September 12, 2016

During the last couple of days in Barcelona, at the aurea social, everyone was at the r2con, to celebrate the 10th birthday of radare2! It was an amazing 3-days event, which first day was dedicated to trainings, while the two others were all about interesting/fancy/weird talks!

10 years old r2

We did our very best to setup a video stream, but unfortunately, we didn’t managed to get something working. But, all the talks (except one) were recorded, and are now available online! The presentation materials are available here.

By the way, we would like to thank guifinet for the network: everybody had high-speed internet over client-isolated WiFi ♥


Well, technically, the r2con didn’t started, but some people gathered around to install everything: deploying a hundred chairs, finding tables, putting the food in the fridge, trying (and failing) to make the streaming work, swearing at beamers, … and ended in a Japanese restaurant.



The morning was dedicated to learning how to use radare2: one track (slides) was lead by pancake himself, while the track2 (slides) featured the long time radare2 trainers, maijin (basic usage and tricks), jvoisin (software exploitation) and xvilka (emulation and scripting/automatization)!

pancake a-z

Track2 was in a smaller room, so it was a bit like a sauna, the only differences were that people were wearing clothes and had laptops. I think that someone mentioned a bounty about overlocking AC with radare2, but so far, I haven’t seen much results.

The afternoon had two tracks:

  • One about extending radare2 (slides), by SkUaTeR, in Spanish, but surprisingly, the language barrier didn’t prevent non-spanish from understanding most of was going on, thanks to the English slides.
  • The other one was about software exploitation (slides) with the help of radare2, by Nighterman, like how to hunt for ROP gadgets, find your way around with the stack (pxr 16 * 8 @ rsp being the best command ever by the way), using rarun2, …

During the afternoon workshop, there was a big surprise for the pancake: we offered him a big radare2-themed cake (So big that we struggled to eat it all :D)


Everyone was then invited to go have dinner together, in a big catalan restaurant:


There were some rumours about after-dinner party in Barcelona’s finest drum’n’bass club, but those events shall remain shrouded in mystery.


The morning was on a single track, led by dukebarman and dark_k3y: 4h intensive hours about how to write exploits for the AVR architecture (slides). Despite the warning about possibly broken English on the first slide, it was really interesting to grasp how to write ROP-chains on really constrained hardware resources (~20 gadgets are all that you can make shove into memory.)

There was a small hiccup for the first planned talk in the afternoon : the plan was to have our Summer of Code student oddcoder doing a remote talk, but since it seemed that the Internet Gods abandoned us, we didn’t manage to get the streaming working, so we had to postpone it to the next day :/

guedou then presented (slides) his Frankenstein monster, son of radare2 and miasm2: r2m2, to take advantage of the best of both worlds, by mixing Ruby and Python.

Jairo, who is working at intezer, a company that uses radare2 internally, to power their secret-but-soon-to-be-released-magic-product, explained how he improved the speed of PE files handling in radare2, so his company could ship a better product.

alvarofe gave a fun talk (slides) about file format. Long story short: file formats are a mess, every tool will fail at some point so they need to adapt during analysis. It also featured some demo of popular softwares crashing upon analysis/opening of some weird files.

The last talk was about decrypting iOS binaries (slides), automatically with radare2 with a new fancy tool named r2clutch, by murphy. Since radare2 can run both on your iPhone and your laptop, you can run your binary inside radare2 on your phone, and exfiltrate the decrypted binary to your laptop. r2clutch does that automatically for you :)

Also, speaking of iOS, thanks to qwertyoruiopz, we know that radare2 runs fine on iOS10:

r2 on iOS 10


Saturday, the last day of the r2con!

The first talk in the morning (it was getting harder and harder to wake up to attend the first ones) from n4x0r (from the amn3si4 CTF team) was about glibc heap visualisation (slides) using a brand new plugin already integrated into radare2! Some of the demo shown on stage where taken from the how2heap exercices from the Shellphish ;)

Also, it’s worth noting that neuroflip played some super-great chiptune music between the talks.


brainstorm, a bio/neuro-informatician, showed how he reversed and repaired his broken drone (slides) with the help of radare2! By the way, you could win his drone by implementing ESIL support for AVR ;)

We managed to establish a stable and usable connection with sushant, who presented (slides), along with xvilka, the work that was done on radeco, radare2’s own decompiler! They insisted on the fact that the other open-source decompiler do not allow the user to improve the process: they are not interactive enough, and are trying to be clever. This is the opposite of the radare2 philosophy: be conservative, when I doubt do not try to guess things, and give control to the user: he knows best. Long story short, you’ll soon be able to use your F5 key in radare2 ;)

Right before lunch, the (great) pancake did a small talk, about the present and future of radare2, mentioning the mysterious 1.0 release number. He also detailed the development model behind radare2, the weak points/complains of the frameworks (cough cough GUI cough).

Since we’re in Spain, we used Spanish time for the whole afternoon (also known as “being 2h late but it’s ok”), but at least we weren’t thirsty:


Right after lunch (at 17h), there was the talk that was cancelled on Friday: Argument and types detection in radare2 (slides), by oddcoder (one of our Summer of Code student), and xvilka. By the way, I forgot to mention, both of our presenting-students were doing it remotely, thanks to Skype and slides.com :)

oleavr explained (slides) how he wrote some code to have fun with radare2 and frida. He injected frida into some process, and analysed/modified it with the help of radare2. I would recommend anyone interested into radare2 to give a try to frida: being able to map Spotify peers with a few lines of javascript code injected into a process is really impressive!

pof did a really great talk (slides) about the decryption, hacking, repacking (and of course, playing) Street Fighter II, with radare2. He also took the time to make a thorough summary of the Street Fighter hacking scene.

Daniel Romero showed us how to unpack, extract, analyse, and finally pop a reverse shell on an embedded router.

Because it was getting late, we ordered some pizzas for everyone:


The last talk was done by Sergi Martinez, about using radare2 to reverse Linux malware (slides). While you might think that malware are a Microsoft Windows exclusive feature, the proliferation of Internet of ShitThings, a lot of shitty Linux machines are left exposed on the internet, effectively being easy targets to malwares.


It was a great event, you should have been there. Many thanks, again, to the pancake, for creating radare2 10 years ago, maintaining it, taking care of the community, and for organising the r2con!


Random anonymous quotes

Those are random quotes heard during the r2con:

Anyone knows how to overclock an AC? It’s for a friend. Extra points if you use r2

Wow, the radare2 commands are actually making sense

r2 is pretty cool

Stop speaking in Spanish ffs!

The build is broken. Ho, wait someone just fixed it.

Where is the F5 key in radare2?

Open the door please (you had to ask on telegram during the last day to enter the conference’s place.)

So Spanish time is like real time, but 2 hours late?

My best part of day is photobombing 10000 people at Sagrada Familia

There is documentation, it’s written in C