Radare2 – Dissecting ‘Hello World’

Lately on reddit’s programming there’s been some news about Radare2, a reverse engineering tool that seems to be able to dissect and manipulate all kinds of files.

The tool can be used on compiled binaries to follow and understand the flow of execution and viewing resources embedded in files.

You can write plain text or binary data like hex constants and CPU instructions right into binaries.

On Debian you can get it by installing the package radare2.

Let’s see it in action with an example of how to change a classical Hello World to a Hello Buddy.

We will compile a binary from this code with gcc:

#include <stdio.h>

int main() {

        printf("Hello World");
        return 0;
}

Compile:

gcc -O2 hello.c -o hello

Running the program we get:

./hello
Hello World

Start Radare2 and tell the program that we want to be able to write to the file (-w):

r2 -w hello

Seek to the beginning of the file using the command s:

s 0

Search for the text “hello” in lowercase with /i:

0x00000000]> /i hello
Searching 5 bytes from 0x00000000 to 0x00001a30: 68 65 6c 6c 6f 
hits: 2
0x000005b4 hit2_0 "Hello Wo
rld"
0x00001128 hit2_1 "hello.c"

The program found two occurrences of “hello”.

Let’s seek to the one called hit2_0:

s hit2_0

Now we are at the position of the text we want to change and we can change it with the command w.

w Hello Buddy

All done. Exit the program with CTRL-d and let’s run our executable.

./hello
Hello Buddy

Nice!

It’s no coincidence that both strings “Hello World” and “Hello Buddy” have the same amount of characters. When replacing a string in packed data you should repla

ce it with a string that has the same length to not upset the order of the data.

The official Radare2 book is easy to follow along for a programmer. The book gives you a good taste of what the tool can do and shows you the fundamentals of how to use it.

They also have a challenge that let’s the user crack a binary file with a password protection.

Leave a Reply

Your email address will not be published. Required fields are marked *