Analysis updated 2026-06-21
Disassemble an unknown binary to understand what a program does without access to its source code.
Analyze malware or suspicious software to identify what functions it calls and what data it reads or writes.
Compete in CTF security challenges using the debugger and analysis tools to find hidden flags in binary executables.
Inspect and patch bytes in any executable file or raw memory dump to study a program's internal behavior.
| radareorg/radare2 | lvgl/lvgl | xiaojieonly/ehviewer_cn_sxj | |
|---|---|---|---|
| Stars | 23,612 | 23,473 | 23,863 |
| Language | C | C | C |
| Setup difficulty | moderate | hard | moderate |
| Complexity | 4/5 | 4/5 | 3/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
The command-line interface has a steep learning curve, the optional iaito GUI reduces friction but requires a separate install.
Radare2 is a free, open-source reverse engineering framework and collection of command-line tools. Reverse engineering, in this context, means taking a compiled program, which is in binary machine code that humans cannot directly read, and analyzing it to understand what it does. This is used in security research, malware analysis, vulnerability discovery, and software forensics. Radare2 provides a disassembler (which converts machine code back into human-readable assembly language), a debugger (for stepping through a running program), a hex editor (for viewing and modifying raw binary data), and many analysis tools. You can open any executable file, or even raw memory from a running process, and inspect its structure, find functions, trace execution, search for patterns, and modify bytes in place. It supports an enormous range of CPU architectures (x86, ARM, MIPS, RISC-V, and dozens more) and runs on nearly every operating system including Linux, macOS, Windows, Android, and several BSDs. A plugin system extends its capabilities with decompilers, AI-assisted analysis, and integration with other tools. Scripting is supported from multiple programming languages via the r2pipe interface. You would use Radare2 when you need to analyze software at the binary level without source code access, for security auditing, CTF competitions, malware investigation, or understanding how a piece of software actually works internally. It is primarily a command-line tool written in C, with an optional graphical interface called iaito.
A free open-source reverse engineering toolkit for analyzing compiled programs at the binary level, disassemble machine code, debug running processes, and inspect memory across dozens of CPU architectures without source code.
Mainly C. The stack also includes C.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.