radareorg/radare2

📈 Trending★ 23,864CAudience · developerComplexity · 4/5ActiveLicenseSetup · moderate

Mindmap

mindmap
  root((repo))
    What it does
      Disassemble binaries
      Debug running programs
      Hex editor
      Pattern search
    Supported platforms
      x86, ARM, MIPS
      RISC-V and more
      Linux, macOS, Windows
      Android, BSD
    Use cases
      Security auditing
      Malware analysis
      CTF competitions
      Vulnerability research
    How to extend
      Plugin system
      Decompilers
      r2pipe scripting
      Multiple languages

mindmap root((repo)) What it does Disassemble binaries Debug running programs Hex editor Pattern search Supported platforms x86, ARM, MIPS RISC-V and more Linux, macOS, Windows Android, BSD Use cases Security auditing Malware analysis CTF competitions Vulnerability research How to extend Plugin system Decompilers r2pipe scripting Multiple languages

Things people build with this

USE CASE 1

Analyze malware and suspicious executables to understand their behavior without running them.

USE CASE 2

Audit compiled software for security vulnerabilities when source code is unavailable.

USE CASE 3

Solve reverse engineering challenges in CTF competitions by disassembling and debugging binaries.

USE CASE 4

Trace execution of a running program to find bugs or understand internal logic.

Tech stack

Cx86ARMMIPSRISC-V

Getting it running

Difficulty · moderate Time to first run · 30min

Requires compilation from source and understanding of binary analysis concepts; pre-built binaries may not be available for all platforms.

Free and open-source; you can use, modify, and distribute it freely under the LGPL license, which requires you to share modifications to Radare2 itself but allows proprietary use of tools built with it.

In plain English

Radare2 is a free, open-source reverse engineering framework and collection of command-line tools. Reverse engineering, in this context, means taking a compiled program, which is in binary machine code that humans cannot directly read, and analyzing it to understand what it does. This is used in security research, malware analysis, vulnerability discovery, and software forensics. Radare2 provides a disassembler (which converts machine code back into human-readable assembly language), a debugger (for stepping through a running program), a hex editor (for viewing and modifying raw binary data), and many analysis tools. You can open any executable file, or even raw memory from a running process, and inspect its structure, find functions, trace execution, search for patterns, and modify bytes in place. It supports an enormous range of CPU architectures (x86, ARM, MIPS, RISC-V, and dozens more) and runs on nearly every operating system including Linux, macOS, Windows, Android, and several BSDs. A plugin system extends its capabilities with decompilers, AI-assisted analysis, and integration with other tools. Scripting is supported from multiple programming languages via the r2pipe interface. You would use Radare2 when you need to analyze software at the binary level without source code access, for security auditing, CTF competitions, malware investigation, or understanding how a piece of software actually works internally. It is primarily a command-line tool written in C, with an optional graphical interface called iaito.

Copy-paste prompts

Prompt 1

How do I use Radare2 to disassemble a binary file and find the main function?

Prompt 2

Show me how to set a breakpoint and step through a program using Radare2's debugger.

Prompt 3

How can I write a Radare2 script in Python using r2pipe to automate binary analysis?

Prompt 4

What's the workflow for analyzing a suspicious executable with Radare2 to detect malware?

Prompt 5

How do I use Radare2's hex editor to patch bytes in a binary file?

Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.