The Wayback Machine - https://web.archive.org/web/20191220125750/https://github.com/nowsecure/r2frida
Skip to content

/r2frida

Radare2 and Frida better together.
frida radare2 ios-security android-security static-analysis dynamic-analysis
JavaScript C Makefile Batchfile C++ Rebol Shell
  1. JavaScript 74.6%
  2. C 18.8%
  3. Makefile 4.0%
  4. Batchfile 0.8%
  5. C++ 0.8%
  6. Rebol 0.6%
  7. Shell 0.4%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

@renovate @trufae
renovate and trufae Update dependency frida-compile to v9.1.0 (#201)
Latest commit 66da517 Dec 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Attic Update dependency r2pipe to v2.8.0 (#202) Dec 4, 2019
dist Proper 3.9.0 release with upgraded Frida Sep 20, 2019
ext Add swift-frida as a submodule Jul 31, 2019
plugins Add support for CModule via '\. foo.c' Sep 17, 2019
src src/agent/index.js: Modified to get the correct symbols for Windows (#… Nov 14, 2019
testsuite Add test for dlopen and search Apr 18, 2019
.gitignore Add swift-frida as a submodule Jul 31, 2019
.gitmodules Add swift-frida as a submodule Jul 31, 2019
.travis.yml Enable Travis builds Mar 21, 2019
LICENSE Bring back the old r2frida into the Attic Sep 14, 2016
Makefile Release r2frida-4.0.0 - Ready for frida-12.7.14 + r2-4.0.0 Oct 28, 2019
README.md Fix Travis badge Jun 30, 2019
autogen.sh Add configure script to check dependencies Feb 22, 2017
build.bat Upgrade to Frida 12.6.23 Sep 5, 2019
config.mk.acr Reduce the amount of hardcoded version numbers Sep 12, 2018
configure Release r2frida-4.0.0 - Ready for frida-12.7.14 + r2-4.0.0 Oct 28, 2019
configure.acr Release r2frida-4.0.0 - Ready for frida-12.7.14 + r2-4.0.0 Oct 28, 2019
ld.script Add ld script to make a smaller plugin May 2, 2018
nowsecure.r2 asm.emustr -> emu.str May 3, 2018
package-lock.json Update dependency frida-compile to v9.1.0 (#201) Dec 4, 2019
package.json Update dependency frida-compile to v9.1.0 (#201) Dec 4, 2019
r2frida.png Swap r2frida logo Apr 9, 2019
renovate.json Add renovate.json Mar 21, 2019

README.md

r2frida

Radare2 and Frida better together.

Build Status

logo

Description

One of the main aims of the radare project is to provide a complete toolchain for reverse engineering, providing well maintained functionalities and extend its features with other programming languages and tools.

Frida is a dynamic instrumentation toolkit that makes it easy to inspect and manipulate running processes by injecting your own JavaScript, and optionally also communicate with your scripts.

For more information about those projects:

Installation

In GNU/Debian you will need to install the following packages:

$ sudo apt install -y make gcc libzip-dev nodejs npm curl pkg-config git

The recommended way to install r2frida is via r2pm:

$ r2pm -ci r2frida

But you can always follow the standard way in here:

$ git clone https://github.com/nowsecure/r2frida.git
$ cd r2frida
$ make
$ sudo make install

On Windows:

  • Make sure you have these installed:
    • Visual Studio 15 or later
    • npm
    • Cygwin or MSYS2
  • Open a Command Prompt in the r2frida folder and run:
[Visual Studio Path]\VC\Auxiliary\Build\vcvarsall.bat [Your arch]
.\build.bat install

Usage:

r2frida is used from r2 by specifying a process name:

$ r2 frida://Twitter

Or a PID:

$ r2 frida://1234

Or the absolute path of a binary to spawn:

$ r2 frida:///bin/ls

also with arguments:

$ r2 frida://"/bin/ls -al"

Alternatively also with a device ID that you retrieved through frida-ls-devices:

$ r2 frida://device-id/Twitter

you can spawn an app on the device too, with an extra / and the package name (you can retrieve package names with frida-ps):

$ r2 frida://device-id//com.atebits.Tweetie2

V8/JIT

In r2frida, the V8 runtime is enabled by default, set this variable to use duktape instead of v8:

$ export R2FRIDA_DISABLE_V8=1

Pros: it's faster, supports ES6 and you can use the chrome tools to debug and run javascript in the agent side. Cons: requires JIT permissions, so it's not working on all the iOS versions. Only on newest.

In case the target operating system doesnt supports RWX pages, frida-agent will fallback to duktape, so it's recommended to check the Script.runtime variable that is also available in the \i r2frida command.

Once the agent is running you can run the d. command to start the chrometools debugger, after this load this URL in your Google Chrome:

chrome://inspect

Termux

If you are willing to install and use r2frida natively on Android via Termux, there are some caveats with the library dependencies because of some symbol resolutions. The way to make this work is by extending the LD_LIBRARY_PATH environment to point to the system directory before the termux libdir.

$ LD_LIBRARY_PATH=/system/lib64:$LD_LIBRARY_PATH r2 frida://...

To debug plugin loading problems use the following environment variable and grep for frida:

$ R_DEBUG=1 r2 -

Design

 +---------+
 | radare2 |      The radare2 tool, on top of the rest
 +---------+
      :
      :
+-----------+
| io_frida  |     r2frida io plugin
+-----------+
      :
      :
 +---------+
 |  frida  |      Frida host APIs and logic to interact with target
 +---------+
      :
      :
  +--------+
  | target |      Target process instrumented by Frida and Javascript
  +--------+

Credits

This tool has been developed by pancake aka Sergi Alvarez for NowSecure.

I would like to thank Ole André for being so nice answering and fix bugs in Frida without those patches that would not be possible.

You can’t perform that action at this time.