r2 /bin/true
[0x08049A80]> s 0
[0x08048000]> cf /bin/true
Compare 512/512 equal bytes
SDB
SDB stands for String DataBase. It's a simple key-value database that only operates with strings created by pancake. It is used in many parts of r2 to have a disk and in-memory database which is small and fast to manage using it as a hashtable on steroids.
SDB is a simple string key/value database based on djb’s cdb disk storage and supports JSON and arrays introspection.
There’s also the sdbtypes: a vala library that implements several data structures on top of an sdb or a memcache instance.
SDB supports:
• namespaces (multiple sdb paths)
• atomic database sync (never corrupted)
• bindings for vala, luvit, newlisp and nodejs
• commandline frontend for sdb databases
• memcache client and server with sdb backend
• arrays support (syntax sugar)
• json parser/getter
Usage example
Let's create a database!
$ sdb d hello=world
$ sdb d hello
world
Using arrays:
$ sdb - '[]list=1,2' '[0]list' '[0]list=foo' '[]list' '[+1]list=bar'
1
foo
2
foo
bar
2
Let's play with json:
$ sdb d g='{"foo":1,"bar":{"cow":3}}'
$ sdb d g?bar.cow
3
$ sdb - user='{"id":123}' user?id=99 user?id
99
Using the command line without any disk database:
$ sdb - foo=bar foo a=3 +a -a
bar
4
3
$ sdb -
foo=bar
foo
bar
a=3
+a
4
-a
3
Remove the database
$ rm -f d
So what ?
So, you can now do this inside your radare2 sessions!
Let's take a simple binary, and check what is already sdbized.
$ cat test.c
int main(){
puts("Hello world\n");
}
$ gcc test.c -o test
$ r2 -A ./test
[0x08048320]> k **
bin
anal
syscall
debug
[0x08048320]> k bin/**
fd.6
[0x08048320]> k bin/fd.6/*
archs=0:0:x86:32
The file corresponding to the sixth file descriptor is a x86_32 binary.
[0x08048320]> k anal/meta/*
meta.s.0x80484d0=12,SGVsbG8gd29ybGQ=
[...]
[0x08048320]> ?b64- SGVsbG8gd29ybGQ=
Hello world
Strings are stored encoded in base64.
More Examples
List namespaces
k **
List sub-namespaces
k anal/**
List keys
k *
k anal/*
Set a key
k foo=bar
Get the value of a key
k foo
List all syscalls
k syscall/*~^0x
List all comments
k anal/meta/*~.C.
Show a comment at given offset:
k %anal/meta/[1]meta.C.0x100005000
Dietline
Radare2 comes with the lean readline-like input capability through the lean library to handle the command edition and history navigation. It allows users to perform cursor movements, search the history, and implements autocompletion. Moreover, due to the radare2 portability, dietline provides the uniform experience among all supported platforms. It is used in all radare2 subshells - main prompt, SDB shell, visual prompt, and offsets prompt. It also implements the most common features and keybindings compatible with the GNU Readline.
Dietline supports two major configuration modes : Emacs-mode and Vi-mode.
It also supports the famous Ctrl-R reverse history search. Using TAB key it allows to scroll through the autocompletion options.
Autocompletion
In the every shell and radare2 command autocompletion is supported. There are multiple modes of it - files, flags, and SDB keys/namespaces. To provide the easy way to select possible completion options the scrollable popup widget is available. It can be enabled with scr.prompt.popup, just set it to the true.
Emacs (default) mode
By default dietline mode is compatible with readline Emacs-like mode key bindings. Thus active are:
Moving
• Ctrl-a - move to the beginning of the line
• Ctrl-e - move to the end of the line
• Ctrl-b - move one character backward
• Ctrl-f - move one character forward
Deleting
• Ctrl-w - delete the previous word
• Ctrl-u - delete the whole line
• Ctrl-h - delete a character to the left
• Ctrl-d - delete a character to the right
• Alt-d - cuts the character after the cursor
Killing and Yanking
• Ctrl-k - kill the text from point to the end of the line.
• Ctrl-x - kill backward from the cursor to the beginning of the current line.
• Ctrl-t - kill from point to the end of the current word, or if between words, to the end of the next word. Word boundaries are the same as forward-word.
• Ctrl-w - kill the word behind point, using white space as a word boundary. The killed text is saved on the kill-ring.
• Ctrl-y - yank the top of the kill ring into the buffer at point.
• Ctrl-] - rotate the kill-ring, and yank the new top. You can only do this if the prior command is yank or yank-pop.
History
• Ctrl-r - the reverse search in the command history
Vi mode
Radare2 also comes with in vi mode that can be enabled by toggling scr.prompt.vi. The various keybindings available in this mode are:
Entering command modes
• ESC - enter into the control mode
• i - enter into the insert mode
Moving
• j - acts like up arrow key
• k - acts like down arrow key
• a - move cursor forward and enter into insert mode
• I - move to the beginning of the line and enter into insert mode
• A - move to the end of the line and enter into insert mode
• ^ - move to the beginning of the line
• 0 - move to the beginning of the line
• $ - move to the end of the line
• h - move one character backward
• l - move one character forward
Deleting and Yanking
• x - cuts the character
• dw - delete the current word
• diw - deletes the current word.
• db - delete the previous word
• D - delete the whole line
• dh - delete a character to the left
• dl - delete a character to the right
• d$ - kill the text from point to the end of the line.
• d^ - kill backward from the cursor to the beginning of the current line.
• de - kill from point to the end of the current word, or if between words, to the end of the next word. Word boundaries are the same as forward-word.
• p - yank the top of the kill ring into the buffer at point.
• c - acts similar to d based commands, but goes into insert mode in the end by prefixing the commands with numbers, the command is performed multiple times.
If you are finding it hard to keep track of which mode you are in, just set scr.prompt.mode=true to update the color of the prompt based on the vi-mode.
Visual Mode
The visual mode is a more user-friendly interface alternative to radare2's command-line prompt. It allows easy navigation, has a cursor mode for selecting bytes, and offers numerous key bindings to simplify debugger use. To enter visual mode, use V command. To exit from it back to command line, press q.
Navigation
Navigation can be done using HJKL or arrow keys and PgUp/PgDown keys. It also understands usual Home/End keys. Like in Vim the movements can be repeated by preceding the navigation key with the number, for example 5j will move down for 5 lines, or 2l will move 2 characters right.
print modes aka panels
The Visual mode uses "print modes" which are basically different panel that you can rotate. By default those are:
↻ Hexdump panel ->Disassembly panel → Debugger panel → Hexadecimal words dump panel → Hex-less hexdump panel → Op analysis color map panel → Annotated hexdump panel ↺.
Notice that the top of the panel contains the command which is used, for example for the disassembly panel:
[0x00404890 16% 120 /bin/ls]> pd $r @ entry0