5.6.6

Release Notes

Version: 5.6.6
Previous: 5.6.4
Commits: 130
Contributors: 10

Highlights

More details

Authors

Dennis Goodlett Dennis Goodlett Jules Maselbas Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aandersonl aemmitt-ns pancake pancake

Changes

anal

• Remove the hexagon from anal
• Save sp,bp,src,dst in heap outside the loop
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Do not perform var/arg analysis on Java/Dalvik
• Add missing eiz/riz registers for x86 and x64
• Add mermaid output to all ag commands
• Add an* and fix many other conceptually broken logics in an

analysis

• Remove the hexagon from anal
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Add missing eiz/riz registers for x86 and x64
• Add an* and fix many other conceptually broken logics in an

asm

• Fix #19489 - Implement assembler for jrcxz

bin

• Add help for the CL command
• Cache file_exists when iterating over the source files
• Complete DWARF4 register mappings

build

• Only build library archives when -Dblob is provided
• Fix some static meson blob dependency leftovers
• Fix sys/release-notes when HEAD a tagged
• Make -Dblob=true statically link all r2 libraries

ci

• Publish r2blob-w64 on release and fix artifact name

crash

• Fix heap OOB read in macho.iterate_chained_fixups
• Fix UAF in aaaa on arm/thumb switching
• Fix buffer overflow in asm.nbytes, add hard limit to 64
• aaef on arm/thumb switches causes uaf
• Break large loops when method name resolution fails

debug

• Improve help message for dd? and autocomplete
• Add 'dd+' to open files in the child process as read-write
• Fix unitialized buffer read bug enumerating process files
• Add ddf command
• Fix dd command and update tests accordingly
• Skip wired-to-ground registers in dr=
• Fix drj in debug mode

disasm

• Fix #19838 - Show pins in the disassembly as comments
• Improve the way asm.nbytes plays with asm.flags.inbytes
• Fix issue in asm.tabs.once causing iaito to trim instructions

doc

• Update the Windows build instructions

esil

• Add ESIL for x86 SSE float instructions
• Implement 'aeb' using APIs instead of commands
• Add aaepa command to set all unknown imports as ret0
• Fix aecs and add test emulating hello world without libc
• Add aaep and extend aep to support pin specific commands
• Implement ESIL for the Stlxr arm64 instructions

fix

• Fix undefined behaviour in RVector, RPVector, RInterval and container_of

print

• Initial import of the code tokenizer

refactor

• Lots of cleanups to reduce the regressions in TCC
• Dont use != NULL as its implicit in C, even for bool casts

shell

• Improve help message for psz, aek, aae, aep, aer and aex commands

tools

• Use R_SYS_BITS by default in rasm2

visual

• Fix back scrolling in the decompiler pane in panels
• Improve panels prompt drawing the bottom box line one line above
• Add scr.notch to blank N lines on top of the screen
• Improve panels interactions with decompiler frame
• Record seek history when cliking around in panels
• Fix blank decompiler issue when clicking randomly in panels

windows

• Add w64-static builds in the CI
• Add 'configure.bat static' argument to build r2blob.static.exe
• Fix meson -Dblob=true builds for static
• Fix r2blob for windows

5.6.4 - codename "do bisa vijnu"

Release Notes

Version: HEAD
Previous: 5.6.2
Commits: 67
Contributors: 11

Highlights

More details

Authors -------

Dennis Goodlett Dennis Goodlett Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aemmitt aemmitt-ns archcloudlabs pancake pancake pkubaj

Changes

anal

• Handle jump tables in agfm
• Add agfma to get assembly in mermaid graphs
• Add agfm command to print cfg graphs using mermaid syntax

analysis

• Add agfm command to print cfg graphs using mermaid syntax

bin

• Find strings on maddr'd binaries with izz
• Fix wide32 string detection that caused to miss other ascii strings
• Fix large loading times in macho parser
• Fix slow loading times for small ELF sample

build

• Fix #19726 - fix meson definition order issue when using syslz4
• Add rasm2 and rax2 wasi/wapm packages
• Build fixes for wasi/wapm/wasm and update sdb

charset

• Add initial support for katakana

crash

• Fix timeout analyzing a small class reported by clusterfuzz
• Fix DoS in PE/QNX/DYLDCACHE/PSX parsers
• Fix DoS in kernelcache bin parser
• Fix oobread in macho core symbolication
• Fix null deref in bin.symbols
• Fix DoS in the minidump parser
• Fix DoS on macho parser spotted by scan coverity
• Fix heap buffer overflow in dyldcache parser

debug

• Add support for powerpc, powerpc64, powerpc64le and riscv64 on FreeBSD

disasm

• Honor ArchInfo.opalign in pia
• Fix #19610 - Honor minopsz in pia

esil

• Add some sign extend to some v850 st/sst insns

print

• Fix #19729 - Make pswj consistent with psw output
• Fix #19739 - Fix oobread in pv* and fix bug in pvj

shell

• Add aot command to show instruction types (like /atl)

visual

• Restore and revert blocksize in V:
• Fix #19737 - Handle ESC and space in the ascii hex column

5.6.2

Release Notes

Version: 5.6.2 (from 5.6.0)
Commits: 63 (from 13 contributors)

Highlights

• Fixed 12 critical vulnerabilities (Thanks NowSecure, Google, Synopsys and HuntrDev! for reporting)
• Support new file fileformat used by Xamarin to pack .NET libraries (XALZ)
• ihex:// (intel hexadecimal object files) are working again (it was broken for a while)
• lz4 deflating is now supported at API and commandline levels
• FreeBSD is now part of the CI, improved stability and fixed all related warnings
• The new w+ (wx+) commands write and seek to the end of the written chunk
• Panels fixed a couple of glitches and improved usability with decompilers

Authors

Anderson Angel Diaz Anton Kochkov Bernhard M. Wiedemann Dennis Goodlett Florian M Nerijus Bendziunas PauRE Sergi Àlvarez i Capilla nemarci pancake pancake wargio

Changelog

api

• New r_inflate_lz4 API to reuse LZ4 across all libs
• Support building with system-provided lz4 library

asm

• Support assembling the cmn, teq and tst arm32 instructions
• Fix oobread bugs in cr16 disassembler
• Fix pop [rsp] emulation for x86 ���������������

bin/io

• Add ELF reloc patching for R_386_32 and R_386_PC32
• Handle SH, MIPS and ARM in COFF binaries
• Initial support for XALZ binaries from Xamarin
• Fix ihex:// io parser as it was not working

ci

• Partial #19687: Add release github actions workflow
• Publish FreeBSD artifacts and purge the srcdir

cons

• Fix 'disable mouse' ansi code
• Minor rgb.parse optimization and remove the use of sscanf in pal.c
• Fix visibility issue in the bluy theme

crash

• Properly fix the UAF in r_io_bank_map_add_top
• Early break when parsing corrupted DEXs to avoid DoS
• Fix oobread in pxj
• Prefer memleak over usaf in io.bank's rbtree bug
• Fix DoS in MACHO parser spotted by clusterfuzz
• Improve boundary checks to fix oobread segfaults
• Fix DoS when loading a fuzzed DEX file
• Fix UAF in pyc parser
• Fix negative index in anal.arm64.cs
• Fix bins/*/rep8 - UAF crash in pyc parser
• Fix oobread segfault in java arith8.class
• Fix java oobread in id_000000,sig_06,sync_m1,src_000048

panels

• Fix panel focus glitch
• Fix overlapping titles on small frames
• Close menu when a different decompiler is selected

shell

• New 'w+' command, to write a string and seek at the end
• Fix parsing of 'ra?' and 'r0x' subcommands
• Add prgl command to decompress current block using lz4
• Fix Negative Offset in Hexdump Json Output

5.6.0 - codename Miteigi

Release Notes

Version: 5.6.0
Previous: 5.5.4
Commits: 254
Contributors: 16

Highlights

• ABI breaks - RAnal api is the new home for the RAsm plugins, reduce installation size
• Add an initial and working native reimplementation of r2pm in plain C (no posix shell required)
  • Windows support will come later, needs more testing and user feedback.
• Initial release with support for threads (one RCore per-thread is supported for now)
  • Remove or make TLS globals, add atomic support, fix mutexes and threads
  • r2r testsuite now runs with the thread sanitizer enabled builds
  • Remove all uses of sdb_fmt in exchange of the thread safety r_strf
• More tests for ESIL and improve quality on x86, arm64, riscv, v850 and more!
• Improved usability and fixed some buggy interactions in panels, better help messages and improved color themes.
• Support latest capstone, and prefer system wide installation for better offline builds
• Add project loading in sandbox mode and add dirty bit to avoid saving things when nothing changed.
• New commands: pdu, r-/r+, fc, aafs, pcc, /aF, isqq. iS,, axl, /e, pFB, ws# for more pascal string types support
• Binary PLIST printing (pFB) which combines great with (pFA - for android binary xml)
• Orders of magnitude faster analysis with aafs and sixref
• Honor flag colors in hexdump and instruction tokenization in disasm
• Fix 3 CVEs since 5.5.4, lots of memory leaks and all the coverity critical issues
  • Improve code quality by using new tools and stdint basic types
• Support arm32 debugging on native arm64 linux hosts
• Extend scripting support to quickjs and wren programming languages
• Add time measurement directive to rarun2
• Add Rabin Karp faster search algorithm (/e) and fix some bugs in the search loops
• Add new arch plugins: loongarch, evm.cs, v850.np and chip8

More details

Authors -------

Adrian Laskowski Apkunpacker Claudemirovsky Dennis Goodlett Francesco Tamagni Lazula RHL120 Roman Valls Guimera Sylvain Pelissier aemmitt-ns gogo2464 junchao-loongson lasek0 meme pancake pancake

Changes

abi

• Move asm/wasm into anal, and add new opasm() callback

anal

• Simpler var counting API
• Add support for x86-32 callpop artifacts
• Add ablc, ab-, Fix and optimize in af- and aafs
• • Add ablc, ab-, Fix and optimize in af- and aafs
• Fix 'afls' and add tests
• Fix heap overread in loongarch when len < 4
• Add axl command for consistency with afl for 'axlc'
• Fix reference order and use the API in sixref (2x faster)
• Initial implementation of the 'aafs' command
• Add support for the new loongarch architecture
• Improve the v850.np analysis, fix all call refs

analysis

• Simpler var counting API
• Add support for x86-32 callpop artifacts
• Add ablc, ab-, Fix and optimize in af- and aafs
• • Add ablc, ab-, Fix and optimize in af- and aafs
• Fix 'afls' and add tests
• Add axl command for consistency with afl for 'axlc'
• Fix reference order and use the API in sixref (2x faster)
• Initial implementation of the 'aafs' command
• Add support for the new loongarch architecture
• Improve the v850.np analysis, fix all call refs

api

• Add r_core_help_match() to get help for a specific command

arch

• Initial import of the evm.cs plugin

asm

• Handle instruction operands in wasm.asm
• Refactor, improve and move chip8 support out of libr/asm

bin

• Parse relocs from Mach-O chained binds if no opcodes
• Add support for rebasing ARM64E_USERLAND24 chained format
• Fix isqq. command
• Fix #19541 - Fix null deref and stack exhaustion bugs in the kernelcache
• Implement iS, command (table query format for section listing)

build

• Fix #18621 - Specify ABI version to be X.Y instead of X.Y.Z
• Add 16GB pagefile for the windows ci
• Simplify meson logic and use ole's PR to fix Windows
• Add CI job to verify builds with system-wide capstone
• Use system capstone if available in sys/install.sh
• Fix ios-sdk compilation
• Bring back the 32bit builds for Cydia
• Use api9 for android-arm builds to bring back Kitkat support

charset

• Add iso8859_1

cleanup

• Remove globals from tcc code

cons

• Use static RThreadLock in cons
• Dont SIGINT in RCons when used in a thready way
• Improve the 'fc' command to unset and get color flags easily
• Add scr.theme and Lt commands as alias for 'eco'
• Improve the basic theme
• Fix all the known issues in the ayu theme
• Honor jmp/call argument colors by type

core

• Fix #19628 - wx+ as an alias for wxs
• Mark all globals (or most of them) as TLS variables
• Make RCons thread-friendly
• Fix race conditions in RCoreTasks
• Rewrite r_list_uniq with a faster algorithm

crash

• Fix null deref in xnu.kernelcache
• Optimize and fix heap overflow in asm.tabs using RStrBuf

debug

• Expose the 32bit arm reg profile on 64bit hosts

disasm

• Workaround to handle seg:off on x86_16 due to a capstone bug
• Fix #15473 - Align meta dwords in the middle of instructions
• Improve reg detection in asm highlighting + add test
• Fix reg/flag detection in disasm colorization
• Initial import of the v850.np plugin
• Handle anal.cpu=? and fallback for asm.cpu when no asm plugin
• Add asm.bytes.opcolor configuration option

doc

• Add 'first session' example in the README

esil

• Disable ESIL macros and add reproducer test
• Add helper function for pending macro handling
• Improve EVM analysis and update tests
• Macrofication of the '+=' and '-=' esil operations
• Add support for list12 logic in the v850.np distillation
• Fix esil for bnd jmp x86 instrs and cmn arm instrs
• Implement ESIL on more instructions for v850.np
• Handle ESIL in more v850.np instructions

help

• Fix helps for aan? aaf? and aes?
• Fix help for the 'aaa' subcommands

io

• Fix use-after-free in iobank rbtree usage

panels

• Autoset cache flag on whitelisted panels on create
• Fix #19410 - Fix cursor mode regression

parse

• Use static RThreadLock in TCC

ports

• Add basic support for loongarch

print

• Add 'pFB' command to use the new BPLIST parser
• Add scr.color.ophex to colorize 'px' with opcode type
• Honor flag colors in 'px' hexdump
• Fix pxa@e:hex.compact=true and add tests
• Improve the way color flags are handled
• Improve pcc output and add a test
• Add 'pcc' command to print block as C char*string
• Fix pdsf?, forbid V? and remove newlines in pxA?

projects

• A better way to check if a project has been saved
• Add prj.sandbox to enable experimental sandboxed project loading

r2pm

• Initial implementation of r2pm.c

refactor

• Use stdint like if there was no yesterday
• Remove asm.hexagon, anal one is enough
• Remove asm.ebc and merge disasm into the anal

search

• Implement /aF and /aFd to search for instructions in functions
• Add Rabin Karp algorythm to
• Add r_search_maps to
• Search adjacent maps together
• Move /e to new search API
• Fix bug in regex searching
• Add longest field to RSearch
• Add r_search_upate_read API

security

• Implement fine grained sandbox control

shell

• Implement rarun2 time=true attribute

tests

• Initial implementation of the dummy benchmark

tools

• Fix R2PM_DEPS handling in r2pm -ci

util

• Fix: Mark r_print_format globals as TLS
• Add atomic primitives for Windows
• Add safe static lock initialization
• Improvements and fixes for the threading APIs
• Introduce r_strf and stop using sdb_fmt

visual

• Fix #19409 - Close menu after creating a new panel from it
• Handle vE as in VE - edit color theme
• Fix fast jump with ahc on register calls

windows

• Use I64x instead of llx format strings for mingw builds too

write

• Add ws1, ws2 and ws4 commands for variable size pascal strings

5.5.4 - stability release

Release Notes

Version: 5.5.4
Previous: 5.5.2
Commits: 30
Contributors: 8
Days: 9

Highlights

More details

## Authors

• Claudemirovsky (linking issues)
• Dennis Goodlett (search + signatures)
• Francesco Tamagni (dyldcache)
• Lazula (pD and git pull issues)
• condret (crash in omf command)
• gogo (8051 assembler and AVR disassembler improvements)
• pancake pancake (everything else)

Changes

Architectures support

Changes related to disassembly, assembly and analysis:

• Use cs_disasm_iter in anal.x86.cs to use less heap and speedup analysis and disassembly
• Disable the disassembler logic in the asm plugin for 8051
• Handle jbc [reg] in 8051 assembler
• Handle registers on push on 8051
• Improve pD, reading too many bytes on loop
• Better Analysis plugin handling from the asm module

Binary parsing

• Dont depend on case-sensitive FS to load the DLL sdbs
• Support Mach-O DYLD_CHAINED_PTR_64_OFFSET format

Build/ CI

• Check for an existing upstream remote in install scripts
• Fix libr_lang linking issue (introduced in 5.5.2)
• Do not remake on modules with d/ (faster 'make' builds)

Search

• Cleanup public API for
• Add JSON output to zb commands

Security

• Fix #19476 - heap overflow in aao
• Fix #19478 - null deref in symbols file

5.5.2

Release Notes

Version: 5.5.2
Previous: 5.5.0
Commits: 92
Contributors: 16
TimeDelta: 20 days

Highlights

More details

Authors -------

Ashwin Kumar Dennis Goodlett Lazula Octavio Gianatiempo Richard Liu Rick de Jager Sergi Àlvarez i Capilla aemmitt-ns aviciano condret gordon-quad meme meme pancake pancake slowhand99

Changes

ARM/THUMB

• Fix #19464 - incorrect assembly for adrp on arm64
• Use null plugin when using unexistent asm plugin
• Handle more ELF relocs for ARM binaries
• Fix #18967 - Fix emulation for the mov-pc thumb instruction

Binary parsing

• Add Plan 9 symbol parsing
• Fix PE Metadata header name parsing (.net related)
• Add bin_xtr.xtr_pemixed for PE user plugin

build

• Use remote URL for git pull in install scripts
• Enable mingw32/mingw64 builds in the CI (new first class platform)

cons/ui

• Improve the snow experience in panels mode
• Add eco! and eco* and sort eco listing
• Show prev nodes in graph.few
• Improve cursor up/down in visual disasm when code is analyzed

crash

• Fix invalid pointer read issue in dwarf parser
• Fix #19455 - Negative tainted offset used in buffer for pyc causing oobread
• Fix #19448 - Fix atoi on non-null terminated string in PE section headers
• Fix #19446 - null derefs in the x509 parser
• Fix #19443 - UAF in marshall null object
• Fix #19442 - Fix heap underflow in pyc marshalling
• Fix #19444 - Null derefs in PE signature logic

Other

• Fix #19463 - io write error reporting regression
• Fix #19473 - Support libc filename w/o version for heap analysis
• Fix Dalvik’s esil conditionals
• Initial support for VLIW on hexagon
• Fix infinite loop in r_str_replace

Diff / Signatures

• Implement symbol name list diffing in radiff2
• Fix zj vars output
• Add binary search alg to pvector

r2pipe

• Fix r2pipe.cmd("Z") when command fails returns no output
• Updated R2pipeSide support for Go and V

5.5.0 - 希

Codename: Nozomi 希
Commits: 381
Contributors: 25
Associated Releases:

• r2dec https://github.com/wargio/r2dec-js/releases/tag/5.5.0
• r2ghidra https://github.com/radareorg/r2ghidra/releases/tag/5.5.0
• r2frida https://github.com/radareorg/r2ghidra/releases/tag/5.5.0

Breaking changes in api, esil, abi and commands. Plugins will need to be recompiled as usual.
Special thanks to giantbranch from NSFocus Tianji Lab for reporting several crash reproducers

• New IOBanks APis and commands replacing skyline and making io faster (2-10x) @condret
• Faster analysis, type matching, binary parsing (2-4x) @trufae
• [] and =[] esil operations has been removed (size is mandatory) @condret
• Lots of important bugs fixed in bin parsers and disassemblers @Lazula
• Add support for the latest iOS15 dyld4 Atlas-style cache formats @mrmacete
• Autorename signature matching collisions and faster search @swoops
• Add assembler for riscv and disassemblers for PDP11, Alpha64 and armv7.v35 @trufae
• Improved integration with r2frida remote filesystems @as0ler
• Cleaning debugger for windows (32 and 64) and macOS makes it more reliable and stable @trufae
• Add seven segment printing (?ea for ascii-art text titles) @trufae
• Improved xrefs visualization with new axfm and axtm commands @trufae
• Add avg command to manage global variables @trufae
• The sixref plugin is now easier to use to find xrefs on arm64 code @hot3eed
• Improved multibin (select all bins or one) and multidex support in apk:// @trufae
• Better build scripts for Windows (add asan and w32 profiles) @trufae
• Added armv7.v35 and improves esil emulation with the arm64.v35 @aemmitt-ns
• Add more help messages and set scr.prompt.tabhelp true by default @trufae
• AES key wrap algorithm support in rahash2 @sylvainpelissier
• Fix var serialization issues in debugger reloading (ood) and projects saving (Ps) @RHL120
• Add Amiga and MSX rom/bin parser plugin and test @romerojoseant @trufae
• Visual slides (r2s) allow interactive content to be used within r2 @trufae
• Print and convert ternary values back and forth @trufae

Continue reading ...

Authors

0mhu Abdelrahman Eid Antoni Viciano Dennis Goodlett Fernando Domínguez Francesco Tamagni Jose Antonio Romero Lazula Murphy RHL120 Sergi Àlvarez i Capilla SkUaTeR Sylvain Pelissier aemmitt-ns condret devnull850 dogtopus hot3eed junchao-loongson meme murphy pancake pancake rhl120 thymol0

analysis

• Check if ax[ft] argument is valid before showing xrefs to 0
• Implement axtm, axfm and add helps for axf? and axt?
• Improve debug message when misleading a function name
• Add serialization API for vars
• Improve sixref plugin UX
• Copy the z80.archinfo into the gb plugin
• Honor (min|max)-opsz and buffer bounds in aar
• Hide the 'no calling conventions' warning and add =R0 for x86
• Improve the reg profile for python
• Fix crash when using the pyc disassembler without pyc bin
• avr requires aeim before aaaa to not assert
• New 'avg' command and RAnal.global to manage global variables
• Remove unused enum
• Fix tests for RAnalVar function relocation
• Fix variable relocation on ood (#19219)
• Fix 1 bb function analysis with a2f
• Fix null deref when using anal.a2f
• Improve sixref plugin UX

asm

• Add the first multiarch assembler plugin: vasm
• Initial implementation of the RISCV assembler
• Minor refactors in disasm.c, primarily r_core_print_disasm()

bin

• Use r_str_ndup in another bound check in dwarf
• Fix crash when elf symbol initialization fails
• Always init Mach-O options with defaults
• Add Support For dyld4 Atlas-style Shared Library Caches
• Handle allbins in im, iM, iT, iC, iV, iz
• Implement multidex and proper multibin in apkall://
• Handle allbins for iz, ic, iI, ie and iM
• Implement 'ob *' to select all bins and honor in is,ii,ir,il
• Add MSX rom/bin parser plugin and test
• Fix some null checks around the open_many apis
• Implement 'is,' for table query for symbols
• Handle the ARM32 COFF case
• Improve swift demangler and add bin.demangle.trylib config
• Initial implementation of the HUNK file parser
• Detect canary on statically linked RT and stripped PEs

build

• Generate bin/d the same way as other sdb paths with meson
• Fix wasi builds and update wapm package in the new dist/wapm
• Respect v35 repos for offline builds
• Dont user latest meson because its broken :D
• Initial work towards supporting mingw32/64 again
• Rename MD5 symbols to prevent OpenSSL collision

cons

• Fix buffer overflow in RConsPixel API affecting the braile renderer
• Improve default theme
• Add scr.prompt.tabhelp enabled by default
• Move more context fields out of the globals
• Move the console flushing decision to the console context

core

• Deprecate the file.openmany config variable

crash

• Fix null deref in r2 -c 'oc 3' -
• Fix #19178 - UAF in aaft when anal.detectwrites is enabled
• Wrong bounds initializing dwarf dies (tests_64901)
• Fix oobread in z80 disassembler (tests_65081)
• Fix oobread crash in the ELF parser (tests_64931)
• Fix oobread crash in DWARF's parse_die (tests_64926)
• Save and check the reg arena size when peekpoking (Fix tests_64923)
• Fix oobread crash in DWARF parser (tests_64922)
• Fix oobread crash in dwarf parser with non-null terminated strings
• Fix oobread crash in DWARF parser (tests_64924)
• Fix oobread crash in the analysis loop with corrupted ELFs (tests_64928)
• Fix uaf crash in aaft (tests_64927)
• Fix UAF in aaft (tests_64923)
• Fix oobread in VAX disassembler (tests_64920)
• Fix oobread crash in RAnal.hexagon (tests_64900)

crypto

• Remove global usage in AES encryption
• Add AES Key Wrap Algorithm

debug

• Make the macOS debugger more stable
• Handle PPID on macOS debugger

diff

• Add ci commands to compare two rbinobject data

disasm

• Add disasm+decompiler side by side api for the codemeta api
• Use hints to follow dwords
• Add armv7 to the arm.v35 plugin
• Fix pdi~invalid bug, at least when bbsize > 32
• Add support for the ALPHA disassembler
• Add PDP-11 disassembler support from binutils

esil

• Improvements on the arm64.v35/cs plugins
• Kill esil [], []= and related operations
• Fix r2wars regression with REP cycle detection
• Use sdb_itoa instead of snprintf for emulation

fs

• Always use b64 encoded filepaths on the fs.io calls

help

• Add help for the an command

io

• Add r_io_map_add_bottom
• Fix mapslit in r_io_map_add
• Remove r_io_map_new from public API
• Free maps on r_io_maps_fini
• apk:// is the new apkall:// (add AndroidManifest.xml)
• Use io banks by default
• Speedup repetitive access to the same submap in io banks
• Speedup r_io_map_get (O(2n) => O(2))
• Add iobank support to r_io_read_at_mapped
• Use new rbtree API in io_bank.c
• Fix io bank cmp cb functions
• Refix r_io_submap_set_to (typo)
• Enable io bank support in r_io_map_resize
• Kill r_io_map_location
• Enable io bank support in r_io_nread_at
• Implement r_io_bank_{read_from/write_to}_submap_at
• Enable io bank support in r_io_v{read/write}_at
• Enable io bank support in r_io_map_depriorize
• Implement new r_io_desc_get_byuri() API
• Enable io-bank support in r_io_map_get_paddr
• Enable io-banks for r_io_map_del_for_fd
• Fix return value in io_default close entry
• Fix resource leak and logic bug in r_io_reopen
• Check for access bytes in r_io_bank_{read/write}_at
• Enable io-banks support in r_io_map_remap
• Enable io-bank support in r_io_map_new
• Kill r_io_map_add_batch
• Remove unnecessary return val from r_io_map_del
• Enable io-bank support in r_io_map_del
• Rename r_io_map_next_available to r_io_map_locate and add use_banks support
• Kill r_io_map_next_address
• Improve r_io_bank_locate for replacing r_io_map_get_next_available
• Add alignment support to r_io_bank_locate
• Enable io banks in search; Kill search.in = io.sky.*
• Add 2 comments for clarification
• Improve "om"-command, show '*'-marker for current map
• Implement map depriorization in io banks
• • Add r_io_bank_map_add_bottom and r_io_bank_map_depriorize
• • Fix potential bug in r_io_bank_update_map_boundaries and add some comment for clarification
• Some cleanup and code deduplication
• Fix oob write in r_io_bank_{read/write}_at
• Fix omb-command map ids
• Initial io.banks management commands
• Rename r_io_bank_update_map_location to r_io_bank_update_map_boundaries and make it useable for map resize (siol eternal)
• Some code cleanup (siol eternal)
• Use incremental timestamp on map creation instead of real ones (siol eternal)
• Implement r_io_bank_update_map_location (siol eternal)
• Use r_list_iter_get_prev (siol eternal)
• Implement r_io_bank_delete_map and fix some bugs (siol eternal)
• Add r_io_bank_drain (siol...

5.4.2

CI / build and portability

• Added macos-arm64 (M1) builds into the CI
• Add configuration file for Vinix builds
• Improve the CI to keep consistent directory names in dist zips

Windows related fixes

• Fix w32 and w64 builds by not statically linking the runtime
• Dynamically load more vista-related APIs to fix w32 startup crash
• Support VS2019Pro, not only the Community toolchain in preconfigre.bat
• Arrow keys working again in the prompt
• Fix crash in dd command in debugger mode

Signatures

kudos to @swoops for those awesome improvements

• Add support for collision calculations, improving speed in matches
• rasign2 is now able to generate signatures for archive files (.a)
• Load signatures from sdb file
• Implemented 'next' signature types to detect functions based in context

Esil

• Fix emulation of xchg rax, rax
• Fix 16 bit pop/push sizes
• Add aoeq command with just the esil expression
• Correct FPU and SIMD register types

Shell

• ls output is now alphabetically sorted
• Add 'woi' command to inverse the contents of the block
• Add isotp:// io plugin to let r2 talk to your car.
• Autocomplete options in asm.assembler
• Cleanup and fix some uaf bugs in @@@ actions
• Fix glitch when moving cursor when scr.color=0
• The o and mg commands now accepts base64: argument
• Add s. and s.? commands to reload current block (same as s $$)
• Fix /ai search for arm64 movs instructions
• Handle ^C in @@ and @@@ as well as in macros
• Support fish and tcsh

Disasm and Analysis

Kudos to @Lazula for properly analyzing and fixing the 15yo disasm bug! great job!

• Fix a 15 year old bug that was causing invalid disassembly when doing large listings
• Add anal.cs variable to better support segmented memory addressing
• Detect inlined strings in immediates using the movabs instruction under some circunstancies
• Improve x86.nz assembler for better handling register/argument size

RBin

• Fix loading PE binaries with tiny segments (like 1 byte in size)
• Projects containing PE binaries don't break after reopening now
• Add support for COFF files for ARM

Projects

• Add more tests, ensure projects exists
• Ravc2 - added rimraf, and reset action

Scripting

• Fix flagspace issue spotted when using it via r2pipe and ccall://
• Add REXX scripting support
• Fix loading r2ghidra when using r2 via r2pipe (RTLD issue only for Linux)
• Previously the whole configuration was serialized to disk on every command, this is now gone

Security

• Fix some null derefs found in RCons, RConsGrep
• Oob read in macho parser
• Fix crash caused when io.cache was set
• Support non-PIE builds (required for Vinix)
• Support any value in http.webui fixing for the new wip webui
• Add rmrf command for recursively removing directories

5.4.0 - Rainy Smell

Release Notes

Version: 5.4.0
Previous: 5.3.1
Commits: 258
Contributors: 20

Highlights

• Add the vector35 arm64 for analysis, esil and disasm and r2 can be built without capstone
• Improved integration to use r2ghidra analysis and disassemble mainly tested for avr, v850 and arm64
• Fix emulation of several x86 and arm64 instructions, including an scripted way to import official arm64 instruction descriptions
• Bring back the cmd.pin to instrument the esil emulation when a specific address is hit
• Small steps towards Projects with improved management for version control
• Improved visual and panels with better interactions and fixed glitches

Shell

• 500 more commands are now listed in the recursive help command: ?*
• Backslash is now completely gone. Please use ':' or the original '=!' instead.
• Implement @@== foreach word iterator operator
• Add mwf command to write local files into remote targets
• wv1,2,4,8 accept many space-separated numbers now

Search

• New /c subcommands are now available for searching crypto stuff
• To find references to the UDS CAN table use /ru
• Find PGP and RSA encrypted keys in memory with /cg
• Search for common hashing and crypto constant tables in /ck
• Add /ab to find backward jumps (mostly loops) and handle ^C
• Initial implementation of spp, snp, /bp and /pp to find next/prev preludes

Analysis

• Improved VAX analysis, disassembly and analysis
• Esil function emulation is performed properly spotting many more xrefs and reduces falses positives.
• Default aa, aaa and aaaa analysis commands are now faster and produce better results
• Analysis plugins can be now used as a replacement for the asm ones only for disassembling. Next release will start removing unnecessary asm plugins, reducing compile times and build size.
• The new 'wan' command nops the partial instructions left, making binary patching much simpler
• Faster exit times for ^D, making interactions more fluent and reducing CI times
• Initial implementatil of ESIL macros and start reducing the instruction set
• Better x86.pseudo and varsub for strings

Debugger

• Signal handling is now displayed in human form and C with better stop reasons
• Use DRX APIs to handle breakpoint recoils only on x86-64

Signatures

• Support FLIRT v5 file format compression
• Fix bug in zaf creating zignspace
• Expand r_sign API and major refactor

New platforms:

The build system and CI packaging has been improved quite a lot, simplifying the release process and testing.

• serenityOS: unix based OS that looks like w95, with its own kernel, libraries and userland. Debugger support in r2 is not yet available for SerenityOS, but APIs are there, so it's just a matter of getting it
• Vinix: Kernel completely written in V, able to run bash, gcc or python, is now able to run r2!
• Vax/netbsd: after discovering SIMH, a Vax emulator, took me few minutes to run NetBSD and run r2 in there, no debugger support yet.
• WebAssembly is now build and published in the CI
• Tic80: For now it's just identifying and parsing the headers and placing the flags

Windows

• Building on windows is as easy as running: preconfigure, configure and make
• That will detect VS, Python, Git and setup the PATH and install Meson and Ninja for you.
• Resolve Windows APIs at runtime to fix build with mingw and improve backward compat

More details

Authors

Alex Bender Apkunpacker Azox Davide Pizzolotto Dennis Goodlett Enshin Andrey Ilya Trukhanov László Vaskó Maijin Murphy Paul I RHL120 Royos90 Sylvain Pelissier aemmitt-ns gogo hot3eed lasek0 pancake pancake

Changes

anal

• Properly stringify the RAnalOP.type field
• Implement aaff command and improve aaf? help message
• • Extend afj command to handle all jump table parameter options
• Implement 'afs*' command to export function signature info in r2 commands
• Fix afsj, taking signature args instead of fcnargs in json
• Initial import of the arm64v35 disassembler and analysis plugins
• Optimize infinite loop on non-quantum computers
• Avoid assert on avr's null cmpreg test
• Finish the tolowering of anal.noNULL
• Fix aef and aaef to actually find xrefs at least

asm

• Fix #18813 - Cannot assemble cmp w26, 0 in arm64
• Fix #18876 - Check imm bounds for some instructions in the x86.nz assembler
• Add pushf/popf instructions to x86.nz
• Use RAnalBind in RAsm to reuse RAnalPlugins to disassemble
• Update ARM64 arm.sdb.txt opcode descriptions from documentation
• Update the VAX disassembler from binutils

assembler

• Fix #18872 - New command 'wan' to write and nop affected instructions

bin

• Fix #18783 - Support ELFs with phnum > 0xFFFF
• Allow RBinPlugins to use RBinFile at check()
• Initial support for the TIC-80 Fantasy Computer cartridges
• Replace SDB with HtPU in RBin.filter_name()
• Put archinfo.{minopsz,maxopsz,align} in the output of i
• Implement ELF relocs for VAX

build

• Add portability support for Vinix
• Add meson support for the anal.arm.v35 plugin
• Add preconfigure/configure/make batch scripts for Windows
• Initial import of ./preconfigure for packaging purposes
• Improve the macOS packaging scripts
• Import radare2-win-installer files into dist/windows
• Fix meson build and proper use of cgen
• Fix system() on arm64 macOS targets (#18877)
• Initial support for capstone-less compilations
• Build and publish the ZIP with the WASI bins
• Add initial support for building r2 on WASI

ci

• Version the artifacts

cons

• Dont check out of bounds last chars
• Honor faster ^D on interactive execution path
• Fix arrow handling after fixing mouse clicking glitches

core

• Honor bool in io.va, scr.interactive, scr.prompt and cfg.fortunes
• Optimize and improve r_name_filter calls
• Add &w command to wait and run for queued commands
• Implement &: for queue commands
• Implement @@== foreach word iterator operator

debug

• Fix the windows debugger and make it more stable
• Add tests for the improved signal handling messages
• Change the way wait events are handled in the unix-debug backend
• Add 'sigstr' to the 'di' output for verboser stop reasons
• Add RSignal.toHuman() and improve RDebugReason.toString()
• Use DRX APIs to handle breakpoint recoils only on x86-64

disasm

• Support arch.* namings for the parse plugins
• Better x86.pseudo and varsub for strings
• Fix r_str_ansi_len() causing unaligned 'unaligned' words
• Improve invalid address and string parameter issues in emu.str and pd comments
• Improve x86.parse for asm.pseudo

esil

• Fix emulation for AARCH64 ldr,str,stp,ldp instructions
• Fix #18860 - mul and imul for *dx operands and 64 bit widths
• Bring back pins to esil land
• Fix POPF POPFD POPFQ not increasing stack pointer
• Add wide and math instr esil for dalvik, pac esil for arm64
• Initial implementatil of ESIL macros

fs

• Add mwf command to write local files into remote targets

io

• io.plugin.lseek -> .seek for portability (wasi related) (#18840)

panels

• Add xX key descriptions in the help message

print

• Improve the pdc output to allow recompilation
• Initial implementation of the pdo esil2c output

projects

• Dont save projects when no project is used
• Exclude files of nested rvc repos from repo_files()
• Use r_sys_whoami as the author name for r_vc_commit
• rvc add r_vc_find_rp
• Rework r_vc_checkout and fix some mem leaks
• Rework the rvc_commit functions
• Take advantage of prj.vc.type and merge rvc & git
• Fix r_vc_commit and other functions
• Major rvc api refactor to use sdb

rvc

• Fix memory leak and infinite loop in r_vc_find_rp

search

• Implement /ck command to search for crypto constant tables
• Rename /cu UDS CAN table search to /ru command
• Add PGP search for signature and RSA encrypted private keys (#18961)
• Add /cg command to search for GPG artifacts
• Update tests and add /a[?]q for quiet-legacy mode
• Use pdi in /ad output
• Initial implementation of spp, snp, /bp and /pp to find next/prev preludes
• Add /ab to find backward jumps (mostly loops) and handle ^C

shell

• Autocomplete :. command
• wv1,2,4,8 accept many space-separated numbers now
• Remove other useless and incomplete treesitter leftovers and get +400 new commands in the recursive help
• Remove colons in "?" number conversion output
• Honor < and > comparison operators in RNumMath
• Use RNum.math in "?b" to make '?b 1<<1' work
• Add scr.hist.filter to toggle the filtered history up/down search
• Improved reverse-search in command history
• Faster ^D (leave r2 without freeing the core)
• Completely eliminate the deprecated backslash command
• Add some help and better parsing for the anal hints

signatures

• Add r_sign_metric_search to r_sign.h
• Fix bug in zaf creating zignspace
• Expand r_sign API
• • Use r_sign in rasign2
    ...

5.3.1

• Assembling invalid arm64 instructions dont result in invalid representations
• Add http.basepath to support sub directory handling for proxying purposes
• Support instruction descriptions when using the r2ghidra disassembler plugin
• Fix issues and enable the garbage collector when running @vlang scripts
• Fix arm16 ldr post indexing esil expression
• Fix r2pipe regression caused by a change in RCons buffering when chaining multpile commands
• Support user defined REgg plugins
• CI: Fix macOS builds and build debian packages on ubuntu18 instead of ubuntu20
• Fix prj.vc issue on Windows
• Add support for armhf/armv7 musl builds as well
• Enable build on less capable systems disabling threads, pty and other platform functionalities separately
• Fix sorting issues on RList and foreach_prev