Using the metadata from projects created by radare2

[0xBEEEF]

I have taken a closer look at the "radare2" project. I had never known before that there was such a powerful framework and toolkit for analysis and dissembling. It is really very impressive what seems to be possible with it. I mainly experimented with smaller files, which I had built for this purpose.

I was able to take the following highlights with me: I can define, name functions, and also name and analyze variables in them. Unfortunately I couldn't find any tools to analyze OOP and structures, but you can't have it all at once.

Which is why I'm writing this now. In "radare2" you can create and save projects. These contain a lot of metadata, like functions, names and everything you have set. What I would like now is if one could take this data and pass it on to RetDec directly. That should shorten the analysis time considerably. Furthermore, one would have names at hand, which would make it much easier to read.

Is that possible from your point of view? From my point of view, there would really only be advantages.

[PeterMatula]

We actually met pancake (the guy behind Radare2) few weeks ago and discussed a possibility to use RetDec from Radare2. It looks like we will try to cooperate on a plugin for Cutter that would do just what you asked.

[0xBEEEF]

@PeterMatula That's great news! I also took a quick look at Cutter. It seems to be still under heavy development, because a lot of things didn't go well in my tests. So I went straight back to the console version. Would that be a native plugin, or just another call to your tools? I think it would be cool if it were more deeply integrated, so that an external process would not be started again, as is obviously the case with IDA up to now. I think it makes a big difference. All the plugins I've tried for radare2 so far were pretty deeply anchored.

[PeterMatula]

At the beginning, it will definitely be a call to our tools. RetDec is basically a chain of tools linked together with scripts. In time, maybe we will move to a more compact solution, but that will not be easy and fast.

[0xBEEEF]

All right! I think it's really great that you guys work together here. What I expect most from this development. For example, if you define structures in radare2, they should be passed on to you and processed accordingly. The output should improve in many cases as a result. If the access would then also take place accordingly with the shortened operators, as in C e.g. the structure dereference (->). It would also be good if you would also get variable names and process them accordingly.

[PeterMatula]

We gave a talk on this at r2con 2019: https://github.com/radareorg/r2con2019/tree/master/talks/r2retdec

The plugin is currently here: https://github.com/avast/retdec-r2plugin/issues/1 but it is a work in progress and is not usable at the moment.

It will be moved here: https://github.com/avast/retdec-r2plugin

It will be release together with RetDec v4.0.