Radare2: Open a sub-binary with r2pipe

Created on 14 Oct 2017  Â·  6Comments  Â·  Source: radareorg/radare2

I'm using r2pipe with Swift and would like to open the arm64 sub-binary of a fat binary (armv7, armv7s, arm64).

As described here I should specify:
-a arm -b 64

First of all when using r2 from the command line with r2 -a arm -b 64 *fileName* will give me these warnings:

WARNING: bin_strings buffer is too big (0xffffffffffde6290). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffdafc19). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
... [more of them] ...
WARNING: bin_strings buffer is too big (0xffffffffffd23a98). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)

(1) _Why is that? And what should I do about it? Adding -zzz to the arguments doesn't remove the warnings._

Second, what my real question is:
(2) _How can I specify -a arm -b 64 with r2pipe?_ The only available function is r_core_cmd_str, but with it I cannot specify arguments. I can only execute commands.

(3) _Or is there a command to load a different sub-binary, while the file is already loaded?_

This could be related to https://github.com/radare/radare2/issues/931, because how can you load the armv7 or armv7s sub-binary, when -a arm -b 32 applies to both?

RBin r2pipe rabin2

Most helpful comment

i've fixed r2, and now the 'o' command honors asm.arch and asm.bits if the file u are opening is a fat one. so you dont need to do that change in r2pipe.swift unless you really want

All 6 comments

Thats because the section containing strings is too big and it warns u instead of spending 1h scanning that region. Use -e anal.strings=true or just open with -z or increase that limit

On 14 Oct 2017, at 22:52, Daniel notifications@github.com wrote:

I'm using r2pipe with Swift and would like to open the arm64 sub-binary of a fat binary (armv7, armv7s, arm64).

As described here I should specify:
-a arm -b 64

First of all when using r2 from the command line with r2 -a arm -b 64 fileName will give me these warnings:

WARNING: bin_strings buffer is too big (0xffffffffffde6290). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffdafc19). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
... [more of them] ...
WARNING: bin_strings buffer is too big (0xffffffffffd23a98). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
(1) Why is that? And what should I do about it? Adding -zzz to the arguments doesn't remove the warnings.

Second, what my real question is:
(2) How can I specify these arguments with r2pipe? The only available function is r_core_cmd_str, but with it I cannot specify arguments. I can only execute commands.

(3) Or is there a command to load a different sub-binary, while the file is already loaded?

This could be related to #931, because how can you load the armv7 or armv7s sub-binary, when -a arm -b 32 applies to both?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

I extracted the arm64 sub-binary with lipo -thin arm64 fatBin -o subBin.
When I open it with r2, I won't get the warnings. I also don't get the warnings, when opening the fat binary. Only when using -a arm -b 64.

Do you have an answer for question (2) and (3)?

you can do the same with rabin2 -x

On 17 Oct 2017, at 16:38, Daniel notifications@github.com wrote:

I extracted the arm64 sub-binary with lipo -thin arm64 fatBin -o subBin.
When I open it with r2, I won't get the warnings. I also don't get the warnings, when opening the fat binary. Only when using -a arm -b 64.

Do you have an answer for question (2) and (3)?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/8687#issuecomment-337251836, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lvobV4aC-lrr5GIOsdANacfudgbAks5stLvegaJpZM4P5hjl.

yes, fatbins are sometimes problematic , we fixed several times that issue but now we are working on a proper refactoring of rbin to handle that stuff.

about r2pipe.. that depends on the backend, that will only work in spawn mode, and you should be able to pass arguments to that spawned process. but this parameter is not supported in the swift api yet. you can fix that and send a pr if you want. it works in python and node bindings for example. just add an optional argument array of strings.

no, there's no command to load a specific sub-bin, thats handled by radare2.c not by core, adding a command for that should be easy, but its not done yet. if you wanna collaborate on that there's a pad, a telegram channel and a bunch of related issues to talk about that rbin refactoring

i've fixed r2, and now the 'o' command honors asm.arch and asm.bits if the file u are opening is a fat one. so you dont need to do that change in r2pipe.swift unless you really want

ive fixed this issue, strings are found, but the vaddr is still wrong

On 15 Oct 2017, at 10:09, Pancake Nopcode pancake@nopcode.org wrote:

Thats because the section containing strings is too big and it warns u instead of spending 1h scanning that region. Use -e anal.strings=true or just open with -z or increase that limit

On 14 Oct 2017, at 22:52, Daniel <[email protected] notifications@github.com> wrote:

I'm using r2pipe with Swift and would like to open the arm64 sub-binary of a fat binary (armv7, armv7s, arm64).

As described here http://radare.today/posts/loading-ios-binaries/ I should specify:
-a arm -b 64

First of all when using r2 from the command line with r2 -a arm -b 64 fileName will give me these warnings:

WARNING: bin_strings buffer is too big (0xffffffffffde6290). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffdafc19). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
... [more of them] ...
WARNING: bin_strings buffer is too big (0xffffffffffd23a98). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
(1) Why is that? And what should I do about it? Adding -zzz to the arguments doesn't remove the warnings.

Second, what my real question is:
(2) How can I specify these arguments with r2pipe? The only available function is r_core_cmd_str, but with it I cannot specify arguments. I can only execute commands.

(3) Or is there a command to load a different sub-binary, while the file is already loaded?

This could be related to #931 https://github.com/radare/radare2/issues/931, because how can you load the armv7 or armv7s sub-binary, when -a arm -b 32 applies to both?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/8687, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lpr1wZydLh8NAgY9dFkbyCF0e8Chks5ssR8CgaJpZM4P5hjl.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

radare picture radare  Â·  8Comments

YugoCode picture YugoCode  Â·  6Comments

YugoCode picture YugoCode  Â·  3Comments

MariasStory picture MariasStory  Â·  6Comments

ret2libc picture ret2libc  Â·  6Comments