r2 -w ./file # open file for patching

Main Commands

• aaa - analyze everything

• pdf function / pd 20 @function - print disassembly at function

• s 0x4000 - seek address /s+ s- for relative seek

• VV @function - Enter Graph View at function

• iz - print strings

• @ - use for temporary seek

• ~ - like grep

• px - print hexdump

• ia - info all

• wa - write assembly

• afl - list functions

• axt [offset] - find xrefs

• / [string] - search strings

• o - work with file descriptors

• afta - analyze local variable types

Visual Modes

• V - Enter Normal Visual mode

• VV - Enter Graph View

• V! - Enter Panel View

• A - patch at current address

• p - rotate print mode

• : - open command line

Tricks

• append j to a command for json output

• append ~{} to command for json pretty print

• use pipe | with shell commands

• use > to pipe outputs to file

• wx 9090 - write nop at current address

• use initialization scripts to do the basic startup tasks

Customization

• eco - colorschemes, e.g. eco darkda

• e scr.utf8 = true

• e scr.utf8.curvy=true

Debugger

• r2 -d ./file

• db 0x0000 - breakpoint at 0x0000

• dc - run

• ds - step

• dcs - continue until syscall

• dd - manipulate file descriptors

• dr eax=5 - manipulate reg value

• s - step (visual)

• S - step, not into calls (visual)

https://radare.gitbooks.io/radare2book/debugger/migration.html