6.1.0

Release Notes

Codename: The Low Table
Version: 6.1.0
Previous: 6.0.8
AbiDiff: 54-70 (16)
Commits: 346
Contributors: 24

curl -Ls https://github.com/radareorg/radare2/releases/download/6.1.0/radare2-6.1.0.tar.xz | tar xJv
radare2-6.1.0/sys/install.sh

Highlights

More details

Authors

Abhi Ahmethan G. Alberto Marnetto Antoni Viciano Carl Smedstad Charloitte Daniel Nakov Hakal Ignacio Sanmillan Marc R. Oblivionsage Oblivionsage Priyanshu Kumar Quentin Kaiser Zhichen Wu astralia aviciano condret dnakov pancake pancake pancake potato satk0

Changes

abi

• Reimplement RBufRef on top of RRef
• Fix the RLibDelHandler api

analysis

• Delete stale JAY code. wasnt used in 10 years
• Use invalid_page in aap, fixes another slow CI test
• Improve the invalid page check to speedup /azs
• Break aac when io fails or its not even executable
• Make use of the cmp value for jmptbl size, this was dead code before
• Better integration of plugins in the analysis pipeline
• Use RRef instead of custom refcounting in RAnalBlock -26LOC
• Add anal.jmptbl.split option to experimentally solve the missing cases
• Fix infinite loop in the jump table with shared basic blocks
• Fix #5136 - Add anal.jmp.pair to flatten consecutive inverse branch antidisasm tricks
• Add time_t type definition with size specification
• Handle CS_AC_READ_WRITE in the x86 cs plugin
• Honor op.ptr references in /re for x86 only
• Add plugin to import traces from DRCOV logs
• Rewrite RCore.seekOpForward for the better
• Better autoname filtering chars with RName apis
• Introduce afnq refactor afn into a separate helper
• Improve better fastpath function autoname
• Rewrite RCore.seekOpBackward for the better
• • Rewrite RCore.seekOpBackward for the better
• Move core.sixref plugin to anal.six
• RAnalCmd now returns a string instead of bool

api

• Add the new RNum.getErr helper
• Enforce non-null compile-time check for R_NEW and R_NEW0
• Single RConsVisual.readline helper used everywhere
• Introduce the new R_QUIET_FAIL for fast path asserts

arch

• Update from binutils the ARC disassembler from 2009 to 2026
• Use RStrBuf instead of the unsafe sprintf in the rv disassembler
• Use refcounted RArchSession
• Fix incorrect plugin references in RLibStruct structures
• Dont use strcpy/strcat or globals in xap disassembler
• Fix typos in the java opcode tables

asm

• Implement the asm.pseudo plugin for dotnet's CIL
• Add support for camelcase disasm syntax
• Add ARC pseudo plugin and update opcode descriptions
• Fix #25232 - x86asm for sil,dil,spl,bpl
• Fix x86 assembler accepting invalid register names like r1

bin

• Extend iH to return a string and permit multiple formats
• Import function signatures and types definitions from DWARF
• Fix arch hints for cil/x64 binaries and its tests
• Extend the CIL detection for Mono exe/dll
• There's no need for a PE to have a certificate
• Fix resource leaks in NE format parser
• Implement iz. izj. and izq. to show string in current address
• Add izzc and izzzc commands to count raw strings
• Fix leaks and other bugs in the LE format parser
• Implement izjq and its alias izqj
• Add bounds check for MDMP comment stream size
• Disable the xtr.dyldcache, fix a crash and other XXX in xnu.kernelcache
• Count and pagination of iz strings listing commands
• Add iz+ command
• Extend iz- command to accept length and type
• Fix endian-unsafe struct read in LE reloc parsing
• Add support for ARM64's GLOB_DAT ELF reloc types
• Fix code_length bounds check in Java class parser
• Replace eprintf with R_LOG in Java class parser
• Use actual data_size for MDMP comment streams
• Expose RTM revision version information from minidumps (mdmp)
• Fix #25382 - Open Limit chained fixup loop iterations in le reloc parsing
• Expose macho imports as vectors
• Use RVec for the ELF imports
• Priorize the use of RVec for RBinImports
• Ten times less memory use when loading DEX
• Fix some other bugs and memory leak in izz
• Remove deprecated addrline storage and fallback code paths
• Clamp MZ sections with file size
• Fix #25209 - Ensure we have enough data to read in mdmp
• Generalize imports cache for performance
• Support the Apple C4000 Baseband firmware (gns1)
• Fix memory leak in zimg plugin
• Fix memory leak in bflt plugin
• Zero copy string handling in swift demangler and remove one global
• Cache the has_nx value in the elf to parse it once
• Extract NX information for QNX ELF binaries
• Fix memory leak in PE parser
• Fix #25277 - oobread by one in the OMF parser
• Rework bin.xtac to fix tainted, memleaks and BE
• Fix memory leaks in Java binary parser
• Fix memory leaks in MDMP plugin and RBinMem
• Fix memory leaks in the som parser
• Fix #25248 - memory leak in MDMP parser
• Fix memory leaks in QNX binary parser
• Fix memory leak the SOM import parser
• Optimize symbol loading
• CUBINs are ELF based on EM_CUDA
• Lazily compute the PE autentihash once + add missing muta hash plugins
• Use RMutaBind in the PE plugin
• Use RMutaBind in RBin too, replace r_hash calls in macho
• Rename r_bin_command to r_bin_cmd
• Refactor the bflt code, more cleanup and minor reloc improvements
• Support non-arm bflt executables
• Fix reloc native types for mach0
• Expose more native reloc types
• Expose the reloc type for REL binaries
• Add support for records and invoke dynamic in java
• Add support for ACC_HIDDEN Java classes

build

• Cydia builds use rootless prefix and target arm64
• Inform the user about the command to run as sudo in sys/install.sh
• Fix to meson without any zip dependency, not even otezip
• Specify arm64e to please Sileo packages
• Fix r2_fortunes path inconsistency in meson.build
• Initial support for third party plugins
• Move shlr/ar into libr/io/p/ar
• Replace bundled libzip+zlib with otezip (-55kLOC)
• The csnext job now tests libuv and no-undefined
• Disable debug log statements in release builds

ci

• Fix #25179 - Merge the csnext and ssl jobs

cons

• Fix #17391: preserve UTF-8 in graph output
• Remove repeated spaces in hud lines
• Fix the color palette propagation problems via rcorecmdstr

core

• Add more guards to make background tasks more predictible
• Fix #25374 - Convert RLib->plugins_ht to a per-type array of hashtables

crash

• Fix a double free in r_str_replace_icase
• Fix stale pointer used when temporal blocksize changes
• Fix overflows array oobread index in intervaltree
• Fix negative index used in *r_anal_function_get_var
• Fix overflows return value in io.dsc
• Fix another integer overflow in bin_pelf
• Fix oobread caused by integer overflow in kernelcache
• Fix integer bug in dotnet getname causing oobread
• Fix two oobwrite bugs in canvas_resize
• Fix two integer overflows in RCore.getBoundariesProt
• Fix untrusted loop bound, integer overflow and oobread bugs in bin_pef.c
• Fix uaf in /m
• Fix integer overflow in the wfs command with large files
• Fix zero and size_t multiplication overflow UB issues in rvec
• Fix oobwrite in visual write commands and oobread pascal demangler
• Fix UB cast in container_of macro
• Sanitize function names in afl* to avoid command injection
• Fix UAF in RBin.ELF.fini
• Sanitize callconv in fcn_print_detail output
• Fix iter page underflow in le parser
• Fix integer overflow bug in r_cons_print and r_cons_write
• Fix #25338 - Out-of-bounds read in the NSO parser
• Fix #25336 - integer underflow in QNX parser
• Fix use-after-free in LE/LX reloc parsing
• Fix possible argument injection vuln in the swift demangler
• Fix #25290 - ELF extended phnum allocation check
• Sometimes the webserver calls this function with null command
• Fix otezip UB and incorrect java boundary check
• Fix heap buffer overflow in SPP processor
• Fix core plugin initialization order
• Fix #25212 - oob read in r_str_len_utf8
• Fix potential overflows in snprintf for cmd_mmc according to codescan
• Fix potential uaf in gdbclient/responses.c
• Fix the space for the null byte in seven.c

debug

• Fix #2079: Add source line breakpoints
• Implement native breakpoints support for XNU/ARM64
• Use RMutaBind in RDebugSnap
• Implement print fpu registers for linux-arm/arm64

diff

• Resolve 6 TODO comments from xpatch

disasm

• Support overlapped strings in the disassembly listing
• Do not emit Color_RESET in disasm loop when scr.color=0
• Improve auto-string comments in disasm
• Honor RMeta string size in 'str' flags
• Fix #680 - Keep :NN suffix in symbol substitution

esil

• Extend emulation support for x86 FPU

fs

• Fix #16396 - add mlx to list deleted files only for FAT
• Fix #19411 - Handle r2 alias for 'open'
• Move shlr/grub into libr/fs/p/grub

hash

• Fix #13937: rahash2 -R sdb output

http

• Fix the webserver when sandbox is enabled

io

• Fix #15699 - Add SREC file format su...

6.0.8

Release Notes

Codename: CleanWheat
Version: 6.0.8
Previous: 6.0.7
AbiDiff: 39-54 (15)
Commits: 291
Contributors: 11

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.8/radare2-6.0.8.tar.xz | tar xJv
radare2-6.0.8/sys/install.sh

Highlights

More details

Authors

Copilot Francesco Tamagni Ole André Vadla Ravnås Ole André Vadla Ravnås dependabot[bot] pancake pancake pancake potato qz satk0

Changes

abi

• Migrate r_vector to RVec in core, anal, io, and other components

analysis

• Unify redundant state vars in type propagation
• Use faster data structures for caching data for type propagation
• Remove anal.a2f and the a2f core plugin, it's in anal already
• Conver the blaze analysis from core into an analysis plugin
• Make the leading double lowerdash in symbols irrelevant
• Fix aaef corrupting files in write mode by routing ESIL writes to IO overlay
• Fix analysis command plugin listing 'a:?'
• Add test for type propagation after manual aei
• Move and improve type propagation as a plugin
• Compute with memoization the amount of refs in functions
• Fix null asserts in the 'ap' command and handle prelude binmask
• Resolve gp-relative jump tables for MIPS
• Fix function arg name counting

arch

• Fix #25037 - Support to assemble the 'enter' instruction for x86
• Support AT&T syntax in x86 disassembly and ESIL generation
• • Simplify x86 operand handling by removing find_*op helpers
• Heavily refactor and improve the z80 plugin
• Fix bugs in the z80 assembler and disassembler
• Expose rbin metadata for dotnet in disasm
• Initial support for CIL disassembler and assembler
• Execute delay-slot instructions in branch instructions and fix gp alignment

bin

• Fix support for Java class loading
• Add kernelcache test and simplify rbuf reference issues
• Emit demangled class names even if demangled is disabled
• Remove rvector calls away from the elf
• Use RVec in machos
• Remove globals from the python plugins
• Fix the swift demangling tests with trylib=false
• Discard unaligned strings with bin.str.align option
• Use the arena allocator and fix memory leaks in the dwarf parser
• Fix demangling bombs honoring the maxsymlen option
• Fix xrefs in apk:// rebase getoffset() with RBinFile.getVaddr()
• Implement .types for the PDB plugin
• Fix multidex apk:// rebasing
• Add rbinplugin types (experimentally used only for dotnet)
• Set RBinClass origins where possible
• Add the class origin field
• Fix #24989 - ARM RPI2 PE identification
• Fix leaks, rm globals and other cleanups for PDB
• Improve the objc parser boundary checks, find more refs
• Mark cil methods with anal arch hints
• Improve AARCH64 relocation support for ELF
• Initial working support for .NET PE assemblies
• Implement the RBin.pdb plugin
• Fix partial ARM instructions relocs for ELF
• Properly inform about why an ELF is not stripped

build

• Also use -Oz in sdk-common.sh
• Omit third-party asserts during SDK builds
• Build SDKs without runtime checks
• Update the rpm package
• Build xcframework with frameworks
• Fix libr.dylib exports on Apple OSes
• Fix and tune the xcframework sdk
• Improvements on the SDK compilation for apple targets
• Fix sys/install.sh for busybox environments

ci

• Build less wasis in PRs
• Use ./configure -qV instead of sys/version.py
• Add XCFramework builds in the release pipelines
• Switch to macos15 because older ci runners are not available

cons

• Make the bluy theme really bluish
• Refresh palete when needed only, fix 'ec' calls from RCore.cmdStr
• Better color limit checks with TERM
• Respect the TERM envvar, only for colors for now
• Reset command switch the terminal mode to ASCII

core

• Improve abiversion warning messages

crash

• Fix uaf bug in apple kernel/dyld-caches spotted by scan cov
• Fix off by one write in the set regprofile function
• Fix oobread in dmh with glibc and uaf in magic command
• Fix UAF in the pdb deinit process
• Fix a couple of recent integer overflows in PE
• Fix oobwrite segfault in dotnet parser
• Fix oobwrite in r_strbuf_append_n
• Dont depend on global cons instance for win_is_vtcompat
• Avoid rbinfiles to UAF if the rbin plugin associated is unloaded
• Fix oobread crash in dotnet parser
• Fix null deref in the p9 parser
• Check for abiversion before loading plugins
• Fix buffer overflow in PE parsing imports and symbols
• Fix UB overlapped memcpys in iomaps
• Fix infinite loop in the mach0 relocs parser
• Fix near-infinite loop in the objc parser eating lots of memory
• Fix infinite loop in r_core_anal_type_match
• File paths with the curl backend must escaped as TMPDIR poisoned for command injection
• Fix an OOB by one in the rap server and better error checking
• Fix system command injection via RSocket.get/post headers when using curl
• Use RSocket.download from idld to fix command injection
• Check the vec reserve before emplacing it back

debug

• Fix radare2 gdb remote debugging support and add test
• Detect and warn when setting overlapped breakpoints
• Implement 'dga' to coredump all maps
• Fix r_str_scanf parsing bug and dg coredump on linux-x64

disasm

• If arch isvm lower varmin to zero
• Implement the scr.rainwbow.regs option
• Fix scr.color.regs when scr.color.ops is false
• Fix colorized ops with byte colors when scr.color.ops=false
• Add register rainbow coloring support
• Add asm.cmt.strings to disable aop.ptr strings

esil

• Replace chevron operators with LSL, LSR, ASR, ROL

fs

• Sort apfs files by name instead of randomly depending on a hashtable
• Implement support for reading files in apfs mountpoints
• Retrieve the file sizes in the apfs filesystem
• Add support for BSD DiskLabel partitions
• Initial support for the Apple FileSystem
• Add support for APM (PMAP) Apple Classic partitions
• Add support for EBR partitions (keep MBR support)
• Initial support for GPT partition tables

hash

• Fix r_hash_tostring using update/end properly

http

• Add APIs to register sessions

io

• Implement the tap:// io plugin for simh tape images
• Enable rawio by default
• Add support for pipe fifo files with 'r2 <(uname)'

muta

• Port all charsets from r_charset to rmuta via charset plugins

panels

• Fix multiple layout settings

perf

• One more strbuf reserve and unnecessary uses of it
• Reduce strbuf drains by removing the slack area

print

• Removing pf, pf2 is the new pf
• • Refactor print formatting to improve handling of structs, arrays and pointers
• Refactor print formatting to improve handling of structs, arrays and pointers

shell

• Implement the @@@m:perm foreach operator
• Fix column width in 'ls'
• Fix column width in 'ls' output
• Load fortune messages from directories
• Fix #24914 - Refactor and improve 'sf' command
• Add support for ${pal:} themed colors in scr.prompt.format

socket

• Handle SOCKET_HTTP_MAX_REDIRECTS in the curl codepath
• Support binary data downloads via RSocket.get
• Implement RSocket.download as a wrapper for get+dump

tests

• Add SKIPONASAN option for r2r to avoid a dmh test to fail
• Display short test paths if possible
• Check and display libr version with r2, r2r and rasm2 are the same bin with libs

tools

• Honor R2_COLOR env var from rabin2
• Implement -hh for rabin2 and rasm2
• Include abiversion in -v and -V
• Add JSON support to rafs2
• Add R2_DOCDIR and R2PM_DOCDIR variables
• Add missing rahash2 in blob/main
• Implement rasm2 -LL to list the parse plugins
• Fix error code for 'rasm2 -a invalid nop'

types

• Update scanf and wscanf function signatures to reflect variadic arguments
• Implement typedef union and enum parsing in KVC parser

util

• Fix RBuf design lifetime issues
• Improve r_str_rwx to parse the shar bit
• Sperm bit handled in the helper
• Use logaritmic capacity grows in strbuf
• Continue improving the arena api

visual

• Colorize perm field in iS, dm, dmm and om
• Some better organization sub-visual modes (TAB)
• Add scr.vprompt.format

wasm

• Update to use the latest wasi-sdk-29.0
• Add wasi-browser using wasm-imports

6.0.7

Release Notes

Codename: "sixseven"
Version: 6.0.7
Previous: 6.0.6
AbiDiff: 39-39 (0)
Commits: 4
Contributors: 2

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.7/radare2-6.0.7.tar.xz | tar xJv
radare2-6.0.7/sys/install.sh

Highlights

More details

Authors

pancake pancake

Changes

shell

• Fix parsing r2 -H$(VARNAME) without a space

6.0.6

Release Notes

Version: 6.0.6
Previous: 6.0.4
AbiDiff: 24-39
Commits: 331
Contributors: 28

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.6/radare2-6.0.6.tar.xz | tar xJv
radare2-6.0.6/sys/install.sh

Highlights

More details

Authors

0verflowme Abhi Edoardo Mantovani Eduardo Novella Ignacio Sanmillan Luc Schrijvers MiKi Miquel S. Nikesh Chavhan Pau RE Priyanshu Kumar Quentin BUATHIER Quet Zal Sagittarius-a Sverker Sverker Berggren System Administrator astralia dependabot[bot] dominikfhnw google-labs-jules[bot] gum3t pancake pancake pancake potato qz vicky-dx

Changes

abi

• The old RStr.pad() is now replaced by pad2

analysis

• Use code/call/data refs to find shortest flow path
• Improved support for anal.timeout
• Handle more arm64 jump tables
• Expose the ptrsize on more arm LOADS
• Handle more cjmp instructions for loongson
• Fallback to recursive esil for too sparse functions
• Dont change blocksize when running afva
• Properly expose the ADD imm on arm64
• Some more consistency fixes for arm
• Fill the op.val on arm64 CMP instructions
• Fix #24712 - p8fm mask size mismatch for instructions longer than 8 bytes
• Add comprehensive ROP gadget tests for ARM32/ARM64/x86-64
• Fix duplicate xrefs in axff output
• RThreads use 8MB of stack instead of 1MB

analysys

• Expose the LOAD size for arm64 LDR ops

api

• Implement simple arena memory allocator
• CoreBind getI must resolve ut64
• RCoreHelp should take a const string as argument

arch

• Fix wasm opsize read issue
• Assemble msub, str and stur ARM64 instructions
• Support encoding ex9.it, ifret and ifcall nds32 instructions
• Add register alias names for nds32
• Throw more ESIL and pseudo for nds32 instructions
• Add support for v1/v2/v3 sBPF bytecode standards
• Describe all instructions for the COSMAC architecture
• Support assembling the 'notrack' r{jmp|call} prefix for x86-64
• Implement x86 assembler for pushfq/popfq and fix cwde
• Fixed registers name for NDS32
• Initial import of the hppa pseudo parser
• Add HPPA disassembler database with instruction descriptions
• Add the instructionset documentation for nds32
• Initial import of the nds32 pseudo parser
• Fix #17637 - ARM64 variable substitution in address calculation instructions
• Fix #15947 - Compound assignments for the ARM64 pseudo
• Support asm.pseudo for the x86 BMI1 instructions
• Assemble the BMI1 instructions for x86-64
• Fix pseudocode for arm64 movk instruction
• Add more arm32 instruction descriptions
• Assembler movsz and movzx for x86-64
• Add support for ghost nops for x86-{32,64}

asm

• Fix #24824 - Use asm.imm.base for ATT syntax
• Custom float directives for rasm2
• Add Floating Point profiles for VAX, CRAY, IBM370 and more
• Support signed and unsigned directives in rasm2
• Initial support for the .db .dw .dd .dq rasm2 directives
• Eliminate RAsmOp and just use RArchOp
• Unify asm_massemble and add asm.spp into asm_assemble
• Implement r_asm_plugin_remove
• Fix #19171 - movaps assembly with xmmword size specifier

bin

• Expose sBPF version via asm.cpu and support rebaseable relocations
• Keep up parsing TPI leaves and support PDBs larger than 64KB
• Initial support for HPPA / SOM binaries
• Fix parsing TLS entrypoints in PE64
• Fix swift demangling on Linux
• Add missing e_machine EM_486
• Support large fat machos > 4GB
• Add the eeprom category for symbols
• Fix stripped detection for some ELFs

build

• Remove static builds from release
• Remove arm64 linux crosscompile
• Cancel old workflow executions
• Make pkgConfig unnecessary with R2_CFLAGS|R2_LDFLAGS to r2/r2pm -H

cons

• Fix null deref in windows when process received ^C
• Fix multi-byte character support in panels and graphs
• Clean some code and fix visual wrap regression
• Fix blinking prompt on windows dietline
• Refactor the drain csi escape codes logic
• Fix dietline bug on Windows causing SUPR key to quit
• Replace fixed line limit with adaptive page-based limit
• Fix #1973 - line counting for large output
• Fix hud large filter, resize refresh, fix ansi text wrap
• RCons.less should act as cat in non-interactive mode

core

• Initial redesign of the RCoreTasks to support fork and thread jobs

crash

• Fix oobwrite bugs spotted by clang-analyzer
• Fix buffer ovf at r_str_scale
• Fix null deref in '?$' and '$o' when no RBinObject
• Fix null format in 'fa' command
• Prevent the :::infinite but interruptable command
• Fix #24813 - null deref in xnu kernelcache
• Fix oobread in the command parser
• Fix two DoS bugs in the iso9660 parser from grub
• Fix assert on windows when opening a file that doesnt exist
• Fix race condition in thread_kill
• Ignore bad bin plugins with null section/symbol names
• Fix recurive r2ai calls with failed rc
• Fix #24748 - Avoid double free in pyc parser
• Fix null deref in rasm2
• Fix #24737 - NULL pointer dereference in r_anal_extract_rarg
• Fix null deref crash reported by @astralia during the nn training
• Fix #24661 - null deref in dsc loader
• Fix #24660 - Null deref in NE parser

debug

• Avoid mach exceptions to slip breakpoints by accident
• Add :tls command in mach:// to print the thread info address (not the tls)
• Add :tls command for the w32dbg io plugin
• Fix dd filename handling and add seek reset test
• Add cfg.regnums (false by default) to read register values via rnum
• Fix #14715 - Validate pid argument in cmd_debug_continue function
• Implement extended support for custom floating-point formats in the register subsystem
• Honor special chars in more rsocket profiles
• Fix fuzzy backtrace to show complete call stack with correct SP values
• Add name field to breakpoint JSON list

dev

• Ship the .clang-format file INSIDE the clang-format-radare2 script
• Update for the code-format tooling (introducing clang-format-radare2)
• Introduce the new radare2-format script

disasm

• Fix #17637 - Don't substitute variables while in stack frame setup
• arm32 workaround for resolving function arguments
• Fallback to callconv reg when argument is invalid

doc

• Improve the manpage to markdown parser
• The "man" r2 command now loads other categories
• Install man(3) pages

egg

• Fix #14765 - Include rasm version of the shellcodes and verify them

esil

• Honor cmd.esil.trap when running TRAP or invalid code
• Implement ESIL for the ANDN instruction

flags

• Add fzs for seeking

fs

• Initial support for the BeOS Filesystem (BFS)
• Fix 'mc' for filenames with spaces
• Add automagic detection for more filesystem types
• Audo mount ubifs and make it available for meson
• Miknight Commander improvements (mouse support et al)
• Add Miknight Commander (mmc) dual-panel file manager for r_fs and local filesystem
• Implement get64, set and set64 commands in the fs.shell
• Implement the mkdir command in the fs:shell
• Fix double fs.cwd bug in the "mw" command
• Add 'md+' command to create directories
• Add the new temporal filesystem
• Add new API r_fs_mkdir
• Add rafs2 - radare2 filesystem tool
• Implement filesystem details command (mn) for mounted
• Add test suite for UBIFS filesystem plugin
• Fix #23463 - Add support for UBIFS, add prgr and mis commands
• RFSPlugins expose the cmd interface for m:

io

• Fix and optimize support for blockdevice
• Fix and enable rawio by default (use mmap:// otherwise)
• Fix io.cache truncation bug

json

• Fix bug in pj and another in json_parser when using arrays of raws

lang

• Handle ^C and show stacktrace in RLang.qjs

print

• Add cfg.newpf to run pf2 instead of pf
• Handle help in pp subcommands, fix ppf, refactor pd and add tests
• Make clippy capable of emojis
• Add utf8_display_width api
• Fix #2953 - Handle functions in pxa (not just flags)
• Add support for bf16 in rax2 and pf

projects

• Minor improvements and code cleanup for the old

pseudo

• Implement minimal pseudo for evm

r2pm

• Warn when the package database is older than 2 weeks

rarun2

• Disable read timeout for connect sockets in rarun2

search

• Fix #24812 - JSON output for Rabin Karp
• Fix JSON output for Rabin Karp
• Support JSON output for /s command
• Use 1024 as maximum valid string

shell

• Fix grep in quoted commands
• Add ${relto} and \s handlers for scr.prompt.format
• Handle ${e:EVAR} variables for the scr.prompt.format
• Add vaddr, paddr, r:reg and use corehelp in prompt.format
• Revert "Revert "Parse -h and -H flags before RCore
• Add rc+value in scr.prompt.format
• Handle more help messages for u subcommands
• Initial implementation of scr.prompt.format
• Handle ^D in -j to ...

6.0.4

Release Notes

Version: 6.0.4
Previous: 6.0.2
Commits: 202
Contributors: 18

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.4/radare2-6.0.4.tar.xz | tar xJv
radare2-6.0.4/sys/install.sh

Highlights

More details

Authors

Ignacio Sanmillan Jassim Bahmida Juho Kuisma Murphy Neil Macneale V Ole André Vadla Ravnås Pau RE Sergey Fedorov Takumi Matsuura dependabot[bot] ksen-lin pancake pancake pancake plague-spreader qz simexce simexce

Changes

24517

• Fix

abi

• Remove unused field in RCoreCmd and cfg.newtab

agent

• Register remote sessions when using the r2agent
• Add r2agent -L to list current sessions

analysis

• Simplify string processing in the anal.sbpf plugin
• If target arch is vm-based we may disable nopskip
• Initial import of the a:path plugin
• Fix #23554 - Handle agD subcommands
• Implement sBPF analysis plugin for Rust string resolution
• Add support for dynamic function prefixes
• Pave the road to support dynamic function prefixes
• Index __objc_msgrefs xrefs and parse last ss_selrefs
• Fix objc parsing on 32bit binaries
• Masquerade class bits in objc selector refs
• Handle argument in afci command

api

• Eliminate R_STR_DUP. just use strdup

arch

• Build the analysis plugin in default plugin and other goods for sBPF
• Fix Capstone's SBPF relative jump disasm syntax
• Initial import of the snes.pseudo asm plugin
• Add vax, snes and sbpf instruction definitions
• Add pseudocode plugin for VAX
• Improve the 6502 pseudo disassembler
• Integrate the bpf assembler in the capstone plugin and add tests
• Add support to assemble extended bpf64 instructions
• Implement support to assemble ST/LD classic bpf instructions
• Implement support for ldm/stm for arm32 assembler
• Implement support for 'pld' prefetch load for arm32
• Support umlal and more msr constructions for arm32 asm
• Implement crc32, rdrand and rdseed for x86 assembler
• Add support for lzcnt, tzcnt and popcnt x86-64 assembler
• Fix #7366 - Implement support for shlr/shrx/sarx for x86-64
• Implement support for the 'mrs' instruction in armass
• Fix #10038 - arm32 assembler affected by spaces
• Fix #21211 - support in the assembler more m68k instructions
• Make the m68k assembler available from the gnu plugin too
• Fix #20743 - Assembler for 'bsr eax, dword [4]' on x86_32
• Fix #11611 - Assemble 'call dword[mem32]' for x86_32
• Implement support for bpf pseudocode (alias sbpf)
• Fix arm64 assembler for 'stp x3, x3, [x0, 0x10]'
• sBPF minor fixes and better handling of Solana syscalls in ESIL
• Fix #24520 - Fix arm64 assembler for ldr x0,[x27,0x100]'
• Add one arm16 prelude shared with the gnu plugin
• Initial implementation of the pseudo plugin for msp430

asm

• Use bpf instructions descriptions for sbpf

bin

• Implement reloc 21 for VAX on ELF
• Store rawname in RFlagItem and expose it from RBinName
• Fix the RTTI-specific demangler and add more tests
• Use the quoted r2 commands for perf and avoid command injection
• Fix elf parser hang on malformed PT_DYNAMIC entry
• Fix #24572 - Detect sBPF binaries avoiding early symbol deps
• Enlarge symbol name limits aligned to flag sizes
• sBPF: Add better ESIL modelling and fix R_BPF_64_32 reloc
• Fix XNU kernelcache pointer undecoration logic
• Implement support sBPF ELF binaries
• The _selrefs and _msgrefs are not mandatory to parse objc metadata
• Remove global variable from the ninds plugin
• Remove global state in the RBin.mbn plugin
• Fix #14879 - Initial support for MobiCore MCLF
• Implement XNU IOKit class carving
• Fix JSON encoding of class addresses
• Add RBinClass instance size and type name fields
• Use R_FLAG_NAME_SIZE for class/methods flags

build

• Refactor meson build dependencies
• Initial work towards building for UEFI
• • Fix #22956 - Update acr to adjust the macppc triplet
• Fix preconfigure.bat for some setups
• Add brew recipe in dist/brew

ci

• Bump softprops/action-gh-release from 2.3.2 to 2.3.3

cons

• Respect ROWS/COLUMNS environment variables if defined
• Fix EOF when Control+Backspace is pressed
• Fix the invalid key.f15 error when pressing control+return
• Lookup table for the runes

core

• Initial real thready Core tasks support

crash

• Fix code injection bug in TAB from help
• Fix recent UAF when modifying rawname
• Fix infinite recursion in pvm://

debug

• Fix #24186 - Properly support Aarch64 FPU registers

disasm

• Fix
• Fix #24417 - Add asm.imm.base config variable

doc

• Third round reviewing and updating libr manpages
• Teach AGENTS.md about the laws in r2land
• Reviewing half of the libr manpages
• Autogenerate manpages for all the libraries

egg

• Use the decrypted shellcode wrapper and properly compute its size
• Initial work towards shellcode mangling
• Move all shellcodes into a subdirectory for processing purposes
• Make openbsd shellcode endian safe

flags

• Consider ~ a char to be replaced with "_"
• Initial implementation of autoflagspaces
• Add 'fsr' to the help message
• Implement the r_flag_closest_with_prefix api
• Add API to find the nearest flag inside a flagspace

fs

• Use :lsj/:mdj in the fs.io to pick file size info

http

• Add support for r2pipe client apis over http-post
• Support POST on /cmd
• Webserver config changes happen on every command

io

• Implement the R_IO_SEEK_HOLE
• Fix 'wcf' command for non disk usecases
• One more uri handler check for the double open cfile issue
• Initial import of the process_vm IO plugin

json

• Fix tfj empty object and trailing comma problems

lang

• Disable the vlang plugin, until ready to be updated

projects

• Use the right NUL device on Windows for rvc.git
• Save and restore bit and imm hints in the new projects

r2pm

• Fixed r2pm -ci r2ghidra not running on Windows 11

r2r

• Blind fix for the multi fail handling procedure in r2r

shell

• Add help for the ps subcommands
• Fix percentage in cf logs always showing 0% or 100%
• Bring back the 'is*' command
• Handle '?' in many f subcommands
• Fix #24325 - Another proposal to address this resize loop issue
• Show help for the ? in /a subcommands
• Add r2 -H R2_MANDIR
• Add R2_DEBUG_NOLANG variable to avoid loading RLang plugins
• Autocomplete flags after "f name="
• Add new math operators and sub-expression support for negation operators
• Fix warning in "is,"
• Alias fg/bg/jobs to ease core task usage

tools

• Fix rabin2 -D help like iD help works
• Deprecate -l and update manpage
• Load plugins with r2 -i too (not just scripts)

types

• Ignore include and var args definitions from type deletion
• Refine the core IOKit types
• Add core IOKit types
• Improved function pointer sdb storage and kv parser
• Implement tfc command without arguments listing them all

util

• Implement r_str_pad2 to avoid using the tls
• Clamp udiff scores, align_table allocations and remove dupped code

visual

• More vmatrix wishes pleased
• Fix scrollbar boundaries in vsharp
• Initial import of the vmatrix mode

wasm

• Avoid wasm builds from using long doubles

zignatures

• Implement support for mangled/demangled names

6.0.2 - codename "Relephant"

Release Notes

Version: 6.0.2
Previous: 6.0.0
Commits: 26
Contributors: 4

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.2/radare2-6.0.2.tar.xz | tar xJv
radare2-6.0.2/sys/install.sh

Highlights

Comparsing 6.0.2 with 6.0.0:

• 🛠️ Fix r_event.h install location on meson builds
• 📱 Android flock regression fixed
• 🔧 Fix build when using libuv
• 📄 Implemented RXML DOM API
• 💻 Support for R_X86_64_RELATIVE ELF relocs
• 🚫 Avoid loading files twice on some URI handlers for bin parsing
• 📂 Fixed loading rc scripts from XDG paths
• 📜 Add hexfile:// URI handler
• ⌨️ Support F key shortcuts in the shell
• 📏 Honor underlying IO sizes in psz
• 🧩 Temporary block modifiers: @xc: & @xf:

More details

Contributors

Pasquale Scalise dependabot[bot] pancake pancake

Changes

bin

• Avoid load file twice for bin parsing with some more io uris
• Implement support for R_AARCH64_RELATIVE for ELF imports
• Fix unsupported reloc type 1027 on ELF-x64 binaries

build

• Fix r_event.h installation path

doc

• Updated man page with info on configuration files

io

• Honor underlying io sizes when pulling strings from
• Fix the flock regression on Android
• Fix nocache:// uri handler
• Implement hexfile:// uri handler

shell

• Fix negative fkey in dietline
• Implement @xc: and @xf: temporary block modifiers

tools

• Fix xdg config path ~/.config/radare2/rc and rc.d

6.0.0

Release Notes

Version: 6.0.0
Previous: 5.9.8
Commits: 881
Contributors: 51

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.0/radare2-6.0.0.tar.xz | tar xJv
radare2-6.0.0/sys/install.sh

Highlights

More details

Authors

Adam Satko Amir M. Jahangirzad Antoni Viciano ApkUnpacker Armin Weihbold ChrisP Christopher Talib Daniel Maslowski Daniel Nakov David Cannings Dennis Goodlett Francesco Tamagni Juho Kuisma Jules Maselbas Kreijstal Matt Brooks Matt Brooks Mewt R MewtR Michael Hughes Murphy Ole André Vadla Ravnås Pau RE Paulo Matias Richard Wheeler Silur Stefan Sylvain Pelissier Troy Patrick Vasilyy Wagner Riffel astralia aviciano condret dependabot[bot] frukto jjaareet kyufie l0kh numonce pancake pancake pancake s0i37 satk0 tabudz tabudz wagner riffel xiaoxiaoafeifei zhailiangliang アンドラーシュ

Changes

abi

• RCorePlugins now have a session
• Finish the RKons refactoring, all r_cons calls take instance instead of global
• Rename RCrypto to RMuta
• Use RCons instance from RLine
• Rename RIOPlugin.widget to RIOPlugin.data
• Refactor the RRegAlias api
• Camelcase all the RCoreBind methods

analysis

• Wireup function and variable events
• Implement LA for listing analysis plugins
• Implement afv*/afvd* and fix afv[srb]? help messages
• Fix call to r_type_func_args_count
• Implement p8fm: function mask + tests
• Add JSON output to 'abm' command
• Implement 'abm' command to show the bytes and mask for the basic block
• Rename function fields (C, r2 and JSON formats) for clarity
• Document afi fields in afi??
• Fix #24153 - jmp/call refs for riscv code
• Implement aflmc to work like uniq but counting
• Implement 'pds*' command to add comments for emulated strings
• Improve scr.analbar percentages in aaaa
• anal.symsort is not a boolean
• Make anal.back a tristate to make it even more experimental
• Add anal.back to sort symbols backward before analyzing
• Fix behaviour with an empty anal.fcnprefix
• Add axffQ and axffqq for addresses instead of names
• One less core reference for the type propagation loop
• Initial refactoring of the type propagation code
• Handle typedefs and void arg funcs like the old parser did
• Heavily reduce allocations in RHint.get()
• More micro optimizations for aae
• Use chunk reads in aae to reduce memory usage for esil emulation
• Add 'emu.maxsize' option to let esil emulation scan large sections
• Fix ao@jmp modifying ar~^pc
• Fix #23809 - Add 'afbs' command, like 'afls' but for basic blocks
• Honor best name in 'afna' when flag starts with "sym."
• Initial import of the new C parser - disabled by default
• Improve autonaming for calltail relocs
• • Fix tail call analysis issue on x64 cobalt sample
• Honor R_ARCH_INFO_FUNC_ALIGN in aap
• Add new function prelude for x64
• Fix string reference via emulation on powerpc
• Improve /gg to follow more types of references
• Optimize 64bit register from the 32bit one for x86
• Add anal.fcnalign config var
• Add RArchInfo.FuncAlign type and details for x64
• Add more preludes, spotting 3x more functions on some x64 bins
• Refactor and improve RCondType APIs
• Fix column names in the ax, output

api

• Boolify r_cons_rgb_parse
• Add RLogLevel.fromString() and use it from -e log.level=?
• Deprecate r_bin_addr2line
• Rename RBinDbgItem into RBinAddrline
• RNumCalc is now known as RNumMath
• Move RFlagItem.alias into the Meta
• Rename core->offset into core->addr (asm.offset and more!)
• Rename RFlagItem.offset -> addr
• Deprecate RLang.list()
• Unified function to jsonify the plugin meta + more fields
• Redesign the REvent API

apibreak

• Boolify r_cons_rgb_parse
• Add RLogLevel.fromString() and use it from -e log.level=?
• Deprecate r_bin_addr2line
• Rename RBinDbgItem into RBinAddrline
• RNumCalc is now known as RNumMath
• Move RFlagItem.alias into the Meta
• Rename core->offset into core->addr (asm.offset and more!)
• Rename RFlagItem.offset -> addr

arch

• Add ldaxr/ldxr/stxr/stlxr arm64 pseudo instructions
• Initial import of the pseudo disasm for sparc
• Fix #24298 - Wrap around negative calls to the 32bit address space on sparc32
• Improve arch plugin descriptions
• Fix pyc size, jumps and extended args
• Improve pyc code quality
• Add TI-c6x asm.cpu support for the tms320.gnu plugin
• Initial import of the TMS320 gnu disassemblers
• Fix archinfo for c64x for invalid and unaligned instructions
• Implement support for big endian tms320
• Add support for new EVM opcodes
• Add op.type for vpins 86 instructions
• Fix cycle computation on cosmac cpus
• Add support for solc0.8.20 opcodes
• Fix parsing of memory operands for x87 FPU instructions
• Add last pseudo instructions to pickle
• Improve operand parsing to fix some x86 zignatures
• Add some pseudo commands for pickle
• Initial support for RCA COSMAC 1806 uProcessors
• Fix Java glitch caused by invalid logic handling switch tables
• Update v35 armv7 (not updated since 2023)
• Implement rasm2 -L [arch] to show detailed info of 1 plugin
• Improve all the arch plugin descriptions
• Update csnext commit tip
• Update to the latest rebased version of v35-arm64

asm

• Fix #23673 - Initial generic string pseudo api and use it for 8051
• Add dummy asm.java plugin
• Unify the asm.parse apis workflow
• Use mips.pseudo for the loongarch
• Move hardcoded corehack logic into asmpatch via plugins
• Add per-plugin userdata context
• Rename RParsePlugin to RAsmPlugin

bin

• Make iO commands print thru RCons
• Fix #24218 - Initial WIP implementation for parsing RELR relocs in ELF
• Fix glitch when parsing fuzzed swift metadata
• ELF Reloc7 are important too
• Export source information with the writedwarf plugin
• Fix #24218 - Add support for compact relocations
• Fix ASAN issues in dyldcache
• Fix xnu kernelcache syscalls misalignment
• Fix syscall carving in xnu kernelcache
• Support global section offsets in xnu kernelcache
• Support dumping dwarf in ELF containers via writedwarf
• Initial implementation of the writedwarf core plugin
• Initial support for debuginfod to download dwarf files
• Add debuglink info in RBinInfo, add idl to show the path
• Support compressed dwarf sections
• Detect reloc ELF sections by type instead of name
• Initial wip reporting of the ELF debuglink files
• Add Qualcomm MDT firmware format support
• Fix #23723 - Cleanup RBin plugin descriptions
• Prepare for iOS 26 dyld caches
• Add initial Plan 9 RISC-V 64 support
• Add support for macho-riscv binaries
• Implement iSm and iSmc commands to map symbols in sections
• Simplify the JSON handling in the 'i' subcommands
• Better demangle some more swift symbols
• Memoize section get by name in the elf parser
• Fix arm64 R_AARCH64_PREL64 relocation
• Implement the R_AARCH64_MOVW_UABS_G* relocs for ELF
• Bring back the icqq command
• Initial support for PEF (classic macOS/Be) executables
• Add missing EM_TI_* definitions for TMS320 ELF
• Deprecate the get_line() callback for plugins
• Add all the latest Dwarf lang definitions
• Call swift_demangle on unmodified input
• Skip __objc_catlist2 in dyldcache parsing
• Fix #24010 - fix last Go binaries from symbols
• Add symbols.r2.js script for xcrun integration
• Handle eLF_MODIFIER in the PDB parser to solve some warnings
• Initial refactor of the dbginfo storage
• Fix crypto info in mach0
• Fix invalid flag names when importing relocs with .ir*
• Name fixup relocs after the string they point if any
• Macho fixups are now handled and listed as relocs
• Fix segfault when freeing the elf parser
• Implement DBG_FIRST_SPECIAL dex debug opcode
• Use binary file instead of 'SourceFile' in dex debug info
• Fix huge leak when unloading an elf
• Fix #23865 - imports vaddr on some ELFs reporting below baddr locations
• Honor section/segment logic in MZ executables
• Initial implementation of the bin.aslr
• Fix null derefs in the RBin.io plugin
• Set Cd4/8 metadata from RBinFields via .ih*
  *...

5.9.8

Release Notes

Version: 5.9.8
Previous: 5.9.6
Commits: 202
Contributors: 15

curl -Ls https://github.com/radareorg/radare2/releases/download/5.9.8/radare2-5.9.8.tar.xz | tar xJv
radare2-5.9.8/sys/install.sh

Highlights

More details

Authors

Adam Satko Azox Chédotal Julien Juho Kuisma Quentin Kaiser Sylvain Pelissier W0nda astralia condret pancake pancake satk0 sha0coder suidpit wagner riffel

Changes

analysis

• Add array of values for arguments in aobj
• Fix aobj representing undefined behaviour bits
• Fix string ref direction and improve false positive xref types
• Better indirect code reference detection via flags
• Skip string/format/data metatypes from the ref analysis
• Fix false positive string ref spotted as write
• Fix 'aa' warning when no sections in binobj
• Make afvt work with 1 parameter to display the type, instead of silently failing
• Add recursive information in afi
• Implement aflmr command to list all recursive functions
• Fixes for the stm8 calling convention
• Add aflmu command to list function calls once
• Handle direction and support pointer RAM references for stm8
• Disable indirect pointer references for stm8
• Implement 'afln' command to list all function names

arch

• Add parse.pickle plugin
• Add the gb.pseudo plugin
• Fix more issues for stm8.pseudo
• Add pseudo for rvf stm8 instruction
• Clarify STM8 memory access, references and immediates in disasm
• LOADs can be STOREs too in stm8land
• Use [] syntax instead of the confusing () for stm8
• In stm8 use brackets for memory writes with mov

bin

• Fix #23538 - iS sha1,sha1/sort/inc table queries + entropy
• Cache sections in dwarf parser
• Handle table queries for imports and segments
• Use raw symbol name in flatItem.realname instead of the flag name
• Add math category imports (and few more string)
• Improve iic subcommands for listing uniq xrefs and more
• Improve iic command for classifying imports
• Fix crash in 'iic' and add more import types
• Fix RVA to offset conversion on PE binaries
• Remove a hack that breaks parsing sections in some PE

bug

• Fix broken test exposing reentrant RNum.math glitch

build

• Fix #23622 - Use USEMESON when builddir contain spaces
• Fix make purge
• Aim to fix the duplicated sha symbols from rvc cyclic dep
• Correct OpenSSL imports
• Fix qjs when using asan
• Fix qjs symbols visibility
• Define cstd for meson-w32
• Install scripts

config

• -e log.level accept strings too
• Use XDG cachedir and expose it via dir.cache for annotations

cons

• Fix #23588 - remove empty lines when sorting and add grep+end test

core

• Fix #23639 - Implement e+ command to set config vars in r2rc
• Increase float and double precision

crash

• Fix #23657 - Command injection vulnerability via rbin->r2
• Fix #23581 - Infinite loop with unsupported dwarf command
• Fix #23581 - (again) bin3 dwarf infinite loop
• Fix #23581 - (again) another infinite loop in the dwarf parser
• Fix #23581 - (again) another infinite loop in the dwarf parser
• Fix #23610 - Stop parsing compressed DWARF sections
• Disable fortunes in sandbox mode, better null checks
• Lots of small improvements and bug fixes in the dwarf parser
• Fix #23581 - DoS in DWARF parser
• Fix infinite loop in pdc (pseudo decompilation)
• Fix #23529 - Stack exhaustion overflow in the c++ demangler

crypto

• Simplify print hash
• Update cipher plugin descriptions
• Add ssl builds in the CI and add the SipHash SSL plugin
• Create sip hash plugin
• ASN.1 display corrections + fix tests
• Correct print strhash
• Fix #22140 - Add bech32 encoding/decoding
• Update algorithm descriptions
• Add offset on MK hit for SM4
• ASN.1 printings enhancements

debug

• Revert e0b1977 - bring back the full IO address space
• Stop earlier in glibc checks in dmh
• Fix dra? in debugger mode (exposed by ?*)

decompiler

• Fix some broken gotos in pdc
• Include callconv information in pdc output
• Honor afs in pdc

disasm

• Fix false positive in op.ptr(char) reference
• Add asm.cmt.wrap to ignore asm.cmt.right on long comments
• Implement asm.cmt.pseudo config option

doc

• Use SPDX license names for RLang plugins
• Use SPDX namings for crypto, and list them in Vj
• Use SPDX license namings in all the arch plugins
• Use SPDX license namings on all the bin plugins
• Use SPDX naming in all IO plugins
• Fix segfault in dL and use SPDX namings on all debug plugins
• Initial import of the scripts/licenses.r2.js

dwarf

• Fix DWARF5 file parsing
• Fix DWARF5 parsing when a MD5 checksum is present

fs

• Dont load empty fs plugins

globals

• Remove globals in RCore.cmdMeta

io

• Minor fixes in io
• Minor optimization in r_io_bank_locate
• Give local seek to iobfd
• Use R_IO_SEEK instead of SEEK
• Undo some ret2libc harm
• Dont priorize null:// maps on macho binaries
• Honor custom seek when map address is set

lang

• Handle base64: in #!-e
• Fix #!python -e

lint

• Add script for linting assert lines on all R_APIs

performance

• Minor optimizations in RBuffer.bytes

print

• Import charsets from imhex
• Fixed old_offset not restored on pdj
• Improve error handling in pfb strings

projects

• Save/restore comments in the new projects
• New prj core plugin as PoC
• Inform about the project path before removing
• Honor prj.files in o*
• Fix copying main executable when prj.files is set

r2js

• Update to the latest quickjs-ng and pin commit to fix vs2022 build
• Update to the latest quickjs-ng, so we dont need to ship custom patches
• Fix "TypeError: not a function" error with an ugly hack
• Update r2papi to the test version from git

search

• Add /h* and make /h behave like the rest
• Add /abf to search loops in current function
• Display SM4 master key when found

shell

• Better handling invalid subcommands
• Handle table queries for strings in "iz,"
• Handle comma subcommand for "ic"
• Support @% for reading variables too
• Fix #23561 - report 'drq' as an invalid command
• Improve and extend $D numvars
• Extended $M numvars
• Refactor and improve $F and $B numvars
• Refactor, improve and extend all the $S numvars
• Refactor and extend the numvars for flags
• Refactor instruction $variables under $i
• Cleanup, handle errors and support : syntax for $k{}
• Refactor and extend few RNum $O-&gt;$$c|$$$c + error handling
• Fix xdg cachedir and histfile path issues
• Fix invalid command error message when subcommand is the null char
• Fix "?E C.." bug in clippy
• Don't show license column in r2 -L. use json to get author+license
• Handle more invalid subcommands under 'a'
• Invalid h subcommands dont flush the error text
• Fix all the plugins listing in r2 -Vj

test

• Set pager to cat in sys/lint.sh

tools

• Add 'stdouterr' directive in rarun2
• Add r2 -1 to redirect stderr into stdout

util

• Initial implementation of the new LZ4 implementation

visual

• Implement yank/paste in visual bit editor
• Implement endian swap in visual bit editor
• Support multibyte inc/dec with Vd1[+-]
• Implement word size concept in the visual bit editor
• Implement Vd1! to toggle all bits from the selected byte
• Handle [] and ; keys in Vv

5.9.6

Release Notes

Version: 5.9.6
Previous: 5.9.4
Commits: 311
Contributors: 27

curl -Ls https://github.com/radareorg/radare2/releases/download/5.9.6/radare2-5.9.6.tar.xz | tar xJv
radare2-5.9.6/sys/install.sh

Highlights

More details

Authors

3393304070 Abhi Adam Satko Azox Chédotal Julien Dennis Goodlett Dennis Goodlett John Sebastian Peterson Juho Kuisma Juho Kuisma Keegan Saunders Lzu Tao Marcel Alexandru Nitan Ole André Vadla Ravnås Pau RE Sarveshwaar SS Sylvain Pelissier Valentin Obst Valentin Obst astralia condret kcdq maliByatzes pancake pancake satk0 satk0

Changes

Analysis

• Fix #21171 - Infinite loop with -e anal.slow=false workaround
• Support fixed x27 as global pointer reference on Dart binaries
• Fix some arm64 instruction types and LOADs not LEAs for arm64
• Fix memory direction and permissions detection in xref
• Support for jump table constructions for arm64 (Swift binaries)
• Fix invalid esil for add+shift on arm64
• Fix #23286 - Add ESIL translation for the MIPS movn instruction
• Fix ESIL for TST and AND v850 instructions
• Expose imm value on ADD/SUB arm64 instructions
• Implement ESIL and reg details for BRAA instructions on arm64
• Default jumptable word size is 32bit if not defined
• Fill the op.val for stm8 ref analysis
• Fix for xrefs permission indicator: -w- r--
• Use flags check esil references on flags in 'aae'

Architecture Support

• Assembler support for m68k
• Fix more x86 assembler instructions
• Added new Dalvik disassembler contribution by Keegan from NowSecure
• Capstone6 support: PowerPC, MIPS, ARM64
• Better TriCore support: fix control-flow-graph, calling conventions, asm.cpu, opex, pseudodisasm support, basic ESIL, and fixed register profile
• Handle asm.syntax=regnum for the arm.cs plugin
• Expose asm.cpu options for bpf, not just depend on asm.bits
• Generic pseudo disasm for non-supported archs
• Fix stm8 pseudo return
• Improvements for the tricore, arm, stm8 and x86 pseudo
• Colorize more stdint types in the ~:)) operator
• Check if value for rasm2 -c asm.cpu is valid and warn the user
• Make rasm2 flags more coherent (-s,-S,-o,-O)
• Fix .ascii and .asciiz directives for rasm2

Binary file formats

• Fix resizing ELF sections
• Detect Dart ELFs
• Fix duplicated and large swift symbol demangling issues
• Clarify bin.demangle.libs -> bin.demangle.pfxlib
• Speedup macho parser by reducing repetitive calls to RConfig.get
• Move lua bin parser, remove globals and refactor its code
• Detect VisionOS binaries
• Better bin.str.(min/max) defaults

Shell

• Replace ia with iA, deprecated 'ia'
• Add help for $?, ?$?, -, ' and improve other command helps
• Enforce valid value for asm.offset.relto
• Handle ^C in agf and afr
• Add -A and -H commands
• Replace "" with ' in more * subcommands, wip deprecation for safetiness
• Fix .! multiline quoted scripts with the shouting dot
• Add 'test' command with -s, -f, -x and -d flags
• Accept '@ expressions that dont start with '0x'
• Use RCore.returnInvalidCommand in many commands for better error handling
• Add @@f (alias for @@c:afla) inverse recursive function list
• Add f-0x f-? and other flag removal missing commands
• Improved syntax error handling on tmpseek expressions

Build

• Fixes for the webassembly builds for the Frida-trace UI
• Fix preconfigure.bat setuptools installation
• Install setuptools if needed in preconfigure.bat
• Undevilize preconfigure.bat and add MSBuild 2022 Community support
• Use the latest capstone 5.0.3

Crypto

• New commands poE and poD
• Add type definition for CCCrypt import for ios-arm64
• Add new command to print signature of a block
• Refactor listing crypto algorithms into a single function
• Fix rahash2 -B behavior
• Fix more bugs in /ck tire
• Fix oobread in /ck for search/tire
• Add CRC search to magic
• Add ed25519 private key search

Charset

• Add space character ascii.sdb.txt
• Support no string decoding/filtering in disasm, needed for chinese string references

Console

• Also export scr.color via R2_COLOR env var
• Horziontal scrolling with control+wheel i graph and visual modes
• Emit span instead of font in the scr.html filter
• Add scr.css and scr.css.prefix used in 'ecc' for now
• New dark theme: gruvbox
• Fix eco* and refactor theme loading logic

Debugger

• Use hwbp by default on mac-x64 (m1 fails)
• Fix xmm?[hl] (dbg_drt test) for Linux x64
• Add xmm registers for the FreeBSD debugger
• Added registers st0 to st7, mm0 to mm7 while debugging under FreeBSD
• Fix #23357 - Add missing flag registers for the freebsd profile
• Fix bug when calling dr8 in the debug.io
• Fix #23298 - Breakpoints recoil not working on FreeBSD

Disassembly

• Use sumarized variable listing by default (asm.var.summary=4)
• Support tail addresses in pdua..
• Implement the ano command to manage function annotations
• Fix #23273 - Honor scr.strconv in emustr, fncarg and add tests
• Fix #23012 - Make pduoj json consistent with pdj
• Improved function argument emulation listing

IO

• Fix #23405 - Implement multibyte binary write support in the 'pb' command
• Fix wb single byte write behavior
• Add io.mapinc config variable
• Fix #23313 - aeim stack locate
• Fix #23313 - overlapping maps after aeim

Print

• Improve and document pfb bitfield printing in C, ascii art, oneliner
• Handle multiline comments in pdsf
• Display strings with 'ps' until first non-printable character instead of escaping

Projects

• Make -p/-P available from the r2 shell and better subcommand handling
• Honor absolute and relative paths in Pze
• Add scr.prompt.prj to show project name
• Save and restore annotations

r2pm

• Honor user env variables, Use git clone depth=1
• Fix radareorg/radare2-pm#164 - Verboser database/package upgrade r2pm -U / r2pm -UU
• Remove r2pm -HH, use r2pm -H (without argument), same as r2 and in sync with doc

Search

• Add /V value range support in rafind2
• Honor quiet mode to not set noisy flags in /azs
• Implement /xn command to search for repeated patterns
• Implement the /xv[s] value array search command
• Find longer computed strings with /az
• Add comments (to replace flags) for asm strings
• Implement /azj and add a test

Types

• Fix null format when displaying unknown argument types
• Ignore "signed " prefixed types. signed is the default
• Add missing setuid/setgid signature type definition

Visual

• Better visual xrefs layout
• Fix some emulated reference hints
• Show function name when scrolling inside the function
• Fix the q; function signature bug in Vdf

Other

• Sync $R2_FILE with 'o.' output
• Add -e cmd.exit to run commands before leaving
• Fix log level details in r2pipe output
• Add script to symbolicate iOS kernels using IPSW
• Update lang.qjs and use quickjs-ng instead
• Update the /m and /t webuis
• Initial implementation of the http sessions
• Deprecate the IS_DIGIT/IS_UPPER/IS_LOWER, we have posix
• Initial pavement for RCorePriv opaque struct

Security

• Fix segfault in hex2bin when length is zero
• Fix assert in some title-less graphs
• Fix null deref in poS
• Fix timeout bug in r2r when fd is closed
• Fix double free in lua bin parser
• Fix /cp segfault on missing key
• Fix invalid free in 'icc'
• Fix a 1 byte overflow in r2cmd and improve logic checks
• Fix another assert in the tricore.cs because of capstone bugs
• Fix null deref bug in the swift demangler
• Dont shift left signed types as reported in bug8 from #23278
• Fix large left shift in buf.sleb as reported in bug7 from #23278
• Fix another left shift UB in uleb aka bug5 from #23278
• Fix addition overflow in ELF relocs as reported in #23278 (bug4)
• Fix large left int shift in TE as reported in #23278
• Fix multiplication overflow in PE as reported in #23278
• Fix UB in uleb128 left shift reported in #23278
• Fix #23277 - invalid allocation on verdef struct for ELF
• Sometimes functions end up asserting with empty names
• Fix assert in the omni command
• Fix segfault when deallocating arch plugins
• Fix null deref in Lcj
• Fix command injection bug in search hit bug exposed by bad asm string
• Fix memory leak in RLangSession.fini
• Implement ahb*, use more single quote, fix codeinj vuln and more

5.9.4

Release Notes

Version: 5.9.4
Previous: 5.9.2
Commits: 276
Contributors: 18

curl -Ls https://github.com/radareorg/radare2/releases/download/5.9.4/radare2-5.9.4.tar.xz | tar xJv
radare2-5.9.4/sys/install.sh

Highlights

More details

Authors

Adel Brandon Lin Claudio Jeker Enno T. Boland Francesco Tamagni Lars Haukli Richard Patel Sylvain Pelissier Xavi Artigas astralia aviciano condret ffg53 meme pancake pancake satk0 shurizzle

Changes

analysis

• Ignore NEVER bit in branch instructions on SPARC
• Fix SPARC call instruction branches
• Expose mem delta on store variables
• Improved default function names
• Add anal.flagends to stop a functions when flags are found
• Fix aac on rebased files
• Fix aae behaviour on invalid instructions
• Optimize RAnalOp.setBytes with extra sauce for NEWABI
• Fix help for 'abt?'
• Honor codealign in nopskiHonor codealign in nopskip
• Reuse R_PERM in RAnalVarAccess.type instead of custom enum
• Make anal.vinfun false by default
• Show jmptbl bb cases in ab output (not just for abj)
• Initial support for MIPS jump tables (anal.jmp.tbl)
• Fix missing arm reference regression in aaaa
• Early stop with breakoninvalid reducing warning logs in 'aaaa'
• More type fixes
• Add more types from posix
• Fix missing entries in the afla matching with aflq
• Add anal.emu to run aaef in aaa and aef in af, for now optional
• Implement missing but documented abi and refactor ab/ap
• Only use anal hints in aac on arm 16/32
• Dont list vars in afij output
• Fix bb outputs computation in afij
• Fix #22995 - Dont list vars in afi, we have afv for this
• Register strtonum function type
• Improvements in aaa output and initial work towards twice afva checks
• The sixref command shouldnt change current seek
• Add op-count / bb-ratio info in afi/afij

api

• Implement r_base32 APIs for my future self

arch

• Initial support for the UXN machine
• Fix few instruction type issues for mips.gnu
• Expose missing cpus list in the ARM plugin 
• Add support for sfence.vma instruction for riscv
• Missing read callbacks are now debug messages

bin

• Make dynsym and hash sections wordable
• Implement RBin.attr(str2bits)
• Implement RBinPlugin Commands in the new abi via i:
• Return earlier when bin.classes is false
• Use callAt instead of cmdAt for section formats
• Fix #23064 - Implemented iclc command
• Fix parsing dmp binaries on big endian systems
• Fix incorrect parsing of MZ headers in big-endian machines
• Tweak the custom swift demangler and fix tests
• Fix Objective-C classes Swift demangling
• Fix #23110 - Improve the swift demangler to handle more constructions
• Create sections for dyldcache stub islands
• Set dyldcache entry point to the first map
• Run the native swift demangler tests on darwin-x64 too
• Initial support for RBin->RIO redirections
• Early stop on corrupted macho method storage
• Early catch some missbehaves in the macho class parsing
• Fix iej/ilj on ob* and remove ieee (use ie;iee instead)
• Fix the symbol parsing in Plan9
• Add dir.sourcebase newabi + faster bin.dbginfo on macOS
• Fix RABIN2_SWIFTLIB and add tests from r2 and rabin2
• Fix dyldcache deps carving logic
• Make Mach-O size ut64
• Bring back the ig command to guess binary size
• Support resizing the BSS section with rabin2 -O
• Fix hash limit and fix segment hashing iSS
• Fix section hashing and clarify help
• Reduce memory dereferences in the macho parser and more cleanups
• More cleanups on the objc parser, with minor optimizations
• Minor optimizations in the ObjC demangler

build

• Also compile for WASI reactor
• Fix cwisstable on ppc-le

ci

• Muon build fixes
• Get rid of the deprecated macos-11 github targets

cons

• Reimplement internal cfg.editor line editor
• Few fixes for the line editor
• Highlight code modifier ~:))
• Support multiline RCons.message()
• Fix scr.html in pdc

core

• Avoid over-unsetting fixed arch / bits
• Add anal.fixed.* (move anal.gpfixed and add arch/bits ones)
• Don't ask sections if fixed arch / bits set
• Show io and core plugin version in the json listing
• Honor log callback return value on custom callback calls

crash

• Fix null deref in r2 -d l
• Fix huge allocation when casting int to ut64
• Fix a recently introduced uaf in pdc
• Fix null deref in dbtj
• Fix null deref when running iS without any binobject loaded
• Fix stack overflow in strings search
• Fix infinite loop in the afla command spawned by a^5
• Fix #22972 - deadlock in :: fixed by handling ^C
• Each RLogCallback have its own user pointer
• Fix #22969 - segfault when running axt@j>$f

crypto

• Expose the ELF hash algorithm in rahash2 -a elf
• Initial support for Ed25519 signatures

debug

• Adjust OpenBSD code to set the process state to be less wrong
• Fix drr - register periscoping on arm-thumb
• Better output for dL command
• Fix infinite loops in the heap parser and fix 2 broken tests
• Initial support for native debugger on Linux/s390x
• Fix the double-increment in the debug traces, avoid double tracing
• Add missing rv64 case for the native debugger

decompilation

• Initial support for stm8 pseudo

decompiler

• Pseudo for arm64 replacing xzr with zero
• Fix unmatching brace in pdc output
• Add few missing arm64 fpu instructions for pseudo
• Minor fixes for the x86 pseudo parsing
• Remove empty lines and onelinify the comments in pdc
• Better syntax for conditionals and switch/case constructions
• Implement pseudo for arm64 br and ldruh
• One more orphaned basic block in pdc
• bhi and ldrsw for arm64.pseudo
• • More refined goto statements in pdc and add and colorize missing returns

diff

• Check and early fail if symbol existance in radiff2-g

disasm

• Improve sparc.cs disasm replacing +- with -
• Add test and fix for the arm64 varsub issue
• Fix asm.emu derefenced word issue on big endian
• Fix improper display of IPv4 addresses in big-endian machines
• Store operations also deserve a place for asm.emu
• Honor cfg.json.num in pdbj
• Implement madd/msub/mneg support for arm64.pseudo
• Replace wzr with 0 in the arm.pseudo
• Fix asm.pseudo for arm64's movk
• Display instruction addresses on each switch blocks in pdco
• Initial support for small integer (SMI) anal hints in disasm (ahi)
• Add support for pascal strings meta type Csp
• Honor kernel crash hints in hexpairs for rasm2 -D

doc

• Add info about single module recompilation

emulation

• Use codeAlign instead of dataAlign for thumb stepping

endian

• Fix mdmp list sz

esil

• Fix dbg.trace behaviour with emulation

fs

• Build fs.squashfs with the make build system too

graph

• Remove non-id code from the gml graph output

help

• Fix afv help to make it accessible through tghe af?*

io

• Fix io.cache
• Add :iF command to dsc
• Initial support for the UF2 file format
• Improve :iP command usability in dsc
• Refactor the io/oi commands and fix io behaviour
• Add iP command to dsc to get authenticated pointer info
• Fix dsc subcache format detection
• Dont seek from the server side rap

json

• Improve the smile operator code tokenizer ~:)
• Use RCorePJ if possible instead of PJ

lang

• Support base64 encoded r2js scripts
• Python goes before Python2 in the rlang plugin now
• Fix TS usage by making the exports object point to globals
• Add R2_PAPI_SCRIPT env var for custom r2papi testing

panels

• Add manpage submenus under the Help
• Implement menu separators, project and analysis options
• Better key hints visualization
• Better key hints in for menu, tabs and title selected panel

print

• Honor hex.cols in pxb bitdump view
• Add phl/phL as an alias for Lh and update help

projects

• Implement prj.history to save/load the per-project command history

qjs

• Fix loading some r2frida-compiled scripts

r2js

• Fallback the default r2papi when not loaded from disk
• Update r2papi from git, use src from /tmp instead of npm
• Add Visual Studio "map" file parser script

r2pipe

• Add missing command to r2 ?
• Fix r2pipe2 json format not being trimmed
• Add r2.cmd2[j] APIs for r2js

r2pm

• Do not check for updates when r2pm -r, -h and -H

ragg

• Fix ragg2 foo.c on macOS

refactor

• Replace other r_return_* uses and update DEVELOPERS.md
• Deprecate r_str_new and R_STR_DUP

scripts

• Add an r2js script to import il2cpp metadata

search

• Fix ^C in /ac
• Show offset of the truncated large strings
• Fix #22974 - minimum blocksize to reduce missing matches in /ad
• Reduce false positive on "java source" magic
• Add a magic file for flutter magics
• /ad supports glob matching now

shell

• Fix 'r2pm -r false' because exit(system("false")) is a lie
• !! for session history, !. for history save
• Fix move cursor right with arrow keys issue in dietline
• Support '0x, not just '@0x and improve "'?'" help
• Add -D as an alias for iD
• Improve the multiline comment user experience
• Better parsing for the "join" command
• Fix 'rm $foo' and '$foo+=N'
• Improve argument parsing logic for 'tail'
• Fix the tail syscmd
• Rename ib as ooi
• Hono...