use r_sys_dir instead of reimplement (-48LOC)

graph

• Add support for highlighted edges in graphviz
• Add ageh command to let users define which node links should be highlighted

hash

• Implement ssdeep fuzzy hashing algorithm
• Fix name collision for SHA functions

io

• Close #18257 / Remove RIODescData
• Enable io-plugins to set bin.baddr on launch
• Fix comment
• Implement custom bit size cyclic memory layout and wrap flags in
• Rename r_io_map_get_for_fd to r_io_map_get_by_fd
• Rename r_io_map_resolve to r_io_map_get
• Rename r_io_map_get to r_io_map_get_at
• Implement slurp:// uri handler plugin
• Implement omd command, as a simplified version of om
• Fix infinite loop in r_io_map_next_available
• Fix #17049 - oa whithout filename specify, add oa test
• Add help message for winkd://? and improve desc

json

• iVj must print valid json, not empty output (#18571)
• Add json version output to r2 -vj
• rasm2 -L now shows an array of objects
• Fix #18284 (json command returning empty string)

lang

• Add #!*? command to show rlang plugin examples
• Add support to the V programming language for scripting

print

• Implement pFX command exemplifying the use of r_sys_unxz()
• Android Binary XML support (#18545)
• Improved pdc, added pdco and pdcj, print orphan nodes
• Fix alignment issues in RTable with utf8 fields

reg

• Fix null printf issue in arpi command

search

• Import @Siguza's arm64 xref finder
• Show results after pressing ^C in /ad
• Fix /ad of multiple consecutive instructions

shell

• Fix proper hash comments & quotes mix (#18551)
• Implement whoami and uid commands
• rasm2 -Lj works the same way as -jL
• Add variable autocompletion class in !!!
• Add scr.loopnl to add a newline on all the @@ loops

test

• Add R2R_SKIP_ASM env var handling in r2r

tools

• Fix #18391 - Show help in r2pm even before initializing the db

util

• Add r_file_find to recursive list files and subdirectories into a list
• Rename dep in rbtree.c to depth
• Rename d, d2, d3 in rbtree.c to direction ...
• Optimize r_rbtr...

5.1.1

This is a minor bug fix release after 5.1.0 was out. But as usual it comes with some new features! Contents are mainly bug fixes and behaviour and abi compat should be fine 5.0.0, this is, all the built packages for 5.1.x will work. Highlights:

New Stuff

UDS Search

The new /cu command search for UDS tables useful for reverse engineering ECU firmwares. The code has been taken from binbloom and integrated as all the other search commands in r2, so you can have json, quiet, and r2 commands outputs for it.

• Add /cu[qj*] and r_search_find_uds API

Color2g graph nodes

This feature has been there for more than 10 years, but barely tested or used, after a user request and some testing the afbc command to improve to support specifying the color by name or following the CSS syntax like its supported in the color themes.

In addition the @ key have been handled in the graph view to toggle graph.layout variable, so you can easily rotate between portrait and landscape modes.

Visual Gameboy 2bpp Pixmaps

You can now use the visual mode to search for 2bpp bitmaps usually embedded in Gameboy roms. This is part of the retro-r2 project which aims to improve the support for old game consoles

Encoding charsets

The custom charset encoding support have been extended over the w command to be able to encode an ascii string into pokered charset encoding and write it directly. The decoding support was already added in ps, and the integration and improvement of this feature will slowly come in next releases, as it fits into the retro-r2 plan and has been a long awaited feature by the rom hacking scene. Kudos @gogo2464 for that stuff!

Reverse Shell

Do you need to get access to a shell on a machine under nat or firewall? Try out the new =r command! it will take the host:port as argument and try to connect there to expose an r2 shell. This was implemented to get a shell in the GHA CI to debug an issue, but I guess this feature could have more uses :)

Other Improvements

Analysis

• Allow to analyze bigger functions by reducing the stackframe usage and using anal.depth better
• Reclassify some AVR instructions away from SWI

Assembler

With the aim in mind to cook gameboy roms with just rasm2, the assembler directives have been documented in the help message and manpage, the .fill one now works with only 1 parameter.

• Improve .fill and rasm2 -hh with documented directives
• Refactor and cleanup the z80 assembler

bin

• Faster mach0 and dyldcache parsers
• Fix iCj for mach0

build

• Fix a credentials downgrade problem in Install.sh
• Introduce w32 and w64 in the CI
• Add Windows ZIP in the CI (#18310)
• Assign radare2 binr target
• Support statically linking system OpenSSL
• Define PYC_ROOT and WASM_ROOT (#18290)

shell

• Add print, println, and placeholder for printf and printfln