radareorg / radare2-r2pipe Goto Github PK

Access radare2 via pipe from any programming language!

Makefile 2.50% C 1.23% Shell 0.49% C++ 0.68% QMake 0.07% D 0.33% F# 0.04% C# 8.50% Erlang 0.68% Go 2.73% Haskell 0.54% Java 1.19% Groovy 0.12% Common Lisp 0.46% NewLisp 0.66% Nim 0.39% JavaScript 65.27% Rebol 0.07% Perl 2.84% Python 11.22%

r2pipe radare2

radare2-r2pipe's Introduction

r2pipe

The r2pipe APIs are based on a single r2 primitive found behind r_core_cmd_str() which is a function that accepts a string parameter describing the r2 command to run and returns a string with the result.

The decision behind this design comes from a series of benchmarks with different libffi implementations and resulted that using the native API is more complex and slower than just using raw command strings and parsing the output.

As long as the output can be tricky to parse, it's recommended to use the JSON output and deserializing them into native language objects which results much more handy than handling and maintaining internal data structures and pointers.

Also, memory management results into a much simpler thing because you only have to care about freeing the resulting string.

This directory contains different implementations of the r2pipe API for different languages which could handle different communication backends:

Grab R2PIPE{_IN|_OUT} environment variables
Spawn r2 -q0 and communicate with pipe(2)
Plain TCP connection
HTTP queries (connecting to a remote webserver)
RAP protocol (r2 own's remote protocol)

Most of the language enable asyncronous capabilities in order to handle the result of the operation in a callback, allowing a single program to interact with multiple instances or connections to different r2 sessions at the same time.

Syncronous
Asyncronous

In addition, r2pipe scripts can be used to write plugins for radare2 or extend current functionalities:

Assembler/Disassembler plugin for RAsm
RIO plugin to abstract read/write/system operations
Syscall handler for the ESIL emulator
...

The most popular implementations of r2pipe are:

NodeJS / TypeScript
Python
Swift
C/Nim/Vala/C++

But there is r2pipe for:

          pipe spawn async http tcp rap json plug lib buff
AWK         X     -     -    -    -   -    -    -   -   -
C           X     X     -    X    X   X    X    X   X   X
C++/Qt      X     X     -    -    -   -    X    -   X   -
C# / F#     X     X     X    X    -   -    -    -   X   -
Crystal     -     -     -    -    -   -    X    -   X   -
D           X     -     -    -    -   -    X    -   -   -
Erlang      X     X     -    -    -   -    -    -   -   -
Go          X     X     -    -    -   -    X    -   -   -
Haskell     X     X     -    X    -   -    X    -   -   -
Java/Groovy -     X     -    X    -   -    -    -   X   -
Lisp        -     X     -    -    -   -    X    -   -   -
NewLisp     X     X     -    X    -   -    X    -   X   -
Nim         -     -     -    X    -   -    X    -   X   -
NodeJS      X     X     X    X    X   -    X    X   -   X
Ocaml       -     X     -    -    -   -    X    -   -   -
Perl        X     X     -    X    X   -    X    -   -   -
PHP         -     X     -    -    -   -    -    -   -   -
Python      X     X     X    X    X   X    X    X   X   -
Ruby        X     X     -    -    -   -    X    -   -   -
Rust        X     X     -    X    X   -    X    -   -   -
Swift       X     X     X    X    -   -    X    -   X   -
PosixShell  X     X     -    X    -   -    X    -   -   -
Vala        X     X     X    -    -   -    -    -   -   -
V           X     X     -    -    -   -    -    X   -   -
Clojure     X     X     -    -    -   -    -    -   -   -

--pancake

radare2-r2pipe's People

Contributors

Stargazers

Watchers

Forkers

adriaandens nevun kamou katshup mrexodia techlord-rce april1989 plutec eofjack xvilka mrmacete ismailbozkurt alexkornitzer naivenom emvivre soltysek ouyangtianzuo nartes n4r1b ogre2007 tincho9 bsongis idanw206 zhangzhuosjtu hmperson1 bannsec mytbk hyask kriw a1ext gabri-termi meiraxx koffiedrinker cryptid11 s0d0ma wcq062821 wjsetzer gustavolcr beenjaminmb jhemzal maijin r2s4x tanzimok cutff michaelsant0s francostefano thestr4ng3r 5l1v3r1 dinkin haystack-ia aemmitt-ns kazarmy stjordanis kboghdady x-ecutionner zutle eagleoflqj aldian kristopher-pellizzi sumit7577 masterscott kants meme dmitescu asdeegen xiaoruiguo dagrons hartl3y94 fernandodoming skyn9ne mcgrady1 buzzer-re filipe-cogo graypwn ale0x78ey equ1miner stiv-kupchik ncatlin orangice1997 erdal-pb lgtm-migrator jmattheus jjang3 rhl120 redwoz amirulandalib secure-sdl hong539 lgq2015 ethicalsecurity-agency josephcsible dwisdom0 oxo-6072-oxo 420646826 emtee40

radare2-r2pipe's Issues

Windows r2pipe + python asyncio issues

I hope I'm doing this right, but there seems to be an issue when running r2pipe on Windows. I have a clean Win7 (x64) install with python 2 & python 3 installed.

Radare2 Version

PS C:\Users\admin> radare2 -v
radare2 3.1.0 1 @ windows-x86-64 git.3.1.0
commit: 0743c84ac3f1477439ab2aa54d7005eaa50dcd7e build: Mon 11/26/2018__ 3:08:07.27

r2pipe version (for python 2/3)

PS C:\Users\admin> pip2 show r2pipe
Name: r2pipe
Version: 1.0.0
Summary: Pipe interface for radare2
Home-page: http://rada.re
Author: pancake
Author-email: [email protected]
License: MIT
Location: c:\python27\lib\site-packages
Requires:
Required-by:

PS C:\Users\admin> pip3 show r2pipe
Name: r2pipe
Version: 1.0.0
Summary: Pipe interface for radare2
Home-page: http://rada.re
Author: pancake
Author-email: [email protected]
License: MIT
Location: c:\python37\lib\site-packages
Requires:
Required-by:

Creating the bug

When running in Python3

PS C:\Users\admin> python
Python 3.7.1 (v3.7.1:260ec2c36a, Oct 20 2018, 14:57:15) [MSC v.1915 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import r2pipe
>>> r = r2pipe.open('c:\windows\system32\calc.exe')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Python37\lib\site-packages\r2pipe\open_async.py", line 34, in __init__
    watcher = asyncio.get_child_watcher()
  File "C:\Python37\lib\asyncio\events.py", line 767, in get_child_watcher
    return get_event_loop_policy().get_child_watcher()
  File "C:\Python37\lib\asyncio\events.py", line 603, in get_child_watcher
    raise NotImplementedError
NotImplementedError

When running in Python2

PS C:\Users\admin> C:\Python27\python.exe
Python 2.7.15 (v2.7.15:ca079a3ea3, Apr 30 2018, 16:30:26) [MSC v.1500 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import r2pipe
>>> r = r2pipe.open('c:\windows\system32\calc.exe')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Python27\lib\site-packages\r2pipe\open_sync.py", line 52, in __init__
    fl = fcntl.fcntl(fd, fcntl.F_GETFL)
AttributeError: 'NoneType' object has no attribute 'fcntl'

I confirmed that I could open a binary using R2, so the issue seem to exist in r2pipe.open() only.

OCaml r2pipe cleanup

Remove duplication - why two almost identical interfaces?
Update opam package https://github.com/ocaml/opam-repository/tree/master/packages/radare2
Ask to remove obsolete r2pipe package https://github.com/ocaml/opam-repository/tree/master/packages/r2pipe

r2pipe open

My python script right now opens a pipe using r2 = r2pipe.open() without any arguments, and is invoked like [0x0401000] . script.py. It needs to collect data by performing some automation tasks then give control back to the user in r2 who invoked it. But at the same time I want it to remain running in the background so that I may continue to invoke it and perform more analysis as I move along. Thus it acts like a server waiting for commands to forward into my live r2 session. Running the script from within the session will cause r2 to block since the script is waiting for my own commands. Is there a way to explicitly open a pipe to an existing r2 session without having to invoke a script from within that session?

r2pipe python init.py relative import would not work in python3

https://github.com/radare/radare2-r2pipe/blob/master/python/r2pipe/__init__.py#L40-L44

try:
	import native
	has_native = True
except:
	has_native = False

Since python3 forbidden relative import has_native would always be False in py3. How about change it to something like from native import RCore and modify https://github.com/radare/radare2-r2pipe/blob/master/python/r2pipe/__init__.py#L206. It seems currently RCore is the only attribute used from native.

Install error on Window 10

I am trying to install r2pipe on windows 10, 64 bit, but it always fails with the following error

H:\PythonProjects\abdb_patcher>pip install r2pipe
Collecting r2pipe
  Using cached r2pipe-0.9.8.tar.gz
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "c:\users\harjot\appdata\local\temp\pip-build-qqhd4v\r2pipe\setup.py", line 2, in <module>
        import r2pipe
      File "r2pipe\__init__.py", line 45, in <module>
        from .native import RCore
      File "r2pipe\native.py", line 9, in <module>
        lib = WinDLL(find_library('r_core'))
      File "c:\python27\lib\ctypes\__init__.py", line 362, in __init__
        self._handle = _dlopen(self._name, mode)
    TypeError: expected string or Unicode object, NoneType found

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in c:\users\harjot\appdata\local\temp\pip-build-qqhd4v\r2pipe\

Implement rap:// protocol handling in r2pipe.py and .js

Right now is handled by the r2 session

r2pipe python-async seems much slower than previous sync version

Please correct me if this is due to my insufficient python3/asyncio skills, but it seems like the new python-async version is much slower than the previous synchronized one.

A quick test (values are means of some iterations, the r2 specific cmd doesn't matter):

$ python3 --version
Python 3.5.3

Synchronous version (version 2.4.0 commit 007f1d6):

start = time.perf_counter()
res = r2.cmd("pxq 8 @0x%0.16x" % location)
print (time.perf_counter() - start)

7.534199903602712e-05

Asynchronous version (version 2.8.0, commit 6f60dee):

start = time.perf_counter()
res = r2.cmd("pxq 8 @0x%0.16x" % location).result()
print (time.perf_counter() - start)

0.023162505000072997

That's a performance detoriation by roughly factor 300 per r2 command. As I see it there is currently no way to fall back to the synchronous version in 2.8.0 (apart from messing with the python version). Would it be possible to bring back the synchronous version for python3 (or enlighten me what I am doing wrong here)?

pip install r2pipe error on Windows 7

When i try to install r2pipe in Windows 7 i get the following error:

> python.exe -m pip install r2pipe                                                                                           
Collecting r2pipe                                                                                                            
  Using cached r2pipe-0.9.5.tar.gz                                                                                           
    Complete output from command python setup.py egg_info:                                                                   
    Traceback (most recent call last):                                                                                       
      File "<string>", line 1, in <module>                                                                                   
      File "c:\users\andrea\appdata\local\temp\pip-build-pogrdt\r2pipe\setup.py", line 2, in <module>                        
        import r2pipe                                                                                                        
      File "r2pipe\__init__.py", line 32, in <module>                                                                        
        import fcntl                                                                                                         
    ImportError: No module named fcntl                                                                                       
                                                                                                                             
    ----------------------------------------                                                                                 
Command "python setup.py egg_info" failed with error code 1 in c:\users\andrea\appdata\local\temp\pip-build-pogrdt\r2pipe\

note: I'm using python 2.7.14 amd64

Popen and PIPE undefined in open_base.py

Both Popen and PIPE are not imported in open_base.py.

A quick import fixes it for me (python 3.7.3, Arch Linux).

Can I submit a quick PR?

TypeError: a bytes-like object is required, not 'str'

I'm trying to use r2pipe in Python 3 and keep running into the error "TypeError: a bytes-like object is required, not 'str'" when using the cmd() function. I have updated r2pipe via pip3, updated r2 to the latest version, and even updated r2pm just in case that would help any. I am running this on a Manjaro Linux machine, though I'm not sure if that would cause any problems. Here is the exact error I am getting:

Traceback (most recent call last):
File "test.py", line 4, in
r2.cmd( 'aa' )
File "/usr/lib/python3.6/site-packages/r2pipe/init.py", line 274, in cmd
res = self._cmd(cmd)
File "/usr/lib/python3.6/site-packages/r2pipe/init.py", line 214, in _cmd_pipe
os.write(self.pipe[1], cmd)
TypeError: a bytes-like object is required, not 'str'

Not working examples of using r2 via web interface

I can see all (?) the r2pipe bindings contains an example to talk with r2 via http by connecting to http://cloud.radare.org/cmd/. It looks like this address doesn't work.

Also the 'Try' link on radare2's main page uses a different address (I think for the same purpose) -
http://cloud.radare.org/enyo which also doesn't work.

Will those addresses operate again or maybe it makes sense to do a cleanup and remove those HTTP examples from the repository? If so I can do it.

Modify section permissions with python

Hi to all,
with some change in the radare2 behavior I can't use the "S" command to modify the section permission.
I need to make executable all the sections of a binary file in order to find all the functions, by default radare2 does not scan not executable section
Thus I want to ask how I can achieve this task in python with the r2pipe api

(Dotnet) Infinite loop in RunCommand; StandardOutput always returns 0xFFFF

Example code where it hangs (the exact file I have it open doesn't matter, the issue persists no matter what I choose): https://gist.github.com/BenHall-7/5cb97c1f7d4e3453b7e8cfbba301ceef
And of course the files I choose open fine in regular r2.

The r2pipe commit I'm using is the current one (#399), but I'm not sure how up to date my build of radare2 is. It's from only a few months ago at most (maybe that presents an issue, but I figure there's something else I'm missing that causes this).

Some more details from the situation: when StandardInput is written to (the command "i" in this case) it does manage to write that value to the buffer, however after Flush is called those values are still there, and I'm not sure if that's part of the issue. The BaseStream of StandardOutput however has the underlying buffer set to null and a lot of fields throw exceptions.

This might not necesarily be an issue with the code on this respository per-se, but I've run out of ideas to try and fix this and I'm hoping someone else can identify a possible cause

Python: Truncated output from r2.cmd

Hi,

I am testing r2pipe in Python and i have a case where the url that open generates a lot of output.
The rest of my script attempt to run pd 10 and get the result:

r2 = r2pipe.open(url, ['-d'])
output = r2.cmd("pd 10")
logging.info(output)
r2.cmd('q!')

When logging prints the content of output, the output appears to have been truncated:

libvirt: QEMU Driver error : Domain not found: no domain with matching name 'xenwin7'
--failed to find kvm domain
LibVMI Version 0.11.0
LibVMI Driver Mode 0
--completed driver init.
--got id from name (xenwin7 --> 2)
**set image_type = xenwin7
**set allocated_ram_size = 7d04a000, max_physical_address = 0xff000000
libvirt: QEMU Driver error : Domain not found: no domain with matching name 'xenwin7'
= attach 1452 1452
= attach 1452 0
INFO:root:_reg_profile
__open
VM: xenwin7, PID: 1452
Initializing LibVMI
--failed to find kvm domain
LibVMI Version 0.11.0
LibVMI Driver Mode 0
--completed driver init.
--got id from name (xenwin7 --> 2)
**set image_type = xenwin7
**set allocated_ram_size = 7d04a000, max_physical_address = 0xff000000
**set pae = 1
**set pse = 1
**set lme = 1
**IA-32e paging
**sanity checking cr3 = 0x0000000000187000
--looking for config file at /home/tarrma/fsecure/radare2-extras/vmi/libvmi.conf
--looking for config file at /home/tarrma/etc/libvmi.conf
--looking for config file at /home/tarrma/etc/libvmi.conf
--looking for config file at /etc/libvmi.conf
**Using config file at /etc/libvmi.conf
**set os_type to Windows.
LibVMI Suggestion: set win_ntoskrnl=0x281b000 in libvmi.conf for faster startup.
LibVMI Suggestion: set win_kdbg=0x1e9070 in libvmi.conf for faster startup.
LibVMI Suggestion: set win_kdvb=0xfffff80002a04070 in libvmi.conf for faster startup.
__reg_profile
__getpid
__getpid
__select
__system command: pid 1452
__kill, sig: 0
__reg_read, type: 0, size:7168
__reg_profile
__getpid
__getpid
__select
__system command: pid 1452
__kill, sig: 0
__reg_read, type: 0, size:7168
Attaching to pid 1452...
Listening on VMI events...
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 860, CR3: 0x14cd1000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 1476, CR3: 0x68eb9000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 1476, CR3: 0x68eb9000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 1476, CR3: 0x68eb9000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 380, CR3: 0x20c66000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 1724, CR3: 0x505f9000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 572, CR3: 0xeaaf000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 572, CR3: 0xeaaf000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 1156, CR3: 0x187ff000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 1476, CR3: 0x68eb9000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 808, CR3: 0x15088000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 808, CR3: 0x15088000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 472, CR3: 0x20066000
Listening on VMI events...
cb_on_cr3_load
Intercepted PID: 4, CR3: 0x187000
Listening on VMI events...
cb_on_cr3_load
Intercep

As you can see the last line is Intercep, and this whole output is the one from the open method.
So there is a limit somewhere in the buffer returned by r2.cmd, which prevents me from receiving the complete output of my commands.

Info

r2 -v
radare2 2.5.0-git 17625 @ linux-x86-64 git.2.4.0-103-g1b30ca2
commit: 1b30ca283c9f8a2b04add7020f7e1165ee857f8f build: 2018-03-14__13:38:18

pip3 info r2pipe
Name: r2pipe
Version: 0.9.8
Summary: Pipe interface for radare2
Home-page: http://rada.re
Author: pancake
Author-email: [email protected]
License: MIT
Location: /usr/local/lib/python3.5/dist-packages
Requires:

Thanks !

Disabling warnings from r2pipe

Hi, we are processing a large number of binaries using r2pipe (python), and have been trying to find a way to disable warnings. Mainly, whenever we open the pipe we get:
Warning: cannot initialize dynamic strings

As you can imagine, when this occurs over 100+ times it can get quite frustrating. I've so far tried editing r2's init.py and setting stderr=PIPE to stop it being printed to the terminal, but as that didn't work im assuming this output is to stdout.

Any ideas?

Python3 Script "a bytes-like object is required"

I hope I'm not doing something wrong.
It works fine when running the script on its own, but fails if run with r2 -i <script> . This issues appears to be similar to #64 and #57 but I can't figure out how to implement the fix.

Versions

$ radare2 -v
radare2 3.1.0-git 20082 @ linux-x86-64 git.3.0.1-273-g6d0f9ce
commit: 6d0f9ce282926af91d1350acaf4722a56a0467b0 build: 2018-11-18__13:29:11
$ pip freeze | grep r2pipe
r2pipe==0.9.9

Python3 script

$ cat r2.py 
import r2pipe
r = r2pipe.open()
r.cmd('aaa')

Running the script

$ r2 -i r2.py test.x 
Traceback (most recent call last):
  File "r2.py", line 4, in <module>
    r.cmd('aaa')
  File "/home/ck/.local/lib/python3.5/site-packages/r2pipe/__init__.py", line 274, in cmd
    res = self._cmd(cmd)
  File "/home/ck/.local/lib/python3.5/site-packages/r2pipe/__init__.py", line 214, in _cmd_pipe
    os.write(self.pipe[1], cmd)
TypeError: a bytes-like object is required, not 'str'
 -- Use zoom.byte=entropy and press 'z' in visual mode to zoom out to see the entropy of the whole file
[0x004004c0]>

No output from r2pipe since latest updates

radare2 2.2.0-git 16829 @ darwin-x86-64 git.2.1.0-188-g032aff2d5
commit: 032aff2d556a70dfcc391d111f5aaeda2423c70a build: 2017-12-21__22:58:03

r2pipe==0.9.6

Since the latest updates, I cant get any output from the python r2pipe. I have tested this on multiple systems and the issue seems to persist. Second machine had r2pipe version 0.9.4 installed.

Perl namespaces shouldnt be "Pwn"

what about Radare ? :p

use Radare:r2pipe;

instead of

use Pwn::r2pipe;

Multiple commands injection into `cmd`/`cmdj` while implementing automation scripts

Environment

Windows 7 x64
radare2 version: built with debug su

radare2 3.1.0-git 19775 @ windows-x86-64 git.3.0.1-19-g92982e44f
commit: 92982e44f8cd4a1908829200787d6a6ca50929bb build: 23.10.2018__22:56:48,08

Story

While working on some new sample, I was writing a script for decoding embed strings. It has some getting pointers, reading encrypted string, string deciphering and adding a comment to the place, where the string is. Script is looked as the following:

r2 = r2pipe.open(r'path-to-a-binary')
ea = 0x14002a1f0
end_ea = 0x14002ae10

while ea < end_ea:
        va = r2.cmdj('pxqj 8 @ 0x%x' % ea)  # read qword of string pointer
        if not va:
            break
        va = va[0]

        s = r2.cmd('px0 @ 0x%x' % va)  # should be optimized, in case there is 2GB string :)
        if not s:
            break
        s = bytes.fromhex(s) + b'==='
        if not s:
            print('- cannot get str at %08x' % ea)
            break

        try:
            print('trying to decrypt: %08x' % va)
            decr = decrypt_str(s)
            print('%08x: "%r"' % (va, decr.decode('utf8')))
            r2.cmd('CCa 0x%x "%s"' % (va, decr.decode('utf8')))  # <<< problem command
        except:
            print('cannot decode string at %08x "%s": %s' % (va, s, traceback.format_exc()))
        ea += 8

While running this script I got the assertion failure:

That was strange, because a stack trace showed that this code is inside rading from console:

Digging deeper into this, I realized that some of the comments which was passed to CCa command had have \n inside. So, that means a comment string was splitted by radare by \n and interpreted as a separate command. The following code finfirmed my thoughts:

the string after \n is lol and was interpreted by radare2 as list files and directories command.

This means if user automatically decrypts some string and wanted to store it as a comment, he can occasionnaly run some valid radare2 command and pwn itself. For example he can write some shellcode and execute it or spawn some shell command.

get path of the loaded binary when using #!pipe

Hi guys,
i'm writing a radare plugin using r2pipe and i want to know the path of the binary loaded in radare.
There is a command to do that? I searched a lot in the documentation without results.
Thanks :)

python r2pipe.open() with no args is opening malloc://512

I believe this bug was introduced with the changes made on Dec 6.

Basically, if I call r2pipe.open() with no args, instead of opening the pipe to the running radare2 instance, a new copy of radare2 runs with '-' as the file, which causes it to run malloc://512.

Ex This code:

import r2pipe,os
r = r2pipe.open()
data = r.cmdj("ij")
print data

Always returns this:
[0x00001060]> . test_r2pipe.py
{u'core': {u'humansz': u'512', u'obsz': 0, u'format': u'any', u'fd': 3, u'mode': u'rwx', u'file': u'malloc://512', u'iorw': True, u'type': u'', u'block': 256, u'size': 512}}

See line 47 in open_sync.py.

The variables are being properly set in the call to super(), but they get overwritten in the block of code starting there.

Feed r2pipe with u?int8_t*

I'm holding a PE into a uint8_t* buffer, and I want to give it to r2 through r2pipe for basic analysis.
I can't find a way to do it without creating a temporary file.

Does anyone have an idea ?

Write proper mocha testsuite for NodeJS

And ensure the following tests work as expected

There are some code constructions that can result in failed attempts, when the code looks good.

openSync() with 1 parameter

var r2pipe = require ('r2pipe');
r2pipe.openSync(function(r2) {
   console.log(r2.cmd('?e hello world'));
});
// TypeError: First argument must be file descriptor

openSync() with no parameters

var r2pipe = require ('r2pipe');
var r2 = r2pipe.openSync();
console.log(r2.cmd('?e hello world'));
// TypeError: First argument must be file descriptor

open() with 1 parameter

var r2pipe = require ('r2pipe');
r2pipe.open(function(r2) {
   r2.cmd('?e hello world', console.log);
});
// TypeError: First argument must be file descriptor

open() with no parameters

var r2pipe = require ('r2pipe');
var r2 = r2pipe.open(); // XXX if no parameters we should connect in sync but continue async
r2.cmd('?e hello world', console.log);
// TypeError: First argument must be file descriptor

Python3 usage example fails with v1.0.0

I am seeing a failure of the simple usage example when I use v1.0.0 of r2pipe from pip with python3.

Here's what I see:

(tmp) $ python
Python 3.5.2 (default, Nov 23 2017, 16:37:01)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import r2pipe
>>> r2pipe.VERSION
'1.0.0'
>>> r2 = r2pipe.open("/bin/ls")
>>> r2.cmd('aa')
<Task finished coro=<open._cmd_process() done, defined at /home/jkimpel/tmp/lib/python3.5/site-packages/r2pipe/open_async.py:95> result=''>
>>> print(r2.cmd("afl"))
<Task finished coro=<open._cmd_process() done, defined at /home/jkimpel/tmp/lib/python3.5/site-packages/r2pipe/open_async.py:95> result=''>
>>> print(r2.cmdj("aflj"))  # evaluates JSONs and returns an object
r2pipe.cmdj.Error: Expecting value: line 1 column 1 (char 0)
None
>>> r2.quit()
>>> quit()
Exception ignored in: <bound method BaseEventLoop.__del__ of <_UnixSelectorEventLoop running=False closed=True debug=False>>
Traceback (most recent call last):
  File "/usr/lib/python3.5/asyncio/base_events.py", line 431, in __del__
  File "/usr/lib/python3.5/asyncio/unix_events.py", line 58, in close
  File "/usr/lib/python3.5/asyncio/unix_events.py", line 139, in remove_signal_handler
  File "/usr/lib/python3.5/signal.py", line 47, in signal
TypeError: signal handler must be signal.SIG_IGN, signal.SIG_DFL, or a callable object
Exception ignored in: <bound method BaseSubprocessTransport.__del__ of <_UnixSubprocessTransport closed pid=7951 running stdin=<_UnixWritePipeTransport closed fd=7 closed> stdout=<_UnixReadPipeTransport closing fd=9 open>>>
Traceback (most recent call last):
  File "/usr/lib/python3.5/asyncio/base_subprocess.py", line 126, in __del__
  File "/usr/lib/python3.5/asyncio/base_subprocess.py", line 101, in close
  File "/usr/lib/python3.5/asyncio/unix_events.py", line 376, in close
  File "/usr/lib/python3.5/asyncio/unix_events.py", line 404, in _close
  File "/usr/lib/python3.5/asyncio/base_events.py", line 497, in call_soon
  File "/usr/lib/python3.5/asyncio/base_events.py", line 506, in _call_soon
  File "/usr/lib/python3.5/asyncio/base_events.py", line 334, in _check_closed
RuntimeError: Event loop is closed

Here's the same test using v0.9.9 (I truncated the results for brevity):

(tmp) $ python
Python 3.5.2 (default, Nov 23 2017, 16:37:01)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import r2pipe
>>> r2pipe.VERSION
'0.9.9'
>>> r2 = r2pipe.open("/bin/ls")
>>> r2.cmd('aa')
''
>>> print(r2.cmd("afl"))
0x004022b8    3 26           sym._init
0x004022f0    1 6            sym.imp.__ctype_toupper_loc
...omitting long listing...
0x00413c30    3 41   -> 31   fcn.00413c30
0x00413c5c    1 9            sym._fini
>>> print(r2.cmdj("aflj"))
WARNING: r_anal_fcn_cc: assertion 'result > 0' failed (line 1990)
WARNING: r_anal_fcn_cc: assertion 'result > 0' failed (line 1990)
[{'name': 'sym._init',
...omitting large json...
'cost': 5}]
>>> r2.quit()
>>> quit()

Here are some details of my environment:

$ lsb_release -d
Description:	Ubuntu 16.04.5 LTS
$ python3 --version
Python 3.5.2
$ r2 -version
radare2 3.1.0-git 19774 @ linux-x86-64 git.3.0.1-18-g6941e5b
commit: 6941e5bd6649228024ba9964a2c4cc01a799629f build: 2018-10-23__07:31:58

R2Pipe Python can't load project files without binary

Due to how the filename argument is passed into subprocess.Popen, I cannot pass in the flags to open r2 with a project file without needing to also supply an actual binary.

I think R2Pipe should allow a user to specify a project file or an actual binary to open r2 with.

Handle batched commands with python API

Putting in commands with multiple parts (eg. foo.cmd('aa; axt foo')) desyncs at least the python API, as r2 sends a NULL as each command finishes, and r2pipe only expects one and stops reading there. Can we handle this or put a note somewhere obvious?

Rap not adding text comments as expected

From @bannsec

I'm attempting to use rap protocol to add comments to a remote r2 server. The setup is:

r2 ./binary
=&:12345

Then in a second window (in python):

r2 = r2pipe.open("rap://127.0.0.1:12345")
r2.cmd('T test')

Oddly enough, when I do a r2.cmd('T') in the python window, it shows the text. But when i just do T in the r2 window, it does not show the text.

I'd like to be able to send text/other remote commands to the r2 server that update that r2 instance.

radareorg/radare2#10378

Examples of using r2pipe to write plugins?

From README:

In addition, r2pipe scripts can be used to write plugins for radare2 or extend current functionalities:

Assembler/Disassembler plugin for RAsm

RIO plugin to abstract read/write/system operations

Syscall handler for the ESIL emulator

...

Are there examples of how to actually do any of these things? I couldn't find any, the closest thing seemed to be using r2lang instead.

Merge Ocaml + OcamlR2 implementations

We should have only one ocaml

Implement R2PIPE_IN|OUT For Ruby r2pipe bindings

Fix the process.nextTick issue

https://howtonode.org/understanding-process-next-tick

r2pipe Python returns empty string

Hi,

I have a case here where I use r2pipe to script a debugger plugin for radare2
https://github.com/Wenzel/r2vmi/blob/master/examples/watch_syscall.py

What my script is doing:

r2 = r2pipe.open(r2_url, ["-d", "-2"])
r2.cmd('db {}'.format(hex(syscall_addr)))
r2.cmd('dc')
registers = r2.cmdj('drj')
...

The problem i'm facing, is that sometimes the drj command fails because the JSON returned is invalid.

By investigating a bit the problem, i spawned an IPython shell right after r2.cmd('db {}'.format(hex(syscall_addr))), and i observed this behavior:

So sometimes r2pipe is not getting the right command output.

Any ideas ?
Thanks.

Failed to retrieve cmd/cmdj results on python r2pipe 1.0.0

When using r2pipe 1.0.0, it has issues to retrieve cmdj/cmd results. Here are some of the tries.

The behavior is quite different from previous one such as 0.9.9 where we can use cmdj/cmd to get the output directly.

Bug in argument of -d

r2 = r2pipe.open(["-d","AAABBB"]) is debugging the argument instead of the binary via @bannsec

From radareorg/radare2#11341

Timeout commands

Hi,
I need to set a timeout to the aaaa command, because I need to automatically analyze various samples, so if there is one that can "stuck" the analysis for long time, I prefer to stop and use a lighter command (like "aa")
How I can do it?
Thanks in advance

r2pipe python (dc) problem

Hello, I'm trying to use r2pipe python, but it seems not working (Release r2pipe.py 1.2.0).

File: test_r2pipe.py

import r2pipe

r = r2pipe.open("./test")
r.cmd('doo')
r.cmd('aa')
r.cmd('db main')
r.cmd('dc')
r.cmd('dr')
r.cmd('dc')

Simple file to test test.c

#include <stdio.h>

void main(){
    printf("hello\n");
}

So I run the python script

$ python3 test.py 
Process with PID 4956 started...
File dbg:///home/invictus1306/Documents/temp_r2_issue/test  reopened in read-write mode
= attach 4956 4956

No output, and with a different program that require user inputs, there is no possibility to add it.

The same problem is present also in the last version of r2.

Python3 r2.cmdj: invalid JSON received

Hi,

I was trying to use the latest r2pipe Python bindings on radare/radare2 Docker container, and using the r2.cmdj command always results in this output:

r2pipe.cmdj.Error: Expecting value: line 1 column 1 (char 0)

Dockerfile to reproduce the bug

FROM radare/radare2

USER root
RUN apt-get update && apt-get install -y python3-pip
RUN pip3 install r2pipe
USER r2

CMD ["python3", "-c", "import r2pipe; r2 = r2pipe.open('/bin/ls'); r2.cmdj('pd 10')"]

My test script

import r2pipe
r2 = r2pipe.open('/bin/ls')
r2.cmdj('pd 10')

Thanks !

utf8-decode! Very easy fix.

Hi guys! Please remove this decode as sometimes the output isn't utf8-decodeable. I'm referring to the file open_sync.py where I think you should remove the ".decode('utf-8')" piece of code in the _cmd_process function. thanks!

r2pipe output from one command does not correspond to json equivalent.

This isn't making much sense to me, but if I analyse a function such as the snippet here using pdf:
<...snip....>
0x004210aa 0f8454ffffff je 0x421004
0x004210b0 4981fa001000. cmp r10, 0x1000
0x004210b7 0f8447ffffff je 0x421004
0x004210bd 31c0 xor eax, eax
0x004210bf e9fefeffff jmp 0x420fc2

the end of the json output (pdfj) doesn't seem to be correct. I'm mainly trying to extract the byte code, and I end up with:
{"offset":4329642,"esil":"zf,?{,4329476,rip,=,}","refptr":false,"fcn_addr":4329120,"fcn_last":4329662,"size":6,"opcode":"je 0x421004","bytes":"0f8454ffffff","family":"cpu","type":"cjmp","type_num":2147483649,"type2_num":0,"jump":4329476,"fail":4329648},{"offset":4329648,"size":1,"type":"invalid"}, {"offset":4329649,"size":1,"type":"invalid"},{"offset":4329650,"esil":"$0,if,=","refptr":false,"fcn_addr":4329120,"fcn_last":4329667,"size":1,"opcode":"cli","bytes":"fa","family":"priv","type":"mov","type_num":9,"type2_num":0},{"offset":4329651,"size":1,"type":"invalid"}]

You can see that after the je instruction, all it sees are a load of invalid 1 byte operations.

Improve "no r2 installed" error for NodeJS

C example is not working

the compiled with gcc -o test test.c -I /usr/include/libr -lr_socket -lr_util probably blocks the main thread because the only output is [+] r2pipe child is <PID> and hangs forever without any result from r2cmd.

example: https://asciinema.org/a/1tq7b85zhzrxgpmt2qhcyrcbt
My system is x86_64 Arch 4.8.13
radare2 1.1.0 9999999 @ linux-x86-64 git.1.1.0
commit: HEAD build: 2016-12-20

r2pipe TextIOWrapper error

Hi,
updating radare2 to the last commit, now I have a TextIOWrapper error

'file' object has no attribute 'readable'

r2 -v

radare2 2.2.0-git 16646 @ darwin-x86-64 git.2.1.0-62-g410ca0980
commit: 410ca098030e18f9cff00d49c45499fa33b4f1db build: 2017-12-04__10:40:40

pip freeze | grep r2pipe

r2pipe==0.9.3

using r2 to analyze directly the file I have not any problem

Python: MANIFEST.in doesn't contain itself

Because of this issue, when extracting and rebuilding distribution, the new distribution is corrpted (because it tries to read the README.md in the setup.py, but this file isn't in the distribution.)

TypeError on python3 when calling r2.quit()

Hello,

Installed versions:

$ radare2 -v
radare2 2.5.0-git 17803 @ linux-x86-32 git.2.4.0-282-g43af9e3bb
commit: 43af9e3bb2ac50cd755d0ee89aca33bd3607e0ff build: 2018-04-06__15:17:12
$ pip freeze | grep r2pipe
r2pipe==0.9.9
$ pip3 freeze | grep r2pipe
r2pipe==0.9.9

R2-pipe test file test.py:

import r2pipe
r2 = r2pipe.open()
r2.quit()

It works if called with python2, but it breaks if called with python3 (both installed with pip and pip3):

$ radare2 /bin/ls
[0x00003dad]> #!pipe python2 ./test.py
[0x00003dad]> #!pipe python3 ./test.py
Traceback (most recent call last):
  File "./test.py", line 3, in <module>
    r2.quit()
  File "/usr/local/lib/python3.6/dist-packages/r2pipe/__init__.py", line 260, in quit
    self.cmd("q")
  File "/usr/local/lib/python3.6/dist-packages/r2pipe/__init__.py", line 274, in cmd
    res = self._cmd(cmd)
  File "/usr/local/lib/python3.6/dist-packages/r2pipe/__init__.py", line 214, in _cmd_pipe
    os.write(self.pipe[1], cmd)
TypeError: a bytes-like object is required, not 'str'

write strings doesn't work on r2pipe

import r2pipe; r2 = r2pipe.open('mybinary', flags=['-w']); r2.cmd('s myaddress'); r2.cmd('w blabla')

Strings wrote with scripts aren't persistent as they should.
It's a problem only with "w" command, if i do r2.cmd('wx 9090') for example it works...

My version of radare is radare2 2.7.0-git 18567 @ linux-x86-64 git.2.6.0-369-ga00d09e5d commit: a00d09e5d05a7fe19805c9e4e71c2672df25e650 build: 2018-06-25__18:55:51
and i've tested it with Fedora 27

Modernize r2pipe.js to use more ES6

Use let and const where possible.
Arrow functions in examples
Support coroutines with generators and such (future premises)

Python3 module fails after 1 command

Hi, the latest r2pipe module fails with python3.6 on the 2nd command with r2pipe.cmdj.Error: I/O operation on closed file

The cause of the error seems to be the TextIOWrapper being created on every call in https://github.com/radare/radare2-r2pipe/blob/55b275a91287e26a60b367db5d7c3edc8bead416/python/r2pipe/__init__.py#L169

This fixes it for me:

diff --git a/python/r2pipe/__init__.py b/python/r2pipe/__init__.py
index 99be568..8eff472 100644
--- a/python/r2pipe/__init__.py
+++ b/python/r2pipe/__init__.py
@@ -166,7 +166,10 @@ class open:
                 if sys.version_info >= (3, 0):
                         self.process.stdin.write(bytes(cmd + '\n', 'utf-8'))
                         # XXX: Use the TextIOWrapper or we can get stuck in an endless loop!
-                        r = TextIOWrapper(self.process.stdout, encoding='utf8')
+                        r = getattr(self, '_process_stdout_wrapper', None)
+                        if r is None:
+                                r = TextIOWrapper(self.process.stdout, encoding='utf8')
+                                self._process_stdout_wrapper = r
                 else:
                         self.process.stdin.write(cmd + '\n')
                         r = self.process.stdout

R2Pipe Python Fails Sometimes

So, I can't seem to figure out why and what is causing r2pipe to fail for me.
I am writing a program to essential go a list of binaries, get the functions, and select certain functions that I have marked as of interest and run ag [func] to obtain their dot graph.

Yet, I have not been able to figure out why my code will return NoneType object errors with ag [func] on all of the functions except main when I simple comment out handle.cmd('aaa') and uncomment the other one command. Yet, the current implementation below works 100% of the time. Why and how would a previous command impact other commands?

def openBinary(file):
    handle = r2pipe.open(file)
    handle.cmd('aaa')
    #handle.cmd('e anal.jmptbl=true;e anal.jmpref=true;e anal.jmpabove=true;aaa')
    return handle

I am also positive that the only command in my code that appears to fail is ag [func]. Other commands such as af had to be commented out as well as they seemed to impact both my aflj and ag command.

Merge r2pipe.py and -async

r2pipe cannot `open` when it is being called from radare2 (using pipe)

I have the following python code (test_r2lang_pipe.py) to check is pipe connection with radare2 works:

from __future__ import print_function

import sys
# sys.path.append(r't:\radare2-r2pipe\python')
print('python ver:', sys.version)
import r2pipe
r = r2pipe.open()
r.cmd('aa')
print(r.cmd('pd 10'))

When I run it on Windows with Python 2 it works well:

# radare2 -i t:\radare2-r2pipe\python\examples\test_r2lang_pipe.py rabin2.exe
python ver: 2.7.15 (v2.7.15:ca079a3ea3, Apr 30 2018, 16:30:26) [MSC v.1500 64 bit (AMD64)]
[x] Analyze all flags starting with sym. and entry0 (aa)
/ (fcn) entry0 373
|   entry0 (int arg5, int arg2);
|       :   ; var int local_8h @ rsp+0x8
|       :   ; var int local_10h @ rsp+0x10
|       :   ; var int local_20h @ rsp+0x20
|       :   ; var int local_40h @ rsp+0x40
|       :   ; var int local_48h @ rsp+0x48
|       :   ; arg int arg5 @ r8
|       :   ; arg int arg2 @ rsi
|       :   0x14001a6f4      4883ec28       sub rsp, 0x28              ; '('
|       :   0x14001a6f8      e85b050000     call 0x14001ac58
|       :   0x14001a6fd      4883c428       add rsp, 0x28              ; '('
\       `=< 0x14001a701      e972feffff     jmp 0x14001a578
            0x14001a706      cc             int3
            0x14001a707      cc             int3
            0x14001a708      4053           push rbx
            0x14001a70a      4883ec20       sub rsp, 0x20
            0x14001a70e      488bd9         mov rbx, rcx
            0x14001a711      33c9           xor ecx, ecx
 -- Initial frame selected; you cannot go up.
[0x14001a6f4]> q

But when I run it with Python 3 it fails:

# set PATH=c:\Python36x64;%PATH%
# radare2 -i t:\radare2-r2pipe\python\examples\test_r2lang_pipe.py rabin2.exe
python ver: 3.6.6 (v3.6.6:4cf1f54eb7, Jun 27 2018, 03:37:03) [MSC v.1900 64 bit (AMD64)]
Invalid Handle Value
Could not open pipe
Traceback (most recent call last):
  File "t:\radare2-r2pipe\python\examples\test_r2lang_pipe.py", line 10, in <module>
    print('`aa` returned:', r.cmd('aa'))
  File "c:\Python36x64\lib\site-packages\r2pipe\open_base.py", line 197, in cmd
    res = self._cmd(cmd, **kwargs)
AttributeError: 'open' object has no attribute '_cmd'