6.1.4

Release Notes

Codename: "CottonMouse"
Version: 6.1.4
Previous: 6.1.2
AbiDiff: 77-83 (6)
Commits: 340
Contributors: 20

curl -Ls https://github.com/radareorg/radare2/releases/download/6.1.4/radare2-6.1.4.tar.xz | tar xJv
radare2-6.1.4/sys/install.sh

Highlights

More details

Authors

0xf00sec AGhebrea Abhi Adam LaPoint Adam Satko Ahmethan G. Claude Jake Lamberson Ole André Vadla Ravnås Quentin Buathier awlapoint-afk buzzer-re condret jro-calif jwntree pancake pancake pancake phix33 potato

Changes

analysis

• Use dash for callargs modifier and support rnum expressions
• Rework aCe/aCf to support plaintext, JSON and r2 output modes
• Improve scoring strategy for the function autoname
• Fix arm64 jmptbl detection for multi-LEA dispatchers
• Fix leak, dead branch and int overflow in jmptbl code
• Fix some possible command injection analysis scripts
• Fix afv* for afvr variants
• Extend RAnalPlugin to hook preanalysis commands if elligible
• Add r_anal_xrefs_setf to avoid fcn lookups for a 3% speedup
• Better conditional return instructions support (z80, arm, nds32)
• Remove redundant zeroing in RAnalOp.init
• Refactor autoname into analysis plugin (a:autoname)
• Performance improvements in arch and analysis
• Add RAnalPlugin.thumb to scan code for mode-switch hints
• Resolve PPC64 ELFv1 TOC-relative address chains in
• Add more binary magic signatures to is_bin() in data
• Remove r_anal_archinfo in favor of r_arch_info
• Use R_ANAL_DATA_TYPE_ZERO for zero-filled data instead of INVALID
• Implement wide string length measurement in is_string()
• Import the C rewrite of the gopcintab plugin by @AsherDLL
• Materialize switch cases through core analysis
• Expose typed function context with params, stack slots, and base types

arch

• Fix a bunch of logic bugs for v850 esil
• Improve pseudo for nds32
• Refactor the nds32 esil cooker from O(n) to O(1)
• Support inline function calls for NDS32 via ESIL
• Cache capstone options in x86/arm/mips arch plugins
• Improve ESIL for v850
• Fix satsub disasm text for v850
• Refactor nds32 ESIL argument handling for O(1) access and safer parsing
• Extend nds32 optype and esil support
• Use encoder fallback in arch session encode

asm

• Initial generic support for camel syntax
• Use the RArch api from RAsm instead of the anal callbacks

bin

• Fix a couple of boundary checks causing minor oobreads in the dmp parser
• Fix logic bugs, cleanup and simplify the PDB parser
• Fix memory leaks, endian issues and major cleanup for WAD
• Fix logic bugs, memory leaks and cleanup in the OMF parser
• Fix logic bugs, memory leaks and cleanup in the mach0 parsers
• Fix logic bugs, type mismatches and missing bounds checks in the ELF parser
• Cleanup and fix logic bugs in the DEX parser
• Fix memleak, off-by-one and unchecked init failure in the XCOFF64 parser
• Fix wrong type and unchecked read in PE section parsing
• Fix UB reads in the XBE parser
• Fix OOB loops in resize_section, del_rpath and segment_perms for elfwrite
• Segment permission patching for mach0s
• Implement rabin2-OP to patch segment permissions (Op is for sections)
• Improve elf write via rabin2 -O to patch segment permissions
• Use API (instead of cmd) and check for double redirects for bclass
• Add support for nds32 elf relocs
• Limit Swift demangler substring appends to 255 bytes
• Improve special hint symbols for ARM (elf/macho)
• Support more v850 relocs
• Extend Swift demangler with more abbreviation tables and conforms
• Improve class name extraction from demangled Swift symbols
• Fix ppc64be imports, symbols and entrypoint addresses
• Fix #25715 - wrong string vaddrs in kernelcache plugin for fat Mach-O binaries
• Entorce bclass sanitize right before use in core
• Fix #25707 - slow iOS kernelcache loading by bulk-reading into memory
• Fix memory leaks and unnecessary checks for dyldcache
• Fix memory leaks in the DEX parser
• Fix memory leaks in the PE parser
• Fix ELF versioninfo bounds and dynstr guards
• Fix clear deinits, memleaks and a heap overflow in mach0
• JNI_* symbols must be listed as entry-symbols via ies
• Autoload JNI types when loading
• Fix #24453 - Remove fixed flagName size
• Fix mdmp loop count underflow in bounds check
• Maxbound strings to 512 chars
• Clean up PE delay import parsing
• Fix PE delay import directory parsing
• Fix bin.limit consistency in Mach-O and .NET
• Fix memory leak when using RBinLimit with DEX
• Respect RBinLimit for PE too
• Respect RBinLimit in DEX
• Make bin.limit consistent across bin listings
• Respect RBinLimit when preallocating arrays in ELF and MACHO

build

• Install to lib64 on Fedora/RHEL/SUSE
• Fix quarantine related build error with scmangle
• Fix compilation in illumos

ci

• Add github actions for radare2
• Compile with FilC and ship the artifacts

cons

• Fix tv_usec overflow in r_cons_readchar_timeout for msec >= 1000
• Fix OOB write and underflow in winutils __fill_tail
• Fix overlapping strncpy in dietline kill-to-start handlers
• Fix cursor restore and OOB read in w32 xterm size probe
• Fix width clipping arithmetic in r_cons_print_at
• Fix rainbow buffer realloc and zero-size handling in r_cons_rainbow_new
• Shorter codepath for color2rgb
• Performance improvements in grep, dietline and canvas
• Fix parsing bold ansi colors to html

core

• Rename RCore.cmdCall to RCore.call
• Clarify cfg.sandbox.grain help text
• Fix endianness handling in cmd_write_inc
• Fix @@c parsing regression in @dp/@dr handling
• Rename R_CORE_LOADLIBS_ALL to R_LIB_LOAD_ALL
• Introduce R2_PLUGINS_ORDER to specify locations

crash

• Fix UAF when loading the same r2js script twice
• Fix some more integer overflows in NSO TE PE NE
• Extra check for boundary checks in the kernelcache
• Fix partial read bug in truncated kernelcache files
• Fix some integer overflows causing undersized allocations resulting in oobwrites
• Fix ubread in io.maps=bin.sections
• Fix invalied underflow state in the rbtree
• Fix integer underflow in the wfs command
• Fix overflowed array index in the rap server
• Avoid reading tainted phnum in ELF and cache a valid one once
• Harden winkd packet parsing against malformed KD/KDNet input
• Harden PDB parser against malformed TPI/DBI streams
• Fix multiple OOB reads and overflows in PDB parser
• Fix infinite loop and uninitialized free in PDB DBI module parser
• Fix r2 script injection via DWARF filenames in idL* output
• Fix oobread bug in r2k-linux and major cleanup
• Fix several oobread/oobwrite issues in shlr/gdb
• Fix several oobread/oobwrite issues in shlr/qnx
• Fix #25786 - heap buffer overflow in qnxr_read_memory
• Fix nds32_init_args crash + other side bugs spotted in the process
• Fix null deref in r_flag_tags_list when sdb is corrupted
• Refactor MSVC RTTI name reader and fix unchecked read loop
• Fix non-null terminated and zerosize file slurp bugs
• Fix OOB write and underflow in winutils __fill_tail
• Fix double-free and silence OOB warnings in r_cons_canvas_resize
• Fix OOB pointer arithmetic in regex p_bracket lookahead
• RFile.new can now take null as root without crashing
• Fix use-after-free and silent truncation in lines cache init
• Fix uaf in the elf parser
• Fix buffer overflows in xtensa disassembler
• Fix buffer overflows in tms320 disassembler
• Fix buffer overflow in m68k disassembler
• Fix buffer overflows in cris disassembler
• Fix buffer overflows in arc disassembler
• Limit ASN.1 hex string expansion to prevent memory exhaustion
• Fix GNS1 segment bounds checks to avoid overflow
• Avoid copying partial or overflowed ansi codes in rcons
• Fix uaf in r_asm_from_string
• Fix buffer overflow in dietline gcomp_line copy operations
• Use r_config_set API instead of r_core_cmdf for anal.cc
• Fix heap-buffer-overflow in macho parse_import_stub
• Fix OOM in mdmp parser due to unsigned underflow in safe_loop_count
• Fix integer overflow in parse_symbol_table() (CID 1646630)
• Fix integer overflow in parse_symbol_table
• Fix memleaks and heap-overflow in ELF parser for duplicate sections
• Fix heap overflow in egglang using 4096 variables
• Remove dead code, off by one and a null check in the esil analisis loop
• Harden SOM string-table bounds checks
• Fix r_str_wrap allocation sizing
• Fix #25650 - Command injection in curl PDB download
• Fix oobread bugs in the dotnet header parser
• Fix SSL crash in r_socket_connect: goto success instead of return true
• Fix #25636 - Oobwrite in the xtr.sep64 parser
• Fix webserver uaf based on @as0ler PR
• Fix pd-- heap overflow on long offsets
• Fix checkpoint snapshot ownership double free
• Fix seven charset decode buffer overflow
• Fix .hex directive odd-length parsing overflow
• Validate .cfloat bit sizes to prevent negative byte lengths
• ...

6.1.2

Release Notes

Codename: "Brainroot"
Version: 6.1.2
Previous: 6.1.0
AbiDiff: 70-77 (7)
Commits: 224
Contributors: 15

curl -Ls https://github.com/radareorg/radare2/releases/download/6.1.2/radare2-6.1.2.tar.xz | tar xJv
radare2-6.1.2/sys/install.sh

Highlights

More details

Authors

AGhebrea Adam Satko Antoni Viciano Armin Weihbold David Given Dennis Goodlett Priyanshu Kumar condret dependabot[bot] pancake pancake pancake pancake potato satk0

Changes

analysis

• Preserve anal.timeout across and iterators
• Add APIs to get/set function signatures and other attributes
• Fix selection of overlapped functions in pdc
• Unify invalid code checks and stop filler-prefix blocks early
• Dont crash when reaching large bb limits, defaults to 64KB
• Improve the jmptbl bb isvalid checks
• Shrink the default max basicblock size from 512K to 8K
• Refuse to accept invalid jmptbl blocks
• Add anal.vars.maxframe and anal.vars.maxbbsize
• Fix esil-computed refs without losing type propagation information
• Implement the 'ah=' command to copy instruction details into hints
• Optimize isString logic for anal.strings reducing heap allocations
• Minor optimization on a function called a lot of times in aae

api

• Remove all the filetype related apis from librmagic
• Remove r_name_filter_print function

arch

• Fix Thumb label resolution for b/bl
• Fix #23536 - Changing arch.endian affects cfg.bigendian
• Initial implementation of the Python pseudo plugin
• Fix overlapping registers in the dalvik profile
• Honor endian settings for the or1k disassembler
• Add ex9patch script for nds32

arm

• • Fix overlapping function selection and pdc boundary crossing on arm64 kernelcache

asm

• Use RArch instead of RAnal for consistent settings
• Fix the .fill directive wrongly using sizeof multiplier
• Add bf.pseudo plugin

bin

• Avoid redundant ELF uncaps scans in get_stripped
• Fix the ELF phdr parsing beyond symtab
• Add RBinInfo.uncaps to expose non-encapsulated symbols
• Improve stripped detection on MACHO binaries
• Improve stripped detection on ELF binaries
• Refactor and cleanup the PEF and PDB parsers
• Fix PDB parser cleanup on failed parses
• Handle empty XTAC names safely
• Pass around RBinFile in dwarf. instead of using bin->cur
• Fix Mach-O redacted symbol scanning in NUL-separated string tables
• Harden Mach-O entitlement bounds checks
• Optimize the RBinFilter code for section names
• Clamp nindirect count saves 7GB parsing corrupted macho
• Fix tons of memory leaks in the DEX parser
• Fix memory leaks in the microsoft demangler
• Fix infinite loop in walk_codesig by using blob offsets
• Fix kernelcache nested Mach-O symbol parsing under rebased IO
• Local LE optimization for the macho parser
• Speedup RBin.XnuKernelCache parser
• Improve icc's objc output to be more correct
• Fix ObjC instance/class method types when dumping via icc
• Simplify the macho header parsing to extract endianness
• Clamp code signature slots and simplify parsing checks
• Add missing CSSLOT code signature types for macho
• Refactor Mach-O bind parser to reduce nested code and improve bound checks
• FIx #25482 - Improved macho bound to avoid unparseable allocations
• Fix 'isv' error message and other code cleanups in cmd_info

build

• Support v6 as an alias for capstone-next for meson
• Fix #25607 - arm64 disassembler wasn't available for capstone-next
• Remove shlr/capstone leftovers
• Do not use LTO for static builds by default
• Zig toolchain for debian/i386 crosscompilations
• Add docker and scripts for testing on i386
• Initial bootable dist/iso machinery

ci

• Pub the r2r json artifacts for the asan jobs
• Use -j4 in a windows build instead of -j1
• Improve the wasi build machinery

cons

• Preserve cons.timeout across context stacks
• Add missing keys in color themes
• Hardened nullable context cloning

core

• Fix RConfigSet bug creating keys when storage is locked
• Defer autocomplete and envprofile setup in non-interactive startup
• Initial support for $$..XXX addressing
• Rename anal.types. config vars to be just types.

crash

• Memory ownership improvements for the http webserver
• Fix nullable outputs in r_flag_zone_around
• Fix use-after-free in bin_any filetype detection
• Fix pcap buffer unref on parse failure
• Fix 3 critical bugs in the regex engine
• Use RStrBuf in librmagic to fix two vfprintf bugs
• Add more safety bound checks in dotnet
• Fix oobread in dotnet parser
• Fix assert in '?e je|!cat' writing 0 bytes
• Fix null deref in the PEF parser
• Fix oobread exposed in the new psp tests
• Fix invalid mem free when one DIE has two or more DW_AT_name attributes
• Fix SIGCHLD deadlock for r2r 32bit systems
• Fix race condition in Linux's system causing random r2r failures
• Bound Mach-O SuperBlob count before allocation
• Fix infinite loading times for a fuzzed macho file
• De-recurse bbtree walks abusing stack usage in wasm/asan
• Fix UAF in the dotnet metadata parsing
• Clamp utf8 decode length for truncated null terminate inputs
• Fix deinitialization segfault in the background webserver

doc

• Document r2r tests in the manpage

dwarf

• Find dwarf attr DW_AT_frame_base once outside the hot loop

egg

• Inline assignments, block bodies, no empty frames and fastcall handling
• Refactor arm emitter, memory access, branch logic
• Refactor arm64 load/store helpers
• Fix fastcall declaration parsing and add a test
• Fix arm thumb emitter for frame, string, getvar and load
• Some arm64 egg emitter fixes (string, jmp, 8byte alignment, stp/ldp)

esil

• Dont run aeim in esil analysis related commands
• Push a zero into the esil stack when dividing by zero

fs

• Fix HFS+ extent overflow search key initialization

graph

• Add graph.bb.maxsize option to limit basic blocks size in graphs

io

• Speed up dyldcache rebase backtracking in io.dsc
• Fix memory leak, zip creation in readonly and other minor bugs in zip
• Do not corrupt files when using zip://

lib

• Refactor DRY user plugins load logic

muta

• Simplify the transposition muta plugins

print

• Merge pz and p= subcommands capabilities
• Support utf8 dots on truncated text with the new r_print_ellipsis
• Simplify cmd_print string helpers and drop null guards
• Fix utf8 checks for invalid and overlong encoding

projects

• Add prj.new config to use the new prj formats

r2js

• Implement more r2js variants for r2pipe2

r2r

• Fix r2r temp diff file handling
• Run iH for all the fuzzed binaries

ragg

• Fix memory leak in ragg2

remote

• Expose URI instead of basename for r2agent sessions

sandbox

• Do chdir("/") after chroot(".") to avoid sandbox escapes

search

• Use block buffering for faster anal search
• Optimize /az reading blocks and use minopsz and opalign

shell

• Fix #25556 - Internal grep with macros
• Support copying to directory and handle errors in cp

snslydid

• Run data-flow reference analysis to cmd_anal_all for consistent behavior witha aa

test

• Fix null/len checks to please the fuzz suite
• Add fuzz loop scripts
• Introduce the new indent suite

tests

• Add fuzz loop scripts

tools

• Add r2r -1 as an alias for -j1
• Fix formatting braced stuff like enums
• Reuse RCons in rafs2 interactive shell
• Fix SIGSEGV in rafs2 interactive mode
• Add support for user plugins in rafs2

types

• Lazy-load and cache types to speed startup
• Merge OS-specific types in RAnal.setOS
• Use sdb_set instead of sdb_query to store data after parsing
• Support parsing vararg in function pointers
• Support parsing forward structs declaration
• Include line number and type name when parsing fails
• Implement the tf- command to delete function definitions
• Add anal.types.xrefs for the tv commands
• Show xrefs for function signature definitions in tfv
• Implement tfv command to view function arguments and its offsets

util

• Add a larger regex testsuite and fix a couple of bugs

visual

• Add TV as an alias for TV
• Improve quality in the treemap '?em' code

6.1.0

Release Notes

Codename: The Low Table
Version: 6.1.0
Previous: 6.0.8
AbiDiff: 54-70 (16)
Commits: 346
Contributors: 24

curl -Ls https://github.com/radareorg/radare2/releases/download/6.1.0/radare2-6.1.0.tar.xz | tar xJv
radare2-6.1.0/sys/install.sh

Highlights

More details

Authors

Abhi Ahmethan G. Alberto Marnetto Antoni Viciano Carl Smedstad Charloitte Daniel Nakov Hakal Ignacio Sanmillan Marc R. Oblivionsage Oblivionsage Priyanshu Kumar Quentin Kaiser Zhichen Wu astralia aviciano condret dnakov pancake pancake pancake potato satk0

Changes

abi

• Reimplement RBufRef on top of RRef
• Fix the RLibDelHandler api

analysis

• Delete stale JAY code. wasnt used in 10 years
• Use invalid_page in aap, fixes another slow CI test
• Improve the invalid page check to speedup /azs
• Break aac when io fails or its not even executable
• Make use of the cmp value for jmptbl size, this was dead code before
• Better integration of plugins in the analysis pipeline
• Use RRef instead of custom refcounting in RAnalBlock -26LOC
• Add anal.jmptbl.split option to experimentally solve the missing cases
• Fix infinite loop in the jump table with shared basic blocks
• Fix #5136 - Add anal.jmp.pair to flatten consecutive inverse branch antidisasm tricks
• Add time_t type definition with size specification
• Handle CS_AC_READ_WRITE in the x86 cs plugin
• Honor op.ptr references in /re for x86 only
• Add plugin to import traces from DRCOV logs
• Rewrite RCore.seekOpForward for the better
• Better autoname filtering chars with RName apis
• Introduce afnq refactor afn into a separate helper
• Improve better fastpath function autoname
• Rewrite RCore.seekOpBackward for the better
• • Rewrite RCore.seekOpBackward for the better
• Move core.sixref plugin to anal.six
• RAnalCmd now returns a string instead of bool

api

• Add the new RNum.getErr helper
• Enforce non-null compile-time check for R_NEW and R_NEW0
• Single RConsVisual.readline helper used everywhere
• Introduce the new R_QUIET_FAIL for fast path asserts

arch

• Update from binutils the ARC disassembler from 2009 to 2026
• Use RStrBuf instead of the unsafe sprintf in the rv disassembler
• Use refcounted RArchSession
• Fix incorrect plugin references in RLibStruct structures
• Dont use strcpy/strcat or globals in xap disassembler
• Fix typos in the java opcode tables

asm

• Implement the asm.pseudo plugin for dotnet's CIL
• Add support for camelcase disasm syntax
• Add ARC pseudo plugin and update opcode descriptions
• Fix #25232 - x86asm for sil,dil,spl,bpl
• Fix x86 assembler accepting invalid register names like r1

bin

• Extend iH to return a string and permit multiple formats
• Import function signatures and types definitions from DWARF
• Fix arch hints for cil/x64 binaries and its tests
• Extend the CIL detection for Mono exe/dll
• There's no need for a PE to have a certificate
• Fix resource leaks in NE format parser
• Implement iz. izj. and izq. to show string in current address
• Add izzc and izzzc commands to count raw strings
• Fix leaks and other bugs in the LE format parser
• Implement izjq and its alias izqj
• Add bounds check for MDMP comment stream size
• Disable the xtr.dyldcache, fix a crash and other XXX in xnu.kernelcache
• Count and pagination of iz strings listing commands
• Add iz+ command
• Extend iz- command to accept length and type
• Fix endian-unsafe struct read in LE reloc parsing
• Add support for ARM64's GLOB_DAT ELF reloc types
• Fix code_length bounds check in Java class parser
• Replace eprintf with R_LOG in Java class parser
• Use actual data_size for MDMP comment streams
• Expose RTM revision version information from minidumps (mdmp)
• Fix #25382 - Open Limit chained fixup loop iterations in le reloc parsing
• Expose macho imports as vectors
• Use RVec for the ELF imports
• Priorize the use of RVec for RBinImports
• Ten times less memory use when loading DEX
• Fix some other bugs and memory leak in izz
• Remove deprecated addrline storage and fallback code paths
• Clamp MZ sections with file size
• Fix #25209 - Ensure we have enough data to read in mdmp
• Generalize imports cache for performance
• Support the Apple C4000 Baseband firmware (gns1)
• Fix memory leak in zimg plugin
• Fix memory leak in bflt plugin
• Zero copy string handling in swift demangler and remove one global
• Cache the has_nx value in the elf to parse it once
• Extract NX information for QNX ELF binaries
• Fix memory leak in PE parser
• Fix #25277 - oobread by one in the OMF parser
• Rework bin.xtac to fix tainted, memleaks and BE
• Fix memory leaks in Java binary parser
• Fix memory leaks in MDMP plugin and RBinMem
• Fix memory leaks in the som parser
• Fix #25248 - memory leak in MDMP parser
• Fix memory leaks in QNX binary parser
• Fix memory leak the SOM import parser
• Optimize symbol loading
• CUBINs are ELF based on EM_CUDA
• Lazily compute the PE autentihash once + add missing muta hash plugins
• Use RMutaBind in the PE plugin
• Use RMutaBind in RBin too, replace r_hash calls in macho
• Rename r_bin_command to r_bin_cmd
• Refactor the bflt code, more cleanup and minor reloc improvements
• Support non-arm bflt executables
• Fix reloc native types for mach0
• Expose more native reloc types
• Expose the reloc type for REL binaries
• Add support for records and invoke dynamic in java
• Add support for ACC_HIDDEN Java classes

build

• Cydia builds use rootless prefix and target arm64
• Inform the user about the command to run as sudo in sys/install.sh
• Fix to meson without any zip dependency, not even otezip
• Specify arm64e to please Sileo packages
• Fix r2_fortunes path inconsistency in meson.build
• Initial support for third party plugins
• Move shlr/ar into libr/io/p/ar
• Replace bundled libzip+zlib with otezip (-55kLOC)
• The csnext job now tests libuv and no-undefined
• Disable debug log statements in release builds

ci

• Fix #25179 - Merge the csnext and ssl jobs

cons

• Fix #17391: preserve UTF-8 in graph output
• Remove repeated spaces in hud lines
• Fix the color palette propagation problems via rcorecmdstr

core

• Add more guards to make background tasks more predictible
• Fix #25374 - Convert RLib->plugins_ht to a per-type array of hashtables

crash

• Fix a double free in r_str_replace_icase
• Fix stale pointer used when temporal blocksize changes
• Fix overflows array oobread index in intervaltree
• Fix negative index used in *r_anal_function_get_var
• Fix overflows return value in io.dsc
• Fix another integer overflow in bin_pelf
• Fix oobread caused by integer overflow in kernelcache
• Fix integer bug in dotnet getname causing oobread
• Fix two oobwrite bugs in canvas_resize
• Fix two integer overflows in RCore.getBoundariesProt
• Fix untrusted loop bound, integer overflow and oobread bugs in bin_pef.c
• Fix uaf in /m
• Fix integer overflow in the wfs command with large files
• Fix zero and size_t multiplication overflow UB issues in rvec
• Fix oobwrite in visual write commands and oobread pascal demangler
• Fix UB cast in container_of macro
• Sanitize function names in afl* to avoid command injection
• Fix UAF in RBin.ELF.fini
• Sanitize callconv in fcn_print_detail output
• Fix iter page underflow in le parser
• Fix integer overflow bug in r_cons_print and r_cons_write
• Fix #25338 - Out-of-bounds read in the NSO parser
• Fix #25336 - integer underflow in QNX parser
• Fix use-after-free in LE/LX reloc parsing
• Fix possible argument injection vuln in the swift demangler
• Fix #25290 - ELF extended phnum allocation check
• Sometimes the webserver calls this function with null command
• Fix otezip UB and incorrect java boundary check
• Fix heap buffer overflow in SPP processor
• Fix core plugin initialization order
• Fix #25212 - oob read in r_str_len_utf8
• Fix potential overflows in snprintf for cmd_mmc according to codescan
• Fix potential uaf in gdbclient/responses.c
• Fix the space for the null byte in seven.c

debug

• Fix #2079: Add source line breakpoints
• Implement native breakpoints support for XNU/ARM64
• Use RMutaBind in RDebugSnap
• Implement print fpu registers for linux-arm/arm64

diff

• Resolve 6 TODO comments from xpatch

disasm

• Support overlapped strings in the disassembly listing
• Do not emit Color_RESET in disasm loop when scr.color=0
• Improve auto-string comments in disasm
• Honor RMeta string size in 'str' flags
• Fix #680 - Keep :NN suffix in symbol substitution

esil

• Extend emulation support for x86 FPU

fs

• Fix #16396 - add mlx to list deleted files only for FAT
• Fix #19411 - Handle r2 alias for 'open'
• Move shlr/grub into libr/fs/p/grub

hash

• Fix #13937: rahash2 -R sdb output

http

• Fix the webserver when sandbox is enabled

io

• Fix #15699 - Add SREC file format su...

6.0.8

Release Notes

Codename: CleanWheat
Version: 6.0.8
Previous: 6.0.7
AbiDiff: 39-54 (15)
Commits: 291
Contributors: 11

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.8/radare2-6.0.8.tar.xz | tar xJv
radare2-6.0.8/sys/install.sh

Highlights

More details

Authors

Copilot Francesco Tamagni Ole André Vadla Ravnås Ole André Vadla Ravnås dependabot[bot] pancake pancake pancake potato qz satk0

Changes

abi

• Migrate r_vector to RVec in core, anal, io, and other components

analysis

• Unify redundant state vars in type propagation
• Use faster data structures for caching data for type propagation
• Remove anal.a2f and the a2f core plugin, it's in anal already
• Conver the blaze analysis from core into an analysis plugin
• Make the leading double lowerdash in symbols irrelevant
• Fix aaef corrupting files in write mode by routing ESIL writes to IO overlay
• Fix analysis command plugin listing 'a:?'
• Add test for type propagation after manual aei
• Move and improve type propagation as a plugin
• Compute with memoization the amount of refs in functions
• Fix null asserts in the 'ap' command and handle prelude binmask
• Resolve gp-relative jump tables for MIPS
• Fix function arg name counting

arch

• Fix #25037 - Support to assemble the 'enter' instruction for x86
• Support AT&T syntax in x86 disassembly and ESIL generation
• • Simplify x86 operand handling by removing find_*op helpers
• Heavily refactor and improve the z80 plugin
• Fix bugs in the z80 assembler and disassembler
• Expose rbin metadata for dotnet in disasm
• Initial support for CIL disassembler and assembler
• Execute delay-slot instructions in branch instructions and fix gp alignment

bin

• Fix support for Java class loading
• Add kernelcache test and simplify rbuf reference issues
• Emit demangled class names even if demangled is disabled
• Remove rvector calls away from the elf
• Use RVec in machos
• Remove globals from the python plugins
• Fix the swift demangling tests with trylib=false
• Discard unaligned strings with bin.str.align option
• Use the arena allocator and fix memory leaks in the dwarf parser
• Fix demangling bombs honoring the maxsymlen option
• Fix xrefs in apk:// rebase getoffset() with RBinFile.getVaddr()
• Implement .types for the PDB plugin
• Fix multidex apk:// rebasing
• Add rbinplugin types (experimentally used only for dotnet)
• Set RBinClass origins where possible
• Add the class origin field
• Fix #24989 - ARM RPI2 PE identification
• Fix leaks, rm globals and other cleanups for PDB
• Improve the objc parser boundary checks, find more refs
• Mark cil methods with anal arch hints
• Improve AARCH64 relocation support for ELF
• Initial working support for .NET PE assemblies
• Implement the RBin.pdb plugin
• Fix partial ARM instructions relocs for ELF
• Properly inform about why an ELF is not stripped

build

• Also use -Oz in sdk-common.sh
• Omit third-party asserts during SDK builds
• Build SDKs without runtime checks
• Update the rpm package
• Build xcframework with frameworks
• Fix libr.dylib exports on Apple OSes
• Fix and tune the xcframework sdk
• Improvements on the SDK compilation for apple targets
• Fix sys/install.sh for busybox environments

ci

• Build less wasis in PRs
• Use ./configure -qV instead of sys/version.py
• Add XCFramework builds in the release pipelines
• Switch to macos15 because older ci runners are not available

cons

• Make the bluy theme really bluish
• Refresh palete when needed only, fix 'ec' calls from RCore.cmdStr
• Better color limit checks with TERM
• Respect the TERM envvar, only for colors for now
• Reset command switch the terminal mode to ASCII

core

• Improve abiversion warning messages

crash

• Fix uaf bug in apple kernel/dyld-caches spotted by scan cov
• Fix off by one write in the set regprofile function
• Fix oobread in dmh with glibc and uaf in magic command
• Fix UAF in the pdb deinit process
• Fix a couple of recent integer overflows in PE
• Fix oobwrite segfault in dotnet parser
• Fix oobwrite in r_strbuf_append_n
• Dont depend on global cons instance for win_is_vtcompat
• Avoid rbinfiles to UAF if the rbin plugin associated is unloaded
• Fix oobread crash in dotnet parser
• Fix null deref in the p9 parser
• Check for abiversion before loading plugins
• Fix buffer overflow in PE parsing imports and symbols
• Fix UB overlapped memcpys in iomaps
• Fix infinite loop in the mach0 relocs parser
• Fix near-infinite loop in the objc parser eating lots of memory
• Fix infinite loop in r_core_anal_type_match
• File paths with the curl backend must escaped as TMPDIR poisoned for command injection
• Fix an OOB by one in the rap server and better error checking
• Fix system command injection via RSocket.get/post headers when using curl
• Use RSocket.download from idld to fix command injection
• Check the vec reserve before emplacing it back

debug

• Fix radare2 gdb remote debugging support and add test
• Detect and warn when setting overlapped breakpoints
• Implement 'dga' to coredump all maps
• Fix r_str_scanf parsing bug and dg coredump on linux-x64

disasm

• If arch isvm lower varmin to zero
• Implement the scr.rainwbow.regs option
• Fix scr.color.regs when scr.color.ops is false
• Fix colorized ops with byte colors when scr.color.ops=false
• Add register rainbow coloring support
• Add asm.cmt.strings to disable aop.ptr strings

esil

• Replace chevron operators with LSL, LSR, ASR, ROL

fs

• Sort apfs files by name instead of randomly depending on a hashtable
• Implement support for reading files in apfs mountpoints
• Retrieve the file sizes in the apfs filesystem
• Add support for BSD DiskLabel partitions
• Initial support for the Apple FileSystem
• Add support for APM (PMAP) Apple Classic partitions
• Add support for EBR partitions (keep MBR support)
• Initial support for GPT partition tables

hash

• Fix r_hash_tostring using update/end properly

http

• Add APIs to register sessions

io

• Implement the tap:// io plugin for simh tape images
• Enable rawio by default
• Add support for pipe fifo files with 'r2 <(uname)'

muta

• Port all charsets from r_charset to rmuta via charset plugins

panels

• Fix multiple layout settings

perf

• One more strbuf reserve and unnecessary uses of it
• Reduce strbuf drains by removing the slack area

print

• Removing pf, pf2 is the new pf
• • Refactor print formatting to improve handling of structs, arrays and pointers
• Refactor print formatting to improve handling of structs, arrays and pointers

shell

• Implement the @@@m:perm foreach operator
• Fix column width in 'ls'
• Fix column width in 'ls' output
• Load fortune messages from directories
• Fix #24914 - Refactor and improve 'sf' command
• Add support for ${pal:} themed colors in scr.prompt.format

socket

• Handle SOCKET_HTTP_MAX_REDIRECTS in the curl codepath
• Support binary data downloads via RSocket.get
• Implement RSocket.download as a wrapper for get+dump

tests

• Add SKIPONASAN option for r2r to avoid a dmh test to fail
• Display short test paths if possible
• Check and display libr version with r2, r2r and rasm2 are the same bin with libs

tools

• Honor R2_COLOR env var from rabin2
• Implement -hh for rabin2 and rasm2
• Include abiversion in -v and -V
• Add JSON support to rafs2
• Add R2_DOCDIR and R2PM_DOCDIR variables
• Add missing rahash2 in blob/main
• Implement rasm2 -LL to list the parse plugins
• Fix error code for 'rasm2 -a invalid nop'

types

• Update scanf and wscanf function signatures to reflect variadic arguments
• Implement typedef union and enum parsing in KVC parser

util

• Fix RBuf design lifetime issues
• Improve r_str_rwx to parse the shar bit
• Sperm bit handled in the helper
• Use logaritmic capacity grows in strbuf
• Continue improving the arena api

visual

• Colorize perm field in iS, dm, dmm and om
• Some better organization sub-visual modes (TAB)
• Add scr.vprompt.format

wasm

• Update to use the latest wasi-sdk-29.0
• Add wasi-browser using wasm-imports

6.0.7

Release Notes

Codename: "sixseven"
Version: 6.0.7
Previous: 6.0.6
AbiDiff: 39-39 (0)
Commits: 4
Contributors: 2

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.7/radare2-6.0.7.tar.xz | tar xJv
radare2-6.0.7/sys/install.sh

Highlights

More details

Authors

pancake pancake

Changes

shell

• Fix parsing r2 -H$(VARNAME) without a space

6.0.6

Release Notes

Version: 6.0.6
Previous: 6.0.4
AbiDiff: 24-39
Commits: 331
Contributors: 28

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.6/radare2-6.0.6.tar.xz | tar xJv
radare2-6.0.6/sys/install.sh

Highlights

More details

Authors

0verflowme Abhi Edoardo Mantovani Eduardo Novella Ignacio Sanmillan Luc Schrijvers MiKi Miquel S. Nikesh Chavhan Pau RE Priyanshu Kumar Quentin BUATHIER Quet Zal Sagittarius-a Sverker Sverker Berggren System Administrator astralia dependabot[bot] dominikfhnw google-labs-jules[bot] gum3t pancake pancake pancake potato qz vicky-dx

Changes

abi

• The old RStr.pad() is now replaced by pad2

analysis

• Use code/call/data refs to find shortest flow path
• Improved support for anal.timeout
• Handle more arm64 jump tables
• Expose the ptrsize on more arm LOADS
• Handle more cjmp instructions for loongson
• Fallback to recursive esil for too sparse functions
• Dont change blocksize when running afva
• Properly expose the ADD imm on arm64
• Some more consistency fixes for arm
• Fill the op.val on arm64 CMP instructions
• Fix #24712 - p8fm mask size mismatch for instructions longer than 8 bytes
• Add comprehensive ROP gadget tests for ARM32/ARM64/x86-64
• Fix duplicate xrefs in axff output
• RThreads use 8MB of stack instead of 1MB

analysys

• Expose the LOAD size for arm64 LDR ops

api

• Implement simple arena memory allocator
• CoreBind getI must resolve ut64
• RCoreHelp should take a const string as argument

arch

• Fix wasm opsize read issue
• Assemble msub, str and stur ARM64 instructions
• Support encoding ex9.it, ifret and ifcall nds32 instructions
• Add register alias names for nds32
• Throw more ESIL and pseudo for nds32 instructions
• Add support for v1/v2/v3 sBPF bytecode standards
• Describe all instructions for the COSMAC architecture
• Support assembling the 'notrack' r{jmp|call} prefix for x86-64
• Implement x86 assembler for pushfq/popfq and fix cwde
• Fixed registers name for NDS32
• Initial import of the hppa pseudo parser
• Add HPPA disassembler database with instruction descriptions
• Add the instructionset documentation for nds32
• Initial import of the nds32 pseudo parser
• Fix #17637 - ARM64 variable substitution in address calculation instructions
• Fix #15947 - Compound assignments for the ARM64 pseudo
• Support asm.pseudo for the x86 BMI1 instructions
• Assemble the BMI1 instructions for x86-64
• Fix pseudocode for arm64 movk instruction
• Add more arm32 instruction descriptions
• Assembler movsz and movzx for x86-64
• Add support for ghost nops for x86-{32,64}

asm

• Fix #24824 - Use asm.imm.base for ATT syntax
• Custom float directives for rasm2
• Add Floating Point profiles for VAX, CRAY, IBM370 and more
• Support signed and unsigned directives in rasm2
• Initial support for the .db .dw .dd .dq rasm2 directives
• Eliminate RAsmOp and just use RArchOp
• Unify asm_massemble and add asm.spp into asm_assemble
• Implement r_asm_plugin_remove
• Fix #19171 - movaps assembly with xmmword size specifier

bin

• Expose sBPF version via asm.cpu and support rebaseable relocations
• Keep up parsing TPI leaves and support PDBs larger than 64KB
• Initial support for HPPA / SOM binaries
• Fix parsing TLS entrypoints in PE64
• Fix swift demangling on Linux
• Add missing e_machine EM_486
• Support large fat machos > 4GB
• Add the eeprom category for symbols
• Fix stripped detection for some ELFs

build

• Remove static builds from release
• Remove arm64 linux crosscompile
• Cancel old workflow executions
• Make pkgConfig unnecessary with R2_CFLAGS|R2_LDFLAGS to r2/r2pm -H

cons

• Fix null deref in windows when process received ^C
• Fix multi-byte character support in panels and graphs
• Clean some code and fix visual wrap regression
• Fix blinking prompt on windows dietline
• Refactor the drain csi escape codes logic
• Fix dietline bug on Windows causing SUPR key to quit
• Replace fixed line limit with adaptive page-based limit
• Fix #1973 - line counting for large output
• Fix hud large filter, resize refresh, fix ansi text wrap
• RCons.less should act as cat in non-interactive mode

core

• Initial redesign of the RCoreTasks to support fork and thread jobs

crash

• Fix oobwrite bugs spotted by clang-analyzer
• Fix buffer ovf at r_str_scale
• Fix null deref in '?$' and '$o' when no RBinObject
• Fix null format in 'fa' command
• Prevent the :::infinite but interruptable command
• Fix #24813 - null deref in xnu kernelcache
• Fix oobread in the command parser
• Fix two DoS bugs in the iso9660 parser from grub
• Fix assert on windows when opening a file that doesnt exist
• Fix race condition in thread_kill
• Ignore bad bin plugins with null section/symbol names
• Fix recurive r2ai calls with failed rc
• Fix #24748 - Avoid double free in pyc parser
• Fix null deref in rasm2
• Fix #24737 - NULL pointer dereference in r_anal_extract_rarg
• Fix null deref crash reported by @astralia during the nn training
• Fix #24661 - null deref in dsc loader
• Fix #24660 - Null deref in NE parser

debug

• Avoid mach exceptions to slip breakpoints by accident
• Add :tls command in mach:// to print the thread info address (not the tls)
• Add :tls command for the w32dbg io plugin
• Fix dd filename handling and add seek reset test
• Add cfg.regnums (false by default) to read register values via rnum
• Fix #14715 - Validate pid argument in cmd_debug_continue function
• Implement extended support for custom floating-point formats in the register subsystem
• Honor special chars in more rsocket profiles
• Fix fuzzy backtrace to show complete call stack with correct SP values
• Add name field to breakpoint JSON list

dev

• Ship the .clang-format file INSIDE the clang-format-radare2 script
• Update for the code-format tooling (introducing clang-format-radare2)
• Introduce the new radare2-format script

disasm

• Fix #17637 - Don't substitute variables while in stack frame setup
• arm32 workaround for resolving function arguments
• Fallback to callconv reg when argument is invalid

doc

• Improve the manpage to markdown parser
• The "man" r2 command now loads other categories
• Install man(3) pages

egg

• Fix #14765 - Include rasm version of the shellcodes and verify them

esil

• Honor cmd.esil.trap when running TRAP or invalid code
• Implement ESIL for the ANDN instruction

flags

• Add fzs for seeking

fs

• Initial support for the BeOS Filesystem (BFS)
• Fix 'mc' for filenames with spaces
• Add automagic detection for more filesystem types
• Audo mount ubifs and make it available for meson
• Miknight Commander improvements (mouse support et al)
• Add Miknight Commander (mmc) dual-panel file manager for r_fs and local filesystem
• Implement get64, set and set64 commands in the fs.shell
• Implement the mkdir command in the fs:shell
• Fix double fs.cwd bug in the "mw" command
• Add 'md+' command to create directories
• Add the new temporal filesystem
• Add new API r_fs_mkdir
• Add rafs2 - radare2 filesystem tool
• Implement filesystem details command (mn) for mounted
• Add test suite for UBIFS filesystem plugin
• Fix #23463 - Add support for UBIFS, add prgr and mis commands
• RFSPlugins expose the cmd interface for m:

io

• Fix and optimize support for blockdevice
• Fix and enable rawio by default (use mmap:// otherwise)
• Fix io.cache truncation bug

json

• Fix bug in pj and another in json_parser when using arrays of raws

lang

• Handle ^C and show stacktrace in RLang.qjs

print

• Add cfg.newpf to run pf2 instead of pf
• Handle help in pp subcommands, fix ppf, refactor pd and add tests
• Make clippy capable of emojis
• Add utf8_display_width api
• Fix #2953 - Handle functions in pxa (not just flags)
• Add support for bf16 in rax2 and pf

projects

• Minor improvements and code cleanup for the old

pseudo

• Implement minimal pseudo for evm

r2pm

• Warn when the package database is older than 2 weeks

rarun2

• Disable read timeout for connect sockets in rarun2

search

• Fix #24812 - JSON output for Rabin Karp
• Fix JSON output for Rabin Karp
• Support JSON output for /s command
• Use 1024 as maximum valid string

shell

• Fix grep in quoted commands
• Add ${relto} and \s handlers for scr.prompt.format
• Handle ${e:EVAR} variables for the scr.prompt.format
• Add vaddr, paddr, r:reg and use corehelp in prompt.format
• Revert "Revert "Parse -h and -H flags before RCore
• Add rc+value in scr.prompt.format
• Handle more help messages for u subcommands
• Initial implementation of scr.prompt.format
• Handle ^D in -j to ...

6.0.4

Release Notes

Version: 6.0.4
Previous: 6.0.2
Commits: 202
Contributors: 18

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.4/radare2-6.0.4.tar.xz | tar xJv
radare2-6.0.4/sys/install.sh

Highlights

More details

Authors

Ignacio Sanmillan Jassim Bahmida Juho Kuisma Murphy Neil Macneale V Ole André Vadla Ravnås Pau RE Sergey Fedorov Takumi Matsuura dependabot[bot] ksen-lin pancake pancake pancake plague-spreader qz simexce simexce

Changes

24517

• Fix

abi

• Remove unused field in RCoreCmd and cfg.newtab

agent

• Register remote sessions when using the r2agent
• Add r2agent -L to list current sessions

analysis

• Simplify string processing in the anal.sbpf plugin
• If target arch is vm-based we may disable nopskip
• Initial import of the a:path plugin
• Fix #23554 - Handle agD subcommands
• Implement sBPF analysis plugin for Rust string resolution
• Add support for dynamic function prefixes
• Pave the road to support dynamic function prefixes
• Index __objc_msgrefs xrefs and parse last ss_selrefs
• Fix objc parsing on 32bit binaries
• Masquerade class bits in objc selector refs
• Handle argument in afci command

api

• Eliminate R_STR_DUP. just use strdup

arch

• Build the analysis plugin in default plugin and other goods for sBPF
• Fix Capstone's SBPF relative jump disasm syntax
• Initial import of the snes.pseudo asm plugin
• Add vax, snes and sbpf instruction definitions
• Add pseudocode plugin for VAX
• Improve the 6502 pseudo disassembler
• Integrate the bpf assembler in the capstone plugin and add tests
• Add support to assemble extended bpf64 instructions
• Implement support to assemble ST/LD classic bpf instructions
• Implement support for ldm/stm for arm32 assembler
• Implement support for 'pld' prefetch load for arm32
• Support umlal and more msr constructions for arm32 asm
• Implement crc32, rdrand and rdseed for x86 assembler
• Add support for lzcnt, tzcnt and popcnt x86-64 assembler
• Fix #7366 - Implement support for shlr/shrx/sarx for x86-64
• Implement support for the 'mrs' instruction in armass
• Fix #10038 - arm32 assembler affected by spaces
• Fix #21211 - support in the assembler more m68k instructions
• Make the m68k assembler available from the gnu plugin too
• Fix #20743 - Assembler for 'bsr eax, dword [4]' on x86_32
• Fix #11611 - Assemble 'call dword[mem32]' for x86_32
• Implement support for bpf pseudocode (alias sbpf)
• Fix arm64 assembler for 'stp x3, x3, [x0, 0x10]'
• sBPF minor fixes and better handling of Solana syscalls in ESIL
• Fix #24520 - Fix arm64 assembler for ldr x0,[x27,0x100]'
• Add one arm16 prelude shared with the gnu plugin
• Initial implementation of the pseudo plugin for msp430

asm

• Use bpf instructions descriptions for sbpf

bin

• Implement reloc 21 for VAX on ELF
• Store rawname in RFlagItem and expose it from RBinName
• Fix the RTTI-specific demangler and add more tests
• Use the quoted r2 commands for perf and avoid command injection
• Fix elf parser hang on malformed PT_DYNAMIC entry
• Fix #24572 - Detect sBPF binaries avoiding early symbol deps
• Enlarge symbol name limits aligned to flag sizes
• sBPF: Add better ESIL modelling and fix R_BPF_64_32 reloc
• Fix XNU kernelcache pointer undecoration logic
• Implement support sBPF ELF binaries
• The _selrefs and _msgrefs are not mandatory to parse objc metadata
• Remove global variable from the ninds plugin
• Remove global state in the RBin.mbn plugin
• Fix #14879 - Initial support for MobiCore MCLF
• Implement XNU IOKit class carving
• Fix JSON encoding of class addresses
• Add RBinClass instance size and type name fields
• Use R_FLAG_NAME_SIZE for class/methods flags

build

• Refactor meson build dependencies
• Initial work towards building for UEFI
• • Fix #22956 - Update acr to adjust the macppc triplet
• Fix preconfigure.bat for some setups
• Add brew recipe in dist/brew

ci

• Bump softprops/action-gh-release from 2.3.2 to 2.3.3

cons

• Respect ROWS/COLUMNS environment variables if defined
• Fix EOF when Control+Backspace is pressed
• Fix the invalid key.f15 error when pressing control+return
• Lookup table for the runes

core

• Initial real thready Core tasks support

crash

• Fix code injection bug in TAB from help
• Fix recent UAF when modifying rawname
• Fix infinite recursion in pvm://

debug

• Fix #24186 - Properly support Aarch64 FPU registers

disasm

• Fix
• Fix #24417 - Add asm.imm.base config variable

doc

• Third round reviewing and updating libr manpages
• Teach AGENTS.md about the laws in r2land
• Reviewing half of the libr manpages
• Autogenerate manpages for all the libraries

egg

• Use the decrypted shellcode wrapper and properly compute its size
• Initial work towards shellcode mangling
• Move all shellcodes into a subdirectory for processing purposes
• Make openbsd shellcode endian safe

flags

• Consider ~ a char to be replaced with "_"
• Initial implementation of autoflagspaces
• Add 'fsr' to the help message
• Implement the r_flag_closest_with_prefix api
• Add API to find the nearest flag inside a flagspace

fs

• Use :lsj/:mdj in the fs.io to pick file size info

http

• Add support for r2pipe client apis over http-post
• Support POST on /cmd
• Webserver config changes happen on every command

io

• Implement the R_IO_SEEK_HOLE
• Fix 'wcf' command for non disk usecases
• One more uri handler check for the double open cfile issue
• Initial import of the process_vm IO plugin

json

• Fix tfj empty object and trailing comma problems

lang

• Disable the vlang plugin, until ready to be updated

projects

• Use the right NUL device on Windows for rvc.git
• Save and restore bit and imm hints in the new projects

r2pm

• Fixed r2pm -ci r2ghidra not running on Windows 11

r2r

• Blind fix for the multi fail handling procedure in r2r

shell

• Add help for the ps subcommands
• Fix percentage in cf logs always showing 0% or 100%
• Bring back the 'is*' command
• Handle '?' in many f subcommands
• Fix #24325 - Another proposal to address this resize loop issue
• Show help for the ? in /a subcommands
• Add r2 -H R2_MANDIR
• Add R2_DEBUG_NOLANG variable to avoid loading RLang plugins
• Autocomplete flags after "f name="
• Add new math operators and sub-expression support for negation operators
• Fix warning in "is,"
• Alias fg/bg/jobs to ease core task usage

tools

• Fix rabin2 -D help like iD help works
• Deprecate -l and update manpage
• Load plugins with r2 -i too (not just scripts)

types

• Ignore include and var args definitions from type deletion
• Refine the core IOKit types
• Add core IOKit types
• Improved function pointer sdb storage and kv parser
• Implement tfc command without arguments listing them all

util

• Implement r_str_pad2 to avoid using the tls
• Clamp udiff scores, align_table allocations and remove dupped code

visual

• More vmatrix wishes pleased
• Fix scrollbar boundaries in vsharp
• Initial import of the vmatrix mode

wasm

• Avoid wasm builds from using long doubles

zignatures

• Implement support for mangled/demangled names

6.0.2 - codename "Relephant"

Release Notes

Version: 6.0.2
Previous: 6.0.0
Commits: 26
Contributors: 4

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.2/radare2-6.0.2.tar.xz | tar xJv
radare2-6.0.2/sys/install.sh

Highlights

Comparsing 6.0.2 with 6.0.0:

• 🛠️ Fix r_event.h install location on meson builds
• 📱 Android flock regression fixed
• 🔧 Fix build when using libuv
• 📄 Implemented RXML DOM API
• 💻 Support for R_X86_64_RELATIVE ELF relocs
• 🚫 Avoid loading files twice on some URI handlers for bin parsing
• 📂 Fixed loading rc scripts from XDG paths
• 📜 Add hexfile:// URI handler
• ⌨️ Support F key shortcuts in the shell
• 📏 Honor underlying IO sizes in psz
• 🧩 Temporary block modifiers: @xc: & @xf:

More details

Contributors

Pasquale Scalise dependabot[bot] pancake pancake

Changes

bin

• Avoid load file twice for bin parsing with some more io uris
• Implement support for R_AARCH64_RELATIVE for ELF imports
• Fix unsupported reloc type 1027 on ELF-x64 binaries

build

• Fix r_event.h installation path

doc

• Updated man page with info on configuration files

io

• Honor underlying io sizes when pulling strings from
• Fix the flock regression on Android
• Fix nocache:// uri handler
• Implement hexfile:// uri handler

shell

• Fix negative fkey in dietline
• Implement @xc: and @xf: temporary block modifiers

tools

• Fix xdg config path ~/.config/radare2/rc and rc.d

6.0.0

Release Notes

Version: 6.0.0
Previous: 5.9.8
Commits: 881
Contributors: 51

curl -Ls https://github.com/radareorg/radare2/releases/download/6.0.0/radare2-6.0.0.tar.xz | tar xJv
radare2-6.0.0/sys/install.sh

Highlights

More details

Authors

Adam Satko Amir M. Jahangirzad Antoni Viciano ApkUnpacker Armin Weihbold ChrisP Christopher Talib Daniel Maslowski Daniel Nakov David Cannings Dennis Goodlett Francesco Tamagni Juho Kuisma Jules Maselbas Kreijstal Matt Brooks Matt Brooks Mewt R MewtR Michael Hughes Murphy Ole André Vadla Ravnås Pau RE Paulo Matias Richard Wheeler Silur Stefan Sylvain Pelissier Troy Patrick Vasilyy Wagner Riffel astralia aviciano condret dependabot[bot] frukto jjaareet kyufie l0kh numonce pancake pancake pancake s0i37 satk0 tabudz tabudz wagner riffel xiaoxiaoafeifei zhailiangliang アンドラーシュ

Changes

abi

• RCorePlugins now have a session
• Finish the RKons refactoring, all r_cons calls take instance instead of global
• Rename RCrypto to RMuta
• Use RCons instance from RLine
• Rename RIOPlugin.widget to RIOPlugin.data
• Refactor the RRegAlias api
• Camelcase all the RCoreBind methods

analysis

• Wireup function and variable events
• Implement LA for listing analysis plugins
• Implement afv*/afvd* and fix afv[srb]? help messages
• Fix call to r_type_func_args_count
• Implement p8fm: function mask + tests
• Add JSON output to 'abm' command
• Implement 'abm' command to show the bytes and mask for the basic block
• Rename function fields (C, r2 and JSON formats) for clarity
• Document afi fields in afi??
• Fix #24153 - jmp/call refs for riscv code
• Implement aflmc to work like uniq but counting
• Implement 'pds*' command to add comments for emulated strings
• Improve scr.analbar percentages in aaaa
• anal.symsort is not a boolean
• Make anal.back a tristate to make it even more experimental
• Add anal.back to sort symbols backward before analyzing
• Fix behaviour with an empty anal.fcnprefix
• Add axffQ and axffqq for addresses instead of names
• One less core reference for the type propagation loop
• Initial refactoring of the type propagation code
• Handle typedefs and void arg funcs like the old parser did
• Heavily reduce allocations in RHint.get()
• More micro optimizations for aae
• Use chunk reads in aae to reduce memory usage for esil emulation
• Add 'emu.maxsize' option to let esil emulation scan large sections
• Fix ao@jmp modifying ar~^pc
• Fix #23809 - Add 'afbs' command, like 'afls' but for basic blocks
• Honor best name in 'afna' when flag starts with "sym."
• Initial import of the new C parser - disabled by default
• Improve autonaming for calltail relocs
• • Fix tail call analysis issue on x64 cobalt sample
• Honor R_ARCH_INFO_FUNC_ALIGN in aap
• Add new function prelude for x64
• Fix string reference via emulation on powerpc
• Improve /gg to follow more types of references
• Optimize 64bit register from the 32bit one for x86
• Add anal.fcnalign config var
• Add RArchInfo.FuncAlign type and details for x64
• Add more preludes, spotting 3x more functions on some x64 bins
• Refactor and improve RCondType APIs
• Fix column names in the ax, output

api

• Boolify r_cons_rgb_parse
• Add RLogLevel.fromString() and use it from -e log.level=?
• Deprecate r_bin_addr2line
• Rename RBinDbgItem into RBinAddrline
• RNumCalc is now known as RNumMath
• Move RFlagItem.alias into the Meta
• Rename core->offset into core->addr (asm.offset and more!)
• Rename RFlagItem.offset -> addr
• Deprecate RLang.list()
• Unified function to jsonify the plugin meta + more fields
• Redesign the REvent API

apibreak

• Boolify r_cons_rgb_parse
• Add RLogLevel.fromString() and use it from -e log.level=?
• Deprecate r_bin_addr2line
• Rename RBinDbgItem into RBinAddrline
• RNumCalc is now known as RNumMath
• Move RFlagItem.alias into the Meta
• Rename core->offset into core->addr (asm.offset and more!)
• Rename RFlagItem.offset -> addr

arch

• Add ldaxr/ldxr/stxr/stlxr arm64 pseudo instructions
• Initial import of the pseudo disasm for sparc
• Fix #24298 - Wrap around negative calls to the 32bit address space on sparc32
• Improve arch plugin descriptions
• Fix pyc size, jumps and extended args
• Improve pyc code quality
• Add TI-c6x asm.cpu support for the tms320.gnu plugin
• Initial import of the TMS320 gnu disassemblers
• Fix archinfo for c64x for invalid and unaligned instructions
• Implement support for big endian tms320
• Add support for new EVM opcodes
• Add op.type for vpins 86 instructions
• Fix cycle computation on cosmac cpus
• Add support for solc0.8.20 opcodes
• Fix parsing of memory operands for x87 FPU instructions
• Add last pseudo instructions to pickle
• Improve operand parsing to fix some x86 zignatures
• Add some pseudo commands for pickle
• Initial support for RCA COSMAC 1806 uProcessors
• Fix Java glitch caused by invalid logic handling switch tables
• Update v35 armv7 (not updated since 2023)
• Implement rasm2 -L [arch] to show detailed info of 1 plugin
• Improve all the arch plugin descriptions
• Update csnext commit tip
• Update to the latest rebased version of v35-arm64

asm

• Fix #23673 - Initial generic string pseudo api and use it for 8051
• Add dummy asm.java plugin
• Unify the asm.parse apis workflow
• Use mips.pseudo for the loongarch
• Move hardcoded corehack logic into asmpatch via plugins
• Add per-plugin userdata context
• Rename RParsePlugin to RAsmPlugin

bin

• Make iO commands print thru RCons
• Fix #24218 - Initial WIP implementation for parsing RELR relocs in ELF
• Fix glitch when parsing fuzzed swift metadata
• ELF Reloc7 are important too
• Export source information with the writedwarf plugin
• Fix #24218 - Add support for compact relocations
• Fix ASAN issues in dyldcache
• Fix xnu kernelcache syscalls misalignment
• Fix syscall carving in xnu kernelcache
• Support global section offsets in xnu kernelcache
• Support dumping dwarf in ELF containers via writedwarf
• Initial implementation of the writedwarf core plugin
• Initial support for debuginfod to download dwarf files
• Add debuglink info in RBinInfo, add idl to show the path
• Support compressed dwarf sections
• Detect reloc ELF sections by type instead of name
• Initial wip reporting of the ELF debuglink files
• Add Qualcomm MDT firmware format support
• Fix #23723 - Cleanup RBin plugin descriptions
• Prepare for iOS 26 dyld caches
• Add initial Plan 9 RISC-V 64 support
• Add support for macho-riscv binaries
• Implement iSm and iSmc commands to map symbols in sections
• Simplify the JSON handling in the 'i' subcommands
• Better demangle some more swift symbols
• Memoize section get by name in the elf parser
• Fix arm64 R_AARCH64_PREL64 relocation
• Implement the R_AARCH64_MOVW_UABS_G* relocs for ELF
• Bring back the icqq command
• Initial support for PEF (classic macOS/Be) executables
• Add missing EM_TI_* definitions for TMS320 ELF
• Deprecate the get_line() callback for plugins
• Add all the latest Dwarf lang definitions
• Call swift_demangle on unmodified input
• Skip __objc_catlist2 in dyldcache parsing
• Fix #24010 - fix last Go binaries from symbols
• Add symbols.r2.js script for xcrun integration
• Handle eLF_MODIFIER in the PDB parser to solve some warnings
• Initial refactor of the dbginfo storage
• Fix crypto info in mach0
• Fix invalid flag names when importing relocs with .ir*
• Name fixup relocs after the string they point if any
• Macho fixups are now handled and listed as relocs
• Fix segfault when freeing the elf parser
• Implement DBG_FIRST_SPECIAL dex debug opcode
• Use binary file instead of 'SourceFile' in dex debug info
• Fix huge leak when unloading an elf
• Fix #23865 - imports vaddr on some ELFs reporting below baddr locations
• Honor section/segment logic in MZ executables
• Initial implementation of the bin.aslr
• Fix null derefs in the RBin.io plugin
• Set Cd4/8 metadata from RBinFields via .ih*
  *...

5.9.8

Release Notes

Version: 5.9.8
Previous: 5.9.6
Commits: 202
Contributors: 15

curl -Ls https://github.com/radareorg/radare2/releases/download/5.9.8/radare2-5.9.8.tar.xz | tar xJv
radare2-5.9.8/sys/install.sh

Highlights

More details

Authors

Adam Satko Azox Chédotal Julien Juho Kuisma Quentin Kaiser Sylvain Pelissier W0nda astralia condret pancake pancake satk0 sha0coder suidpit wagner riffel

Changes

analysis

• Add array of values for arguments in aobj
• Fix aobj representing undefined behaviour bits
• Fix string ref direction and improve false positive xref types
• Better indirect code reference detection via flags
• Skip string/format/data metatypes from the ref analysis
• Fix false positive string ref spotted as write
• Fix 'aa' warning when no sections in binobj
• Make afvt work with 1 parameter to display the type, instead of silently failing
• Add recursive information in afi
• Implement aflmr command to list all recursive functions
• Fixes for the stm8 calling convention
• Add aflmu command to list function calls once
• Handle direction and support pointer RAM references for stm8
• Disable indirect pointer references for stm8
• Implement 'afln' command to list all function names

arch

• Add parse.pickle plugin
• Add the gb.pseudo plugin
• Fix more issues for stm8.pseudo
• Add pseudo for rvf stm8 instruction
• Clarify STM8 memory access, references and immediates in disasm
• LOADs can be STOREs too in stm8land
• Use [] syntax instead of the confusing () for stm8
• In stm8 use brackets for memory writes with mov

bin

• Fix #23538 - iS sha1,sha1/sort/inc table queries + entropy
• Cache sections in dwarf parser
• Handle table queries for imports and segments
• Use raw symbol name in flatItem.realname instead of the flag name
• Add math category imports (and few more string)
• Improve iic subcommands for listing uniq xrefs and more
• Improve iic command for classifying imports
• Fix crash in 'iic' and add more import types
• Fix RVA to offset conversion on PE binaries
• Remove a hack that breaks parsing sections in some PE

bug

• Fix broken test exposing reentrant RNum.math glitch

build

• Fix #23622 - Use USEMESON when builddir contain spaces
• Fix make purge
• Aim to fix the duplicated sha symbols from rvc cyclic dep
• Correct OpenSSL imports
• Fix qjs when using asan
• Fix qjs symbols visibility
• Define cstd for meson-w32
• Install scripts

config

• -e log.level accept strings too
• Use XDG cachedir and expose it via dir.cache for annotations

cons

• Fix #23588 - remove empty lines when sorting and add grep+end test

core

• Fix #23639 - Implement e+ command to set config vars in r2rc
• Increase float and double precision

crash

• Fix #23657 - Command injection vulnerability via rbin->r2
• Fix #23581 - Infinite loop with unsupported dwarf command
• Fix #23581 - (again) bin3 dwarf infinite loop
• Fix #23581 - (again) another infinite loop in the dwarf parser
• Fix #23581 - (again) another infinite loop in the dwarf parser
• Fix #23610 - Stop parsing compressed DWARF sections
• Disable fortunes in sandbox mode, better null checks
• Lots of small improvements and bug fixes in the dwarf parser
• Fix #23581 - DoS in DWARF parser
• Fix infinite loop in pdc (pseudo decompilation)
• Fix #23529 - Stack exhaustion overflow in the c++ demangler

crypto

• Simplify print hash
• Update cipher plugin descriptions
• Add ssl builds in the CI and add the SipHash SSL plugin
• Create sip hash plugin
• ASN.1 display corrections + fix tests
• Correct print strhash
• Fix #22140 - Add bech32 encoding/decoding
• Update algorithm descriptions
• Add offset on MK hit for SM4
• ASN.1 printings enhancements

debug

• Revert e0b1977 - bring back the full IO address space
• Stop earlier in glibc checks in dmh
• Fix dra? in debugger mode (exposed by ?*)

decompiler

• Fix some broken gotos in pdc
• Include callconv information in pdc output
• Honor afs in pdc

disasm

• Fix false positive in op.ptr(char) reference
• Add asm.cmt.wrap to ignore asm.cmt.right on long comments
• Implement asm.cmt.pseudo config option

doc

• Use SPDX license names for RLang plugins
• Use SPDX namings for crypto, and list them in Vj
• Use SPDX license namings in all the arch plugins
• Use SPDX license namings on all the bin plugins
• Use SPDX naming in all IO plugins
• Fix segfault in dL and use SPDX namings on all debug plugins
• Initial import of the scripts/licenses.r2.js

dwarf

• Fix DWARF5 file parsing
• Fix DWARF5 parsing when a MD5 checksum is present

fs

• Dont load empty fs plugins

globals

• Remove globals in RCore.cmdMeta

io

• Minor fixes in io
• Minor optimization in r_io_bank_locate
• Give local seek to iobfd
• Use R_IO_SEEK instead of SEEK
• Undo some ret2libc harm
• Dont priorize null:// maps on macho binaries
• Honor custom seek when map address is set

lang

• Handle base64: in #!-e
• Fix #!python -e

lint

• Add script for linting assert lines on all R_APIs

performance

• Minor optimizations in RBuffer.bytes

print

• Import charsets from imhex
• Fixed old_offset not restored on pdj
• Improve error handling in pfb strings

projects

• Save/restore comments in the new projects
• New prj core plugin as PoC
• Inform about the project path before removing
• Honor prj.files in o*
• Fix copying main executable when prj.files is set

r2js

• Update to the latest quickjs-ng and pin commit to fix vs2022 build
• Update to the latest quickjs-ng, so we dont need to ship custom patches
• Fix "TypeError: not a function" error with an ugly hack
• Update r2papi to the test version from git

search

• Add /h* and make /h behave like the rest
• Add /abf to search loops in current function
• Display SM4 master key when found

shell

• Better handling invalid subcommands
• Handle table queries for strings in "iz,"
• Handle comma subcommand for "ic"
• Support @% for reading variables too
• Fix #23561 - report 'drq' as an invalid command
• Improve and extend $D numvars
• Extended $M numvars
• Refactor and improve $F and $B numvars
• Refactor, improve and extend all the $S numvars
• Refactor and extend the numvars for flags
• Refactor instruction $variables under $i
• Cleanup, handle errors and support : syntax for $k{}
• Refactor and extend few RNum $O-&gt;$$c|$$$c + error handling
• Fix xdg cachedir and histfile path issues
• Fix invalid command error message when subcommand is the null char
• Fix "?E C.." bug in clippy
• Don't show license column in r2 -L. use json to get author+license
• Handle more invalid subcommands under 'a'
• Invalid h subcommands dont flush the error text
• Fix all the plugins listing in r2 -Vj

test

• Set pager to cat in sys/lint.sh

tools

• Add 'stdouterr' directive in rarun2
• Add r2 -1 to redirect stderr into stdout

util

• Initial implementation of the new LZ4 implementation

visual

• Implement yank/paste in visual bit editor
• Implement endian swap in visual bit editor
• Support multibyte inc/dec with Vd1[+-]
• Implement word size concept in the visual bit editor
• Implement Vd1! to toggle all bits from the selected byte
• Handle [] and ; keys in Vv