Aug 05 2020

Using the radare2 snap package

radare2 is a tool for reverse-engineering software. It is quite versatile, and can deal either with binary files of executable code, or even attach to a running process.

Packaging (making available an installation package for end-users) is always an issue, especially when the software gets updated often. There is in the works a snap package for radare2, and in this post we see how to use it. The package is currently in beta, and when it gets out of beta, come back here for updated usage instructions.

Inspecting the radare2 snap package

Use the snap info radare2 to inspect the radare2 snap package. There is a snap package in the edge channel, for radare2 4.5.0. It is at 15MB and can be used with the special devmode (developer mode). devmode is important at this stage because radare2 does all sort of things to running binaries; and devmode disables most security protections over the snap package. That is, with devmode, we allow radare2 to have almost full access to our computer in order to perform its magic. 

$ snap info radare2
name:      radare2
summary:   UNIX-like reverse engineering framework and command-line toolset
publisher: XVilka
store-url: https://snapcraft.io/radare2
contact:   anton....
license:   LGPL-3.0+
description: |
  Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a  disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processors and operating systems. Apart from the static analysis feature it also supports debugging and emulation. The architecture of the framework is modular and allows to use existing or create new plugins for new file formats, architectures, analysis features.
snap-id: f4y9TBadauYSgKehljM7KYsS4mThZ17Y
channels:
  latest/stable:    –                           
  latest/candidate: –                           
  latest/beta:      –                           
  latest/edge:      4.5.0 2020-08-05 (109) 15MB devmode

Installing the radare2 snap package

radare2 is also available as a snap package and can be installed on a system that supports snap packages. See Installing snapd to setup your system to support snap packages.

Status of snap package support

Currently, radare2 is available as an edge snap package that works in devmode security confinement (developer mode). Refer back to this section for updated instructions when radare2 is out of edge/devmode.

Currently, you need to prepend radare2. to each command you want to run. For example, use radare2.rabin2 to run rabin2.

Snap packages that work in devmode security confinement do not appear in search results, when you search for them in the Snap Store. To find information about this snap package, run snap info radare2. See the section below on this.

Installing radare2

This command installs the radare2 snap package from the edge channel, using the devmode (developer mode) security confinement type. The devmode security confinement disables any restrictions that are applied to typical snap packages. devmode makes a package to work quite similarly to APT and RPM packages.

$ sudo snap install radare2 --channel=edge --devmode

Running commands

Currently, the radare2 commands can be invoked with the following names:

  • radare2 or radare2.radare2: The r2/radare2 command.
  • radare2.r2pm : The r2pm command.
  • radare2.r2agent : The r2agent command.
  • radare2.rafind2 : The rafind2 command.
  • radare2.rahash2 : The rahash2 command.
  • radare2.rasm2 : The rasm2 command.
  • radare2.rabin2 : The rabin2 command.
  • radare2.radiff2 : The radiff2 command.
  • radare2.ragg2 : The ragg2 command.
  • radare2.rarun2 : The rarun2 command.
  • radare2.rax2 : The rax2 command.
  • radare2.rasign2 : The rasign2 command.

Getting info about the radare2 snap package

Run the following command to get info about the radare2 snap package. You can see the list of available commands and how to invoke them. There are packages in the beta and edge channels, currently with radare2 4.5.0. The build number in this example is 5, and is an ascending number that characterises each new build. We have installed radare 4.5.0 from build 5, using the devmode security confinement. We are tracking the edge channel. Since the installed build number is the same as the build number in the channel that we are tracking, we are already running the latest available version.

$ snap info radare2
...
description: |
  Radare2 (also known as r2) is a complete framework for reverse-engineering 
  and analyzing binaries; composed of a set of small utilities 
  that can be used together or independently from the command line. 
  Built around a disassembler for computer software which generates 
  assembly language source code from machine-executable code, 
  it supports a variety of executable formats for different processors 
  and operating systems.

commands:
  - radare2.r2agent
  - radare2.r2pm
  - radare2.rabin2
  - radare2.radare2
  - radare2.radiff2
  - radare2.rafind2
  - radare2.ragg2
  - radare2.rahash2
  - radare2.rarun2
  - radare2.rasign2
  - radare2.rasm2
  - radare2.rax2
snap-id:      ceuTRkmV5T8oTHt2psXxLRma25xfBrfS
tracking:     latest/edge
refresh-date: today at 12:51 EEST
channels:
  latest/stable:    –
  latest/candidate: –
  latest/beta:      –
  latest/edge:      4.5.0 2020-07-23 (5) 15MB devmode
installed:          4.5.0            (5) 15MB devmode

Updating radare2

The snap packages that are installed in devmode are not updated automatically. You can update manually:

$ sudo snap refresh radare2

See the section above on how to get info about the radare2 snap package and how to determine whether there is an updated version available.

Uninstalling radare2

Run the following command to uninstall the snap package of radare2:

$ sudo snap remove radare2

Supported architectures

The radare2 snap package is currently available for the following architectures:

  1. amd64
  2. i386
  3. arm64
  4. armhf
  5. ppc64el
  6. s390x

Troubleshooting

  • error: snap “radare2” is not available on stable: When installing the snap package of radare2, you currently need to specify the edge channel. Append --channel=edge on the installation command line.
  • error: The publisher of snap “radare2” has indicated that they do not consider this revision to be of production quality: When installing the snap package of radare2, you currently need to specify the devmode confinement. Append --devmode on the installation command line.
  • How can I download the snap package for offline use?: Use the command snap download radare2 --channel=edge. You can then run sudo snap install to install the .snap package that was just downloaded.
  • Do I need to use “sudo” with snap commands?: You need to prepend sudo when you run most snap commands that perform privileged actions. However, if you log in into the Snap Store using sudo snap login, then you do not need anymore to prepend sudo.
  • radare2 cannot open a file in /tmp?!?!? Why?: Snap packages, even those running in devmode, get to have their own private tmp directory. In the case of radare2, this tmp directory is /tmp/snap.radare/tmp/. But within the radare2 application, any access to files in /tmp is redirected into access to /tmp/snap.radare/tmp/.

Permanent link to this article: https://blog.simos.info/using-the-radare2-snap-package/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.