Add Cutter/radare2 plugins

[XVilka]

I noticed you have a plugin for Ghidra, but it is not the only one FOSS tool available. Radare2 is a highly-portable cross-platform reverse engineering framework and a toolkit without dependencies. It has support for analyzing binaries, disassembling code, debugging programs, attaching to remote GDB/LLDB, WinDbg servers, rich plugin system (see r2pm), and integration with various decompilers. For example, ghidra decompiler plugin - r2ghidra-dec. It is actively developed and can be easily integrated in various open source and commercial products. I believe, it will be highly beneficial to support these and provide a package for install from r2pm, see the package repository here: https://github.com/radareorg/radare2-pm

For documentation on writing plugins for radare2 see Scripting and Plugins Radare2 Book chapters.

Cutter is a crossplatform Qt/C++ GUI frontend to radare2:

For documentation on writing plugins for Cutter see the official tutorial and the curated list of various popular plugins.

[eschulte]

Thanks for this note. We have discussed working on a Radare2 plugin, and it is useful to know that there is some demand for this. In the short term we have additional functionality that we would like to incorporate into our Ghidra plugin. However, once that is complete--assuming we have the resources--we are interested in the integration of GTIRB with Radare2. At the same time, if there is anyone with Radare2 experience who would be interested in using the GTIRB APIs to build such a plugin we would be very eager to provide any support we can.

I'm going to close this issue as it isn't relevant to our Ghidra plugin, but feel free to create a GTIRB issue to track this request.

[XVilka]

@eschulte you can just transfer the issue between repositories in the organization. Probably will be better than to have a copy.

[eschulte]

Ah, I didn't know that was an option. I've transferred and will reopen. Thanks

[arunchannaraju18]

HELLO, I HAVE RUNNED A COMMAND, ddisasm binaryname --asm outputname I have got the output. But i dont know what do next . How to get IR ? Can anyone please help me.

[aeflores]

Hi @aruncgowda, thanks for trying ddisasm and gtirb! I believe this should be a different issue. It has nothing to do with radare2. To obtain a gtirb file, you should use the --ir option. E.g. ddisasm binaryname --ir output.gtirb. The --asm option will generate an assembly text file.

[ajaymas]

@aeflores I have also tried ddisasm and gtirb. I am able to generate IR like you suggested below. ddisasm binaryname --ir output.gtirb

But I had tried to open output.gtirb but i can't open and see the content inside the output.gtirb. It look like machine code content. Is their any way or editor to open and read IR content in that file...?

In addition, Can i recompile output.gtirb as workable binary (IR to recompiled bInary).? If so, could you please mention the commands how to do that?

Thanks in advance.

[aeflores]

Hi @ajaymas, gtirb is serialized using protobuf. This is a binary representation (it is not plain text) so it cannot be opened directly with a text editor. The easiest way to explore the representation is using one of the APIs. Here are some examples https://grammatech.github.io/gtirb/examples.html

If you want to generate a binary, you can print the gtirb representation to assembly code using gtirb-pprinter (which you should already have since it is a dependency of ddisasm):

gtirb-pprinter output.gtirb --asm output.s

and use gcc to generate a new binary:

gcc output.s -o reassembled_binary

gtirb-pprinter can take care of calling gcc directly:

gtirb-pprinter output.gtirb --binary reassembled_binary

This has the advantage that it will pass the right library flags to gcc.

Hopefully that gets you going! let me know if you have additional questions.

[gogo2464]

I am not convinced by the philosophy of r2gtirb. r2 is vim to be fast and gtirb is slow but recompilable. Doest not seems to be compatible as you can use gdb / r2 / whatelse on the recompiled binary.