5.9.0 - Codename "Hyperborean"

Release Notes

Version: 5.9.0
Previous: 5.8.8
Commits: 1316
Contributors: 65

curl -Ls https://github.com/radareorg/radare2/releases/download/5.9.0/radare2-5.9.0.tar.xz | tar xJv
radare2-5.9.0/sys/install.sh

Highlights

More details

Authors

ApkUnpacker Armin Weihbold Armin Weihbold Azox Begasus Chiller Dragon Dennis Goodlett Dennis Goodlett Dirk Eibach Dāvis Mosāns Erik Griese Francesco Tamagni François Revol GravisZro Hertatijanto Hartono Kacper Słomiński Lars Haukli Lazula Luc Tielen Luc Tielen Luc Tielen Madghostek Mewt R MewtR Michael Ortmann Murphy Nathan Nikolaos Chatzikonstantinou Omvpatil Pau RE Pikachu Rami ReWithMe Richard Patel RoboSchmied Sergi Àlvarez i Capilla Sylvain Pelissier Sándor Oroszi Tony O Tronciu Vlad Vasilyy Yiheng Cao Yuvraj Saxena aemmitt-ns ashamedbit astralia condret dvertx gogolovefish junchao-loongson kyufie lasek0 meme micronn neo-one0873 overmyerD pancake pancake phix33 ripatel-fd solid-snail syheliel toni yep zengwei2000

Changes

abi

• Use RPluginMeta in RCryptoPlugin
• Use RPluginMeta in RFS
• Remove dead code
• Initial deprecation of the current RAnalPlugin
• Refactor show flags into single showMode bitset
• Change return type for r_bin_dwarf_parse_aranges
• Update signature of patch_relocs callback
• Make r_cons_grep_expression public, rm r_cons_grep_process
• Rename r_str_next_split -> r_str_tok_next; make public
• Remove grep for 570 (all fixed), update older R2_580 to 590
• Rename REsil.address -> .addr for consistency
• Remove several R2_590 ifdefs
• RArch now depends on REsil
• Use RPluginMeta in RArchPlugin

anal

• Fix #22552 - Fix variable access direction for arm64 store instruction
• Fix aac bug caused by anal.in on binaries with sections
• Add anfl command and anal.slow to bring back the old autoname functionality
• Improve sigdb file format detection
• Run .afna@@c:afla in aaaaa
• Implement afba like afla but for basic blocks
• Implement afla command to list function in the inverse call dependency order
• Parse len argument in aaex
• Initial support for xref sizes
• Use base64 in "ax," and also show ref size column
• Implement axt, - for table listing xrefs
• Implement axtf - list function xrefs
• Improve aan/afna/afns add json and use emulation
• Permit partial block reads on analsearch loops
• Remove noisy log message in aap
• Add scr.analbar config var to have progressbar without scr.demo
• Fix ap command using real fcn prelude info from arch plugin
• Implement aax command to make a function on each CALL xref
• Implement aaex command, like aae, but does not analyze any function
• Fix /rc, document argument handling and add test
• Improve JSON output for the afsvj command
• Implement afsvj command
• Implement afs- to delete a function signature
• Implement r_anal_function_del_signature
• Consider null bytes as invalid instructions too
• Support 'aaa' in frida:// targets
• Initial backtrace API and commands (abt)
• Another improvement for aaaa
• Take invalid instructions in consideration for the bitfield decoding
• Implement aobv command for visual instruction decoding
• Show function colors in afl
• Plant the seed for the tlocal bool in RAnalOp
• Fix warning in aar when checking icod refs on unallocated memory
• Implement CL+ and CLf, show info in afi/afij
• Dont fall into calls surrounded by traps
• Better (more verbose) output for aaaaa
• Add Cb - bind metadata type to draw reflines for data pointers
• Add progressbar in 'aaa' when scr.demo is set
• Show bb->esil in ab and abj
• Add 'afbd' to emulate bb regstates in the correct order
• Add RAnalBlock.esil and abe command to manipulate it
• Initial support for D calling convention
• Add r_anal_function_get_graph
• Add two missing log lines for aaa
• Implement more swapped conditionals support in type propagation
• Refactor aaft to use less allocations for buffer
• Sort blocks only once in aaft
• Reuse more allocated memory during aaft
• Add test for a bug spotted in the aac command
• Cleanup rebasing refs during oo
• Add r_anal_xrefs_has_xrefs_at function
• Remove duplicate xrefs delete function
• R_API function to count xrefs at a specific address
• Cleanup xrefs code
• Optimize xrefs using swisstable
• Reimplement the a2f core plugin into an analysis one
• Analyze methods after parsing the C++ vtables
• Fix #22100 - Dont compute disp refs when ptr is set
• Honor anal.jmp.ref in aar
• Compute depth and save it in the bb
• Save a bit of memory in xrefs implementation
• Fix timeout and move possible slow test
• Skipping empty blocks is now a warning
• Show color field in the afbj output
• Accept asm.bits=16/asm.os=android for syscalls + tests
• Reduce false positives when scanning for syscalls on thumb code
• Honor codealign, speedup syscall search emulation
• Add anal.imports to analyze them early in aa
• Honor RArchInfo.codealign in aar
• Honor 'rsym.' flag prefix
• Implement the abc- command to unset a bb color
• Minor optimization in r_anal_block_op_starts_at
• Use r_anal_ref_typemask() to sanitize xref types and update tests
• Add and use the new Indirect Code XREF type to improve code coverage
• Add the new r_anal_data_type() for better data type detection
• Smol ref->type masked improvements
• Add more function preludes for arm32
• Fix some missing xrefs in /re $$
• Handle 'asm.os=android' syscall as an alias for 'linux'
• More verbose and clearer output for abl
• Add RAnalFunction.traceCoverage() api and info in afi/afl/abi/..
• Minor bugfix/improvement when ninstr == 0
• Dont show function diff info when not diffing
• Don't add more instructions than the ones we can handle in the basic blocks
• Faster RAnal.bbTrace()
• Add afix subcommand to list function info + xrefs
• Add all-xrefs listings in 'afi' and 'afij'
• Optimize: reg 32 <-> 64 conversion iterates over gpr only
• Optimize anal.roregs
• anal.gp also sets the reg value
• Do not accept invalid xrefs (-1 <-> -1)
• anal.strings does not disable bin.strings
• RAnalValue no longer refs an RRegItem

analysis

• Fix #22552 - Fix variable access direction for arm64 store instruction
• Fix aac bug caused by anal.in on binaries with sections
• Add anfl command and anal.slow to bring back the old autoname functionality
• Run .afna@@c:afla in aaaaa
• Implement afba like afla but for basic blocks
• Implement afla command to list function in the inverse call dependency order
• Parse len argument in aaex
• Initial support for xref sizes
• Use base64 in "ax," and also show ref size column
• Implement axt, - for table listing xrefs
• Implement axtf - list function xrefs
• Improve aan/afna/afns add json and use emulation
• Permit partial block reads on analsearch loops
• Remove noisy log message in aap
• Add scr.analbar config var to have progressbar without scr.demo
• Fix ap command using real fcn prelude info from arch plugin
• Implement aax command to make a function on each CALL xref
• Implement aaex command, like aae, but does not analyze any function
• Fix /rc, document argument handling and add test
• Improve JSON output for the afsvj command
• Implement afsvj comma...

5.8.8

Release Notes

Version: 5.8.8
Previous: 5.8.6
Commits: 192
Contributors: 11

curl -Ls https://github.com/radareorg/radare2/releases/download/5.8.8/radare2-5.8.8.tar.xz | tar xJv
radare2-5.8.8/sys/install.sh

Highlights

More details

Authors

Dennis Goodlett Dennis Goodlett Hertatijanto Hartono Luc Tielen Luc Tielen Murphy condret pancake pancake phix33 rgc

Changes

anal

• Small improvement on tail call detection
• Check for noret destinations in afbr listings
• Consider zero pages as invalid code
• Dont enable debug tracing from type propagation
• Implement ahb-* missing command
• Make macos/ios targets inherit types from darwin
• Fix aod command for pickle arch

analysis

• Small improvement on tail call detection
• Check for noret destinations in afbr listings
• Consider zero pages as invalid code
• Dont enable debug tracing from type propagation
• Implement ahb-* missing command

arch

• Improve tricore.cs handling jumps/rets/movs/
• Fix ESIL MIPS64 NOR instruction
• Migrate java plugin
• Migrate i8080 with full refactor
• Fix max asm len in pickle
• Fix cs4 build of the sh arch plugin
• Honor endianness without messing with capstone initialization in ppc.cs
• Remove global state in ppc_cs plugin
• Migrate ppc_cs plugin
• Update to the latest capstone for new sh and tricore
• Remove global state in v850 plugin
• Remove global state from loongarch dis
• Remove globals/duplicate code in riscv plugin
• Remove global state in lua5.3 plugin
• Remove global state from 6502_cs plugin
• Remove global state from xtensa plugin
• Cleanup global state in riscv plugin
• Remove thread local state from m68k_cs plugin
• Remove global state in loongarch plugin
• Refactor z80 plugin to not have global state
• Migrate sparc_cs plugin
• Add more call level registers for i4004
• Dont abuse asm.bits in bin.pyc and honor asm.cpu
• Add support for 4bit registers
• Initial support for the Sharp SM5xx MCUs

asm

• Improve adrp instruction assembler and add more tests

bin

• Warn on unresolved symbols/relocs in ELF and better handle -1 addresses
• Parse more CodeSignature fields for mach0
• Parse CodeSignatureDirectory entries for mach0
• Faster Css using the api instead of Cz with tmpseek
• Use Css in ELF (instead of section.has_strings) to avoid flags
• Apply section formats in a second iteration
• Fix #21823 - tag static elfs as non libinjectables
• Fix #19964 - show relro:no even if no dyn section is found
• Add support for even more elf reloc types
• Add support for more elf reloc types
• Refactor elf get_import_addr checks
• Fix #21715 - Add baddr to the class info from DEX
• Add missing flags for the internal ELF symbol relocactions
• Check for PT_LOAD segments before fully reading elf phdr
• Iterate over vector i.s.o. list in elf entries
• Speed up loading of elf relocs
• Refactor even more parts of elf loader
• Refactor more of elf loader
• Refactor more elf loader code
• Use main=-1 instead of 0 before finding the symbol in mach0
• Handling ELF symbols with no name
• Refactor more functions in elf loader
• Refactorings for elf loader
• Add RBinInfo.libinjprot field for mach0 at least
• Infer asm.os from platform's LC_BUILD_VERSION
• Improve performance when loading mach0 classes
• Implement basic pdp11 binary parser and a bit better disasm
• Add support for more ELF SPARC relocs
• Implement ELF relocs for SPARC and MIPS and avoid duplicates

build

• Update and improve r2docker as well as publish the new image into the hub
• Add r2pm build-arg to the r2docker with r2frida,r2ghidra,r2dec packages
• Install r2frida and use /usr as prefix for r2docker
• Apply fixes from the Termux package and update acr
• Add wasm to the default meson builds

ci

• apt-get update before install in the syslibs job

cons

• Faster ~? rcons filtering
• Improve the twilight theme
• Fix #21772 - Ensure RCons.raw after reading from user in ~/
• Early return on RCons.flush() when nothing to do
• Detect too large input strings in RCons.prompt
• Fix RCons.readCharTimeout()
• Remove globals from 2048
• Remove global state in stiv
• Fix ::pd and ::? glitch with (null) colors

core

• Make fortune file selection random
• Make all the RCoreCmdStr functions R_MUSTUSE its return
• Refactor global state in vslides

crash

• Fix UAF in 8051 analysis on fuzzed code
• Fix out-of-memory allocation on a fuzzed plan9 binary
• Fix oob write in dyldcache accel loading
• Store the vector index instead of a weak pointer for the ELF
• Prevent an oobread in the lua bin parser
• Fix UAF read in the LUA bin parser
• Fix UAF in RNumCalc

debug

• Fix reading and parsing /proc/pid/maps from remote gdb on android
• Fix #21813 - parsing reg profiles from android-gdbserver
• Don't run dmh on macOS when not debugging
• Fix null deref in get_base_from_maps
• Add initial debug heap support for macOS
• Initial import of the rv32ima debug plugin

disasm

• Implement asm.cmt.token to choose the comment prefix token
• Fix '*' cursor mark on some addresses
• Implement hint color for nicer disasm comments
• Implement asm.offset.focus to show addrs ofs interest
• Add ahi36 and asm.offset.base36=true
• Implement asm.bytes.asbits to display instruction bits in binary

egg

• Initial support for arm64 eggs

esil

• Fix null derefs and memleaks in {esil,debug}traces
• Improvements in the visual esil debugger and documentation

graph

• Set terminal in raw mode before entering visual graph mode

io

• Remove meaningless optimization leftover in io.cache
• Fix and prevent null assert on RIODesc fixing zip0://
• Fix hypothetical arbitrary code execution vuln in r_io

lang

• Implement RLangPlugin.init for Go,Rust,Typescript and Zig
• Make RLangPlugin.init() actually define if can be instantiated
• Fix RCons.noflush issue when using '-i foo.c'
• Improve r2js module loading, honoring relatve and absolute paths
• Update r2papi.ts 0.1.1
• Support relative module resolution in qjs
• Fix alias marker parser in the qjs loader
• Handle .r2.js file extension

main

• Move .inc files to .inc.c for editor support
• Remove global state and fix memory leak in rabin2

print

• Fix invalid json on 'pfj x[1]z'
• Fix assert on null deref with the 'pf E' command
• Let 'pxr' follow tagged pointers

qjs

• Handle multiple ../ imports

r2pm

• Implement r2pm -t for timeless packages
• Fix r2pm when launching it from a deleted working directory

search

• Implement Css (section string scan) and Csz (same as Cz)
• String search no longer requires a keyword

shell

• Show log.level=? help message
• Merge all R*2_NOPLUGINS as R2_NOPLUGINS
• Ship and use our own manpage reader
• Implement man command for launching "man pages"
• Autocomplete -i command
• Fix help message for idp?
• Show capstone version in r2 -v
• Show build system used (meson|make) in r2 -v
• r2pm search is case insensitive
• Fix the r2p tool and add a test
• Fix help for ?:? and show its links with =!

shlr

• Fix undefined behavior when reading java uints

tests

• Implement r2r -g to run the tests associated with the files changed

tools

• Implement rax2 -rS and update manpage

util

• Add support for base36 numbers
• Remove global state in time.c

visual

• Visual ESIL debugger improvements
• Improve and simplify Vv ascii art, and make it available from panels
• Call more setraw() to fix a recent visual regression
• Improve interactive config and color editors

windows

• Fix stty windows warning

5.8.6

Release Notes

Version: 5.8.6
Previous: 5.8.4
Commits: 295
Contributors: 23

Highlights

More details

Authors

AlexanderKucherov CorruptedVor Francesco Tamagni Hripsimee Ildar Ildar Sadykov Leopold Luc Tielen Luc Tielen Mewt R MewtR R Sylvain Pelissier Yedidyah Bar David Yuvraj Saxena Zhipeng Xue echel0n pancake pancake rgc semgrep.dev on behalf of @trufae theNKCode tsunekoh

Changes

anal

• Handle 'int 0x20' as eob on x86-16 (assume DOS)
• Fix null deref in arm32 calling conventions via 'aaef'
• Handle more noreturn functions
• RAnal.cur can be now set to NULL
• Fix aae logic for mem read xrefs
• Fix #21576 - Function stack frame size in case of FP register in a Thumb's PUSH
• Improved instruction mask using the new aobm and anal.mask
• Support big endian value search analysis (aav)
• Fix null deref in signatures when using corrupted analysis info
• Hide meaningless AnalOp fields in ao/aoj

analysis

• Handle 'int 0x20' as eob on x86-16 (assume DOS)
• Fix null deref in arm32 calling conventions via 'aaef'
• Handle more noreturn functions

api

• Deprecate r_str_cmp()
• Rename R_CONST to R_TAG and add unit tests for them

arch

• Migrate tms320 plugin
• Cleanup global state in mips gnu plugin
• Migrate mips gnu plugin
• Migrate chip8
• Handle the arch.decode default size and mnemonic on failure
• Migrate xcore plugin
• Migrate m68k_cs plugin
• Migrate 6502_cs plugin
• Migrate m68k_cs plugin
• Refactor global state in loongarch plugin
• Migrate loongarch plugin
• Handle RArch.getRegProfile() from RAnal.setRegProfile
• Fix the wrong plugin used after failed arch.encoding
• Rename arch.arm plugin 'arch.arm.nz'
• Use plugin name instead of arch name to fallback
• Propagate endian settings
• Honor RArch.setBits via RAnal.setBits
• Support fatmachos with slices using arch plugins
• Improve automatch plugin with encoder support
• Resolve ${arch}.nz as fallback when finding an assembler peer
• Remove '#' sign before immediates in the snes9x disassembler
• Fix 1 byte oobread in the wasm disassembler
• Migrate s390.cs and fix the abidiff suppression rules
• Migrate the ppc.gnu plugin
• Migrate m68k_gnu plugin
• Improve the riscv analysis
• • Fix esil emulation for riscv's jr/li/mv
• Migrate S390 GNU plugin
• Dont use strtok in the riscv plugin
• Migrate the hppa.gnu
• Migrate the sparc.gnu plugin
• Improve brainfuck VM using ESIL and arch restrictions
• Migrate the brainfuck
• Remove unneeded line in meson build after plugin migration
• Migrate h8300 plugin
• Migrate the pyc plugin
• Migrate msp430 plugin
• Fix archinfo for v810
• Add wip archinfo and wip regs and make mcs96 an arch plugin
• Migrate ebc plugin
• Migrate lh5801 plugin + add missing regprofile
• Migrate the pdp11 plugin
• Migrate arc
• Expose the value of arm's ADD in op.val
• Implement wao nop for riscv
• Migrate arm.v35

asm

• Implement 'call [rip+X]' for x86.nz and add tests
• Fix UB in signed type shift left on arm64 assembler
• Fix tb instruction for ARM assembler

bin

• Fix double free in elf loader
• Fix memory leak in mach0 relocs
• Fix memory leak in xtr fatmach0 metadata
• Fix memory leak in elf loader
• Fix compile warnings for elf loader
• Improve handling of nindirectsyms for corrupt macho binaries
• Fix crash due to int overflow loading mach0
• Refactor / improve loading of ELF symbols + imports
• Shorten path on invalid fatmachos fixing a recent null precondition check
• Better use of preconditions and r_log in fatmach0
• Refactor loading of elf fields
• Refactor loading of elf libs
• Refactor elf loading of relocs
• Refactor even more loading of elf sections
• Refactor elf loading of sections
• Refactor mach0 loading of relocs
• Silent warning on empty dwarf blocks
• Unused var had a meaning in the xnu kernelcache parser
• Refactor loading of mach0 sections
• Conditionally parse mach0 start symbols
• Fix bug wrongly casting dyld/kernelcache to mach0
• Remove code, port dyld + kernel cache to new API
• Fix UAF in the p9 parser
• Refactor loading of mach0 symbols
• Refactor loading of mach0 libraries
• Implement review remarks for mach0 import parsing
• Refactor mach0 loading of imports
• Refactor string comparisons in macho parser
• Add demangled column in the symbol listing
• Add LC_AOT_METADATA parsing support for mach0
• Reuse recusion in c++ demangling with lower bounds
• Fix some oobread bugs in the ELF parser
• Initial steps to support column details in dbginfo
• Optimize dwarf parser reducing getsection for strp
• Remove global in the DWARF parser
• More ELF cleanups on the symbol allocation logic
• Minor cleanup in the ELF parser
• Fix Mach-O symbol parsing in dyldcache
• Blind ELF fixes
• ZeroPad addresses in iSq and iSSq

build

• Fix some -fvisibility=hidden issues
• Fix meson -Dnogpl=true compilation
• Update to the latest wasi-sdk-20
• Fix R_SYS_ARCH name for native s390x
• Fix r2r build when doing static linking
• Fix SocketNotificationRetrieveEvents already defined issue
• Make sys/sanitize be aware of the memory sanitize check
• Fix #21375 also for linux-arm-64.sdb syscalls with meson
• getcpu is reserved by linux's sched.h
• meson support for smallz4, relates to #19849
• Use Smallz4 instead of liblz4 which is optional

ci

• Add crosscompiled arm64 debian builds
• Add arm64, riscv64 and s390x qemu builds
• Move the tarball distribution code into dist/tarball

cons

• Fix #17194 - Fix 'e scr.pager=..' to set the internal pager
• Add greepy color theme (green + pink + white) glitch-style
• Add support for ""ec in theme files

core

• Fixes the bfbug losing arch setup after o malloc

crash

• Fix double-free in r2pm when no python bin in path
• Fix oobread in /v
• Fix 2byte oobread in /a subcommands
• Fix null deref on null :: command via fuzzing
• Fix null deref on fuzzed thready command execution
• Fix null deref in unaligned arm thumb instruction via /ad
• Fix oom bugs in the XTAC parser
• Fix large memory allocations on corrupted LE binaries
• Fix infinite loop in the GNU C++ demangler
• Track recursivity calls in the HFS parser to prevent stack exhaution
• Fix oobread bug in asn1/pkcs7 parser
• Fix uninitialized field accesses on corrupted DEX
• Fix UB with uninitialized read in dwarf parser
• Fix infinite loading time in minidump file
• Fix unaligned pointer access in sha256
• Fix division by zero in the HFS parser
• Fix oobread segfault in the grub's HFS parser
• Fix ininite loop in the ext2 grub code (DDoS)
• Fix 8 byte oobread on pkcs7 parser
• Fix UAF in the dwarf parser
• Fix non-null-terminated string in dwarf
• Fix null deref in the dyldcache
• Fix oobread in swift field parser
• Fix 4 byte oobread in objc analysis on 32bit binaries
• Fix oobread in dwarf parser
• Fix oobread crash in the visual bit pixel editor
• Another dwarf null deref
• Fix oobread in the xcoff64 parser
• Fix an 1byte oobread in the pyc plugin
• Avoid large allocation in the elf parser
• Check for null pointers in uleb and dwarf
• Fix oobread in omu command
• Fix large allocation bug in the elf version parser
• Fix null derefs in the dwarf parser
• Fix oobread in the msvc demangler

dalvik

• Fix two UB bugs doing left-shift on signed type

debug

• Warn the user when using dd/dm/di without a child
• Fix 64bit column register listing glitch
• Allow 'dcu main' even if there's a 'db main' already set
• Implement dtj command to list debug traces in JSON format
• Fix null deref in dtd when the process is dead
• Fix status register in the regprofile for darwin-arm64
• Dont display the cpu flags if the arch doesn't support them
• Adjust bpcount and use typedefs instead of structs in bps
• Define RISCV breakpoint instructions
• Native debugger for OpenBSD and NetBSD on arm64
• Add cmd.step config var to run a command after every debugger step
• Partial fixes for better register profile and arch switching handling

diff

• Initial implementation of the 'cgfa' command

disasm

• Do not draw ref lines of invalid branches
• Fix asm.pseudo for arm64's stur instruction
• Implement pseudo for riscv's 'auipc' instruction
• Fix '\xff' strings issue in bsd-rv64/arm64

dwarf

• Implement parsing optimization for dwarf5
• Store column information in the addr2line database

esil

• Fix UB when shifting value too far left
• Fix bounds checks for ESIL and reg values
• Implement 128bit regstore esil emulation
• Dont emulate null instruction types, causing invalid analysis
• Fix #21564 - 128bit support via [16] and RReg for arm64
• Implement 'aoem' command to show memory refs via emulation
• Move the esil #! r2 command as an op instead of parse

fs

• Add test and fix oobread in the hfs parser

graph

• Improve color support in graphviz, still wip

hash

• Add elf hash planned for r2-5.9.0

io

• Fix #21705 - check r_io_plugin_add ...

5.8.4

Release Notes

Version: 5.8.4
Previous: 5.8.2
Commits: 277
Contributors: 29

Highlights

More details

Authors

Dennis Goodlett Dennis Goodlett Francesco Tamagni Jose Antonio Romero Jules Maselbas Jules Maselbas Koh M. Nakagawa Lazula Mewt R MewtR Mohamed Lemine Ould El-Hadj Murphy Murphy Murphy Pau Rodriguez-Estivill Richard Patel Siguza Sylvain Pelissier Sören Tempel Teutates Yaroslav Yuvraj Saxena Zhipeng Xue condret icy17 ksen-lin meme pancake

Changes

anal

• Support function arguments without a name
• Optimize RCore.analOp() lowers aa from 1m23 to 1m19
• Make aab even faster (39s -> 32s)
• Fix #21340 - fix list of callrefs in afij
• Add some recently seen x86-32 preludes
• New 'aarr' command to reanalize all function refs
• Add support for DUP in esil_dfg
• Add fake =SN for gb to fix the missing =SN warning
• Implement esil-dfg support for POP
• Initial implementation of the aob/aobj commands
• Do not override anal.calls user settings in aaa
• Use a visited check to speedup recursive reference analysis
• Invalid call from warning is now a debug message
• Handle missing LDURH on arm.v35
• Add refs column in aflt listing and fix refs&xrefs counting apis
• Remove duplicated code adding a string reference during analysis
• Set refptr for Xtensa l32r opcode for better disassembly output

api

• Introduce the new R_CONST macros

arch

• Migrate cr16
• Migrate cris from anal to
• Update to the latest capstone for SH and arm64 improvements
• Move the riscv.cs plugin
• Improve v850 esil support
• Move the pic
• Move the anal.tricore
• Improve the NIOS arch plugin with regs, archinfo and invalid
• Move and improve the anal.alpha
• Move Vax plugin from anal
• Add Inferno Dis VM
• Move the bpf plugins
• Move anal.lm32
• Move the z80 plugin
• Add support for all-bits-set registers needed for LANAI
• Move the lanai plugin
• Fix the type used for the fini callback in r_arch_plugin_t
• Move the mcs96 plugin
• Fix #21325 - Do not assert when instantiating empty plugins
• Convert kvx analysis plugin into arch
• Add esil support for satadd, satadd_imm5, satsub and satsubr v850 instruction
• Handle wasm control flow errors better
• Wasm accept br out of if/else
• Refactor wasm into arch
• Move xtensa into the
• Initial re-import of the LUA bin parser and disassembler from extras
• Move the ws plugin and annotate the plans for 5.9
• Move or1k into the arch
• Add evm.sdb.txt with description
• Add esil support for mulh reg, reg v850 instruction
• Move anal.evm.cs into arch.evm
• Rename evm.cs to evm
• Add esil support for v850 stb, sth and stw instruction
• Add esil support for v850 ldb, ldh and ldw instruction

asm

• Add more conditional branch instructions for the arm64 assembler
• Implement conditional branch instruction for the arm64 assembler
• Improve armass64 for tbz/tbnz to handle relative instructions

bin

• Report errors when failing to patch relocs in the internal buffer
• Implement qword to better display patched relocs in macho
• Fix #21451 - Support IDREF in cf_dict parsing
• Apply macho relocs on the swizzled buffer if bin.cache is not set
• Find libswiftCore and libswiftDemangle in linux paths too
• Fix wrong check in dyldcache rebase v2 logic
• Add new fuzz.bin2 program and fix integer overflow for XTAC
• Prevent an oom in the macho when corrupted fields are involved
• Fix infinite loop in the xtac parser
• Fix oom in the LE parser
• Fix ELF parser hang on malformed .plt.got header
• Fix sign warnings in the elf parser spotted by msvc
• Fix absolute path resolution for dwarf source files
• Remove globals from the MSVC demangler
• Blindfix for some msvc demangling characters
• Fix Dis fuzz failure
• Add missing S_INIT_FUNC_OFFSETS definition for macho
• Add Inferno Dis VM
• Improve checks parsing dyldcache headers
• Fix missing types and paddr/vaddr issue in ihj
• Fix double free in class method handling
• Update dyld shared cache parser
• Better header checks for the MSX plugin
• Some fixes for the bin.msx plugin
• Add support for the XTAC file format
• Add XCOFF64 support
• Refix another null deref after 586af3f
• Improve code quality in some RBin plugins (1/n)
• Fix null deref when no signature is found
• Minor improvements to elf parse
• Fix memory leak when parsing DW_FORM_line_strp
• Use correct compilation directory for binaries that use DWARF before version 5
• Fix heap overflow in the swift parser

build

• Add --with-new-io-cache configure and meson flags
• Use acr-2.1.0 new PKGCFG_DO to speedup pkg-config file generation
• Fix libdir and includedir in the pkgconfig templates with latest acr
• Fix #21375 - Generate .sdb files properly for syscalls with meson
• Fix #21332 - Add missing use_sys_openssl option for meson
• Fix #21287 - compilation with .c in path
• Clear SSL (C|LD)FLAGS if not willing to use SSL at all
• Fix 'no rule to make libcapstone.a' error
• Fix meson build with x86 option arch
• Check for linux/can.h at configure time
• meson: install rasign2.1 man page too
• Fixes for the offline tarball generation

ci

• Abidiff shouldnt check internal structs like the capstone ones
• Remove broken github counters and introduce the sys/counters.sh
• Add pkg-config for macos-test
• Add pkg-config for macOS via brew
• Upgrade to abidiff 2.2
• Remove LGTM, it's no longer available

cleanup

• Remove all char* casts in free

cons

• Fix scr.html when using bold attribute in scr.color=1

core

• Support R2_PREFIX env var to override compile-time PREFIX
• Use single quote instead of "" for RCore.call()
• Fix command injection bugs in patch scripts

crash

• Fix oob in we command
• Fix null deref in omr with no maps
• Fix null deref in fuzzed omt command
• Fix uaf in r_asm_op_get_hex
• Fix UAF in y-;q and assert with 0 size functions
• Fix uaf caused by RRegItem.free instead of .unref
• Fix oom in the nso parser
• Fix uaf in xtac and check for more vector allocation failures
• Fix unchecked vector allocation in wasm
• Fix oom spotted in the wasm bin parser and other stylish things
• Fix segfault when saving a project with no write perms in home
• Fix oobread in dwarf5 parser
• Fix #21363 - null deref in the wasm disassembler
• Fix use after free in RStr.replaceAll()
• Fix null deref in aeg command

debug

• Fix setting registers in linux/rv64
• Fix retrieving registers on Linux/RV64
• Fix #21329 - do not include the privileged registers from the gdb profile

disasm

• Dont try to resolve strings on call destinations
• Fix instruction colors when '0' is at the end
• Deprecate the asm.minicols config variable
• Truncate invalid strings in disasm

dwarf

• Add CLLf command as an alias for 'list' and fix @@i

esil

• Avoid >64 bit shift left on 128bit registers
• Implement esil for arm64's brk and clarify TRAP usage
• Simplify the ESIL for x86 shift instruction
• Better nullchk and reduce dereferences in esil

globals

• Remove 2 globals from arch.or1k
• Remove 1 global from arch.snes

io

• Initial implementation of the io-write-cache command

json

• iCj always renders valid json, fixing a warning in iaito

lang

• Run the pending jobs in the qjs repl and expose r2pipe module
• Add fake 'r2papi' module for r2frida-compile scripts
• Implement ESM module loader for the QJS runtime
• Initial support for r_arch plugins via qjs
• Add support for NIM scripting on top of the QJS engine

magic

• Add Inferno Dis

panels

• Move Stack into Debug menu, and add Register columns output

print

• Improve the pseudo-decompilation output for !x86 and inlined gotos
• Fix duplicated source lines in CLLf output
• Honor hex.offset + hex.header
• Initial support for custom bitmap images

projects

• Add Pz[ie] command to import/export project in zip format

r2pm

• Fix support for builddir-less packages
• mkdir home plugin directory
• Add R2PM_DIR directive needed for tarball/zip packages
• mkdir(R2PM_BINDIR) before pkg install, so packages dont have to mkdir

search

• Magic depth starts at 0 now
• Remove global magic depth
• Honor esil.* options in RAnal.search
• Improve syscall detection in /as
• Fix #21339 - Fix syscall search when executed twice

shell

• Fix help message when write fails (omp -> omf)
• Fix #21380 - Refer to "? in /R for escaping chars
• Correctly align r_core_cmd_help_match output in inexact mode
• Update help message for ""? for ""@""
• Drastically reduce eUsage count...

5.8.2 - codename "Jonesy"

Release Notes

Version: 5.8.2
Previous: 5.8.0
Commits: 172
Contributors: 17

Highlights

More details

Authors

0x8ff Apkunpacker Dennis Goodlett Fraser Price Jules Maselbas MewtR Mohamed Lemine Ould El-Hadj Ole André Vadla Ravnås Richard Patel Sylvain Pelissier Vitaly Bogdanov condret kyufie meme nmeum pancake pancake

Changes

anal

• Honor the micromips codealign, add missing =SN and cc
• Set indirect code refs from load instructions
• Make r_anal_optype_{to,from}_string use the same optypes array
• Rework of the function merging
• Add Plan 9 calling conventions
• Basic blocks are not modified if not initialized
• Add test for gb srcs/dsts json and valtype
• Fix multiple typos in ios-syscalls.txt

analysis

• Make r_anal_optype_{to,from}_string use the same optypes array
• Rework of the function merging

api

• Make r_str_casecmp() null-proof to fix weird crash on windows
• Implement RCore.cmdCallAt() + minor improve internal cmd calls
• Fix RFile.path() when $PATH contains no colon

arch

• Add esil support for v850 ei and di instructions
• Add esil support for v850 reti instruction
• Add esil support for v850 stsr instruction
• Add esil support for v850 ldsr instruction
• Blindfix for a glitch in the v850 disassembler
• Simplify esil generation of v850 bcond instructions
• Add esil support for v850 setf instruction
• Improve v850 esil support and fix some related bugs
• Fix asm.cpu=? when using arch plugins
• Fix rasm2 -a mips{.gnu} -b16 -e -c micro -d '4fe5'
• Move mcore into the arch
• Support micromips on both gnu and capstone plugins
• Move anal.propeller
• Add micromips cpu for the mips.gnu plugin
• Move nios2 away from anal
• Register RArch plugins to be loaded dynamically

asm

• Implement .extern directive in rasm2, fix other directives
• Fix ARM assembler for blt, ble, cmn, tst, and teq instructions

bin

• Fix null deref assert in the TE parser
• Fix unnecessary memory exhaustion in the elf parser
• Fix allocation crash in bin.symbols
• Support elf-micromips auto detection
• DWARF5 line header parsing
• License Plan 9 code as MIT
• Add Plan 9 line number information
• Fix load address of arm64 kernel

build

• Do not depend on strcasecmp in libzip, build fail on Centos7
• Upgrade v35arm64 to fix non-c99 compilation
• Update to the latest tinycc in the CI
• Remove the need for ios-include.tar.gz
• Use an authorized API call for the abi job to increase the rate limit
• Remove condition on 'linux-static' job
• Integrate ABI diffing into CI scripts
• Add --with-ssl-crypto, rename --with-openssl to --with-ssl
• meson: Install various missing files
• Use fakeroot if available when packaging for debian

build,

• Integrate ABI diffing into CI scripts

ci

• Upgrade CodeQL actions from v1 to v2
• Update the SPEC file and build RPM packages in the CI
• • Update the SPEC file and build RPM packages in the CI

crash

• Fix infinite loop and null derefs when calling pd from pd in Cr
• Blindfix with a hack and a workaround to fix an UAF in Cr
• Fix an UAF in the visual bit editor
• Fix null deref segfault in Vd1
• Fix UAF in oc
• Fix null deref in io.bank

debug

• Fix #8992 - Apply command line settings before initializing debug plugin
• Add required A0 register into x86 register profile provided by GDB
• Use proper type for the XMM register inside profile recieved
• Implement dpt. command to print the current selected process

disasm

• Optimize RAnal.kind() as its called many times with a large buffer from pd
• Bring back and improve the Cr command

doc

• Reference abidiff's ci usage in doc/abi.md
• Reference doc/abi in DEVELOPERS

esil

• Fix emulation of the arm64 tst instruction

fs

• Improve json output for mlj - mountpoint type and delta

globals

• Remove global in util/lib and just use RLogLevel

indent

• Balance spacings in braces

js

• Add experimental r2.cmd0 and r2.call0 for qjs
• Enable stack overflow check when recursive calls
• Improve error messages in the qjs repl
• Rename qjs's dir function to dump
• Support loading/unloading multiple QJS plugins
• Update typescript compiler and move r2plugin into r2
• Fix undefined behaviour in quickjs when casting double to int64
• Fix #21205 - Missing object definition for aoj
• Fix undefined behaviour in double->int cast
• Extra checks and enforce the singleton core plugin
• Improve typescript entrypoint logic detection
• Initial support for javascript core plugins
• Upgrade r2papi-ts from 0.0.4 to 0.0.10
• Support typescript Main namespace and pass --allowJs

json

• Fix #21205 - Missing object definition for aoj

lang

• Initial implementation of lang.s assembly scripting
• R_TH_LOCAL two globals in RLang.c
• Reestructure lib dependencies, add lang.asm plugin

perf

• Massage the bottleneck that was making r2dec super slow
• Some more likely hints in RCore.cmd from valgrind

print

• Fix pA and pA? (/A was moved into /a)
• Implement pvp and wvp to print and write pointers
• Fix fortune message for #md5 and add ph: variant of "ph "

qjs

• Add QJS_NOABORT option to avoid aborts

r2pm

• Improvements for r2pm when getcwd is null
• Add R2PM_NEEDS and auto-install system build deps if possible
• Fix git check before cloning the repo
• Fix R2PM_DEPS first time issue
• Report better errors on first r2pm setup
• Initial experimental support for portable qjs packages

search

• Implement tire algorithm in

shell

• Fix assert in ph
• Initial skeleton integration with GNU/Poke
• Fix profiling RCore.cmdCall() via ?t""
• Add help message for the quote command "?
• Implement LAj and LAq commands to list arch plugins
• Implement uname -h, -m, -b, -j ...
• Handle unknown subcommands for t
• pdrj shouldnt be modifying the current seek
• Add -j command as an alias for js:
• Add the ability to run qjs scripts with r2 -je

slides:xa

• Improve r2slides with title, colors and 2 column mode

test

• Update libfuzz build instructions
• Add the dwarf fuzzer program
• Add some test for ARM assembler

tools

• Add R2_DEBUG_NOPAPI env var
• Show error when passing un-even hexpair to rasm2

visual

• Fix (null) regression in visual bit editor's disasm
• Handle JK in bit editor to move 8 bytes fwd/backward

vuln

• Fix ANSI Escape Sequence Injection vulns via DWARF

5.8.0

Release Notes

Version: 5.8.0
Previous: 5.7.8
Commits: 745
Contributors: 36

Highlights

More details

Authors

0x8ff Alex Bender Anton Kochkov Axel Iota DaKnig Dennis Goodlett Dennis Goodlett Ernest Deák (Tino) Francesco Tamagni HighW4y2H3ll Hors Lars Haukli Lazula Matthias MewtR Miles Liu Mohamed Lemine Ould El-Hadj Murphy Ole André Vadla Ravnås Paul B Mahol Peter Meerwald-Stadler Quentin Kaiser RHL120 Sylvain Pelissier Sylvain Pelissier TheAllSeeingOwl condret iTrooz_ meme pancake pancake rax2 rhl120 schrotthaufen schrotthaufen singurty

Changes

abi

• RAnalOp.srcs,dsts are not pointers

anal

• Working apt and add apl to list function preludes
• Rename axj to axlj, because axj is for jmp refs
• Introduce anal.tailcall.delta and use flags for better metrics
• Improve the tailcall detection logic
• Improve warning that only seems to happen when anal.nopskip is set
• Always show all the archinfo, even when not provided by the plug
• Dont show analysis progress on non-interactive shells
• Add esil.dfg.mapinfo and esil.dfg.maps config vars
• Some more improvements to esil_dfg
• Fix size returned from r_anal_op
• Fix warning in aflj when parsing vargarg signatures
• Add register computed const pointer support for esil dfg
• Add memory computed const pointer support for esil dfg
• Introduce R_ANAL_ESIL_DFG_TAG_{REG,MEM}
• Use treebuf io plugin as memory access backed for esil_dfg
• Fix pickle asm rejecting empty strings
• Do not recurse noreturn inspection when !addr or -1
• Generalize vector instruction types instead of following intel-specific
• Add /au to search for unknown destination jmp/call
• Add anal.noret and refactor anal.noret.refs
• Fix #20827 - Show srcs/dsts in aoj
• Fix aae argument parsing regression in and improve help
• Add support for stack-computed const pointers in esil_dfg
• Fix anal.a2f in aac
• Increase default anal.depth from 64 to 128
• Clarify which commands are used on each aaaa line
• Fix anal.depth usage when analyzing one basic block
• Loongarch analysis bug fixes (bl, race condition)
• Implement aflxv and aflx? commands
• Run /azq in aaaa
• Fix long1,long4 pickle opcodes
• Fix #20798 - Fix bx after add lr,pc,0 in arm32
• Fix null pointer in aflxj
• Implement aflxj
• Add noreturn column in afll
• Use RPVector in RAnalOp src/dst to support ldm/stm/simd
• Fix pickle arch thinking 0 is 64 bit
• Don't show the linearsize in the afl output
• Add anal.vars.newstack - configurable improved stack-relative var

analysis

• Working apt and add apl to list function preludes
• Rename axj to axlj, because axj is for jmp refs
• Introduce anal.tailcall.delta and use flags for better metrics
• Improve the tailcall detection logic
• Improve warning that only seems to happen when anal.nopskip is set
• Always show all the archinfo, even when not provided by the plug
• Dont show analysis progress on non-interactive shells
• Do not recurse noreturn inspection when !addr or -1
• Generalize vector instruction types instead of following intel-specific
• Add /au to search for unknown destination jmp/call
• Add anal.noret and refactor anal.noret.refs
• Fix #20827 - Show srcs/dsts in aoj
• Fix aae argument parsing regression in and improve help
• Fix anal.a2f in aac
• Increase default anal.depth from 64 to 128
• Clarify which commands are used on each aaaa line
• Loongarch analysis bug fixes (bl, race condition)
• Implement aflxv and aflx? commands
• Run /azq in aaaa
• Add noreturn column in afll
• Add anal.vars.newstack - configurable improved stack-relative var

api

• Make RReg refcounted
• Implement {ctz|clz}{32|64} RNum
• Define RPluginMeta and RPluginStatus
• Add new RCore.cmdCallf() helper function
• Merge RParse into RAsm
• Refactor RLang api to use the new design
• Fix null deref on wrong api usage for RCore.cmdStr
• Moving more logic between asm, arch, parse and anal
• RAnalEsil -> REsil api refactor
• Deprecate reil and sysarch defines
• More refactorings and api redesigns in r_arch
• Remove eprintf calls in favor of R_LOG
• Implement RReg.clone()
• Deprecate r_str_dup() - related to #20959
• Rename RVector.len to RVector.length for consistency
• Remove the unnecessary RThread.CpuAffinity()
• Add portable NaN and INF defines for different float sizes
• Deprecate r_cons_eprintf and use R_LOG instead
• Rename RStr.home() to RFile.home() as part of the Plan
• Rename r_mem_memzero to r_mem_zero
• Prefer _tostring() instead of _to_string()
• Improve r_ref implementation with debugging support
• R_BIN_NM -> R_BIN_LANG
• Implement thread-safe refcounting - but disabled by default
• Deprecate the unused RFList
• Implement r_str_ntrim() and speedup r_str_trim() with it
• Initial implementation of RString (30% faster than RStrBuf)
• Implement r_sys_getenv_asint
• Add r_cons_is_initialized
• Boolify r_core_yank_file_all() and fix shadow var bug
• Add r_file_is_executable and r_file_extension apis
• Fix UB bug when using r_vector random access
• Change R_LOG_INFO to R_LOG_TODO where suitable
• Merge rhash into rcrypto and improve apis
• Fix memory leak in r_str_list_join()
• Boolify and rename some methods and fields from RFS
• Add .author field in all the RLang plugins
• Add a public api for the yank-unset action
• Constify the help

arch

• Add the arch.preludes() callback and new RSearchKeyword constructor
• Move anal.v850 to arch
• Fix counted string bug in pickle
• Fix negative unsigned cast in the xtensa disassembler
• Add RAnalOp.weakbytes() and move more analop apis to arch
• Move anal.xap into the arch
• Update tests and better arch.patch/modify callback
• Move anal.{6502,snes} into arch
• Kill RAsmOp, we can reuse RAnalOp in here
• Improve pickle disasm on invalid instructions
• Remove RAsmPlugin struct and add the 'aia' command to show archinfo
• Move the remaining asm plugins into the arch
• Minor plugin selection improvements
• Move asm.nasm into the arch
• Move asm.vasm into arch.any_vasm
• Assemble large pickle instructions
• Fix and move failing tests, reorder lib build
• Move the arm assembler plugin from asm to arch
• Temporary add RAnal as dependency for REgg
• Improve x86.nz assembler parsing and other bugs in rnum
• Initial implementation of the arch.any.as plugin
• Better handle of RNum errors for egg and arch.x86.nz
• Support reg+idx and idx+reg in x86.nz assembler
• Move the x86.nz plugin
• Fix asm.acur supporting arch, anal and asm plugins
• • Fix asm.acur supporting arch, anal and asm plugins
• Move anal_riscv to arch_riscv
• Fix rasm2 -LLL using the new multi-bits macros
• Introduce RSysBits and its packing/checking macros
• Implement archinfo() in RAnal.Plugin.tms320
• Deprecate the unused RArchPlugin.esil field
• Use PJ to return the list of mnemonics aoml in arm.v35
• Move anal.rsp to the new home
• Move anal.v810 into arch.v810
• Move pickle from anal to arch and add it to meson
• Remove anal.malbolge and fix CI r_esil issues
• Move the 'sh' plugin to the new home
• Honor plugin name in rate matching for RArch.use
• Move jdh8 from asm/anal to arch
• Unify RArchOp into RAnalOp using common include files
• Fix RArchOp.refptr from bool to int
• Bump cs5 to support FNOP on m68k
• Wire-up RArch into RAnalOp
• Fix arm64 plugin to work well with latest arm64 changes in capstone
• Use the latest capstone5-next with updated aarch64 support
• Copy anal_amd29k.c to rarch
• Change arch plugin definition
• Add some more arch config vars
• Introduce arch.endian config var
• Instantiate RArch in anal
• Introduce RArchConfig->decoder
• Add R_LIB_TYPE_ARCH and i4004 arch-plugin
• First arch plugin (arch.null), implement basic lib api
• Start moving EVM analysis from extras to core
• First implementation of r_arch decoder api
• Introduce the new r_arch library, just the skeleton
• Add some r_arch api declarations
• Initial commit on RArch structs

asm

• Deprecate more unused fields from RAsmPlugin
• Fix the parse.z80.pseudo plugin and add a test
• Remove the unused RAsm.binb
• Internal cleanup of asm.c, deprecate the disassembly callback
• Load cpu descriptions for multiarch plugins
• Fix rasm2 x86.nz for "xchg eax,eax" and add tests

bin

• Fix JSON encoding of section addresses
• Add test for cwd source listing, CLL and l...

5.7.8 - codename "boredom"

Release Notes

Version: 5.7.8
Previous: 5.7.6
Commits: 307
Contributors: 17

Highlights

More details

Authors

Axel Iota Ben L Denis Ovsienko Dennis Goodlett Dennis Goodlett Francesco Tamagni Nikhil Saxena Paul B Mahol Richard Patel Seunghwan Chun Sylvain Pelissier adwait1-g condret erfur pancake pancake rax64

Changes

anal

• Define =SN for the sparc register profile and improve warning message
• Include bb instruction addresses in an array for abj
• Fix more tests to run outside x86-64
• Implement aflx and aflx* commands to re-analyze function callers
• Implement aflm. and aflm? to print the makefile-style function call summary
• Fix bug in esil_cfg
• Implement r_anal_esil_dfg_reg_is_const
• Fix quotes in pickle assembly
• Improve aab results by using section size
• Refactor esil new in cmd_anal
• Refactor ar set command to static func
• Fix '/gg' output
• Fix duplicate aarch64 syscalls
• Fix leak in 'aex' command.
• Fix compilation warning
• Silence compilation warning in show_reg_args()
• Fix leak in r_core_esil_step()
• Check list allocation return value
• Fix leak of RAnalBlock in false return code path
• Check that vector length is not 0
• Fix leak of list when using asj command
• Fix leaks caused by not calling r_anal_op_fini()
• Add pickle descriptions

analysis

• Define =SN for the sparc register profile and improve warning message
• Include bb instruction addresses in an array for abj
• Implement aflx and aflx* commands to re-analyze function callers
• Fix duplicate aarch64 syscalls

arch

• Support assembler plugin resolution by aproximated name
• Rename asm.arm_cs to asm.arm
• Merge asm.sparc_gnu into anal.sparc_gnu
• Lowercase all pickle instructions
• Upgrade to the latest capstone-next for ppc purposes

asm

• Fix integer overflow in match_c_lui()

bin

• Fix boundary check in mach0 fixups reconstruction
• Fix two oobreads in coresymbolication and dyldcache
• Update coresymbolication cache parser
• Add table's :help and ignore commas in i subcommand parsing
• Fix incorrect relocs=false in macho
• Fix regressions affecting dyldcache parsing
• Fix #20624 - Implement ic, command to query klass information
• Fix oba $$ in frida://0 global
• Add support for REL file format plugin
• Support powerpc coffs
• Handle RABIN2_MACHO_SKIPFIXUPS env var in the macho parser
• Add wasm globals to symbols
• Fix leak in bin_sections

build

• if != ifdef on msvc
• Add lint for C++ include support

ci

• Fix #20655 - Zip the blob for windows

config

• Fix prj.alwasyprompt description text

cons

• Fix a couple of coverities in canvas and dietline
• Fix 'num' display with gentoo theme on 256 term
• Add to all themes 'ecd' at start
• Remove duplicate entry for basic theme
• Fix background color for dark theme
• Simplify ansi color mapping
• Fix several bugs when interacting in VE mode
• Fix leak in nextpal()
• Fix leaks in VE mode
• Fix leak of memory returned by r_str_ansi_crop()

core

• Fix leaks when calling r_flag_all_list()
• Fix leak in error path of r_core_anal_search_xrefs()
• Fix leak of pointer left behind

crash

• Fix stack exhaustion bug in the c++ gnu demangler
• Fix oobread in protobuf parser
• Fix oobread in r_str_is_printable_limited
• Fix UB bug in afi command causing random segfaults
• Harden swift demangler
• Harden msvc demangler
• Fill null deref check in the x509 parser
• Fix two more bugs in pdb found by libfuzzer
• Some safe fixes in rbin
• More r_run_parseline fixes
• Fix #9782 - r_run_parseline OOB read
• Fix oob write in dyldcache
• Fix null deref on non-capstone builds

crypto

• Add SM4 block cipher

debug

• Add new 'drp*' 'arp*' commands to flag the reg arena
• Fix build for 32bit iOS debugger
• Fix process detach in the xnu debugger
• Fix arm64 register access in xnu debugger
• Initial blind support for io.self for serenity

diff

• Implement radiff2 -B to specify base address
• Emit json when radiff2 is run with -Cj

disasm

• Fix #20202 - pd-55 showing invalid instructions

esil

• Fix tests and emulation for x86_cs BSR and BSF instructions
• Add warning for esil op $$ deprecation
• Tag dfg nodes that are vars with constant values properly in esil_dfg.c

fs

• Implement mdd, mdq and ms's ls -l
• Add initial fs.zip plugin, listing only for now

fuzz

• Fix another crash in the protobuf parser
• Fix too much time spent loading corrupted dyldcaches
• Fix negative allocation in the dex parser
• Fix infinite loop in dyldcache parser
• Fix large allocation bug in wasm parser
• Fuzz pdb
• Fuzz protobuf
• Fuzz pkcs7, punycode, x509
• libFuzzer demangler target
• libFuzzer bin target
• add libFuzzer integration, r_run_parseline test

globals

• Remove two global variables in the anal.ppc.cs plugin
• Remove global in cons.rgb
• Remove globals in bin.sms
• Remove globals in flirt and apply some extra cleanups

graph

• Implement new toyish visualization command agt
• Implement aggb command, like agfb but for agn/age
• Add cmd.bbgraph to use a different command to render the basic blocks
• Remove hack fixing a bug that is now gone for agn

io

• Initial implementation of the reg:// io plugin
• Fix #20616 - Fix analysis when using io.cache
• Implement wcu command to undo cached writes
• Initial implementation of the xattr io plugin
• Fix leaks on error path in r_io_zip_open_many()

lint

• Enable linting for trailing tabs

panels

• Fix #20651 - Decompiler panel was disapearing after clicking

print

• Implement pxu{1,2,4,8} like pxd but unsigned
• Fix w6e and w6d, Add w6x, p6[e|d][s|z] + tests
• Fix #20540 - pc should use an unsigned char buffer
• Implement p8x and p8* similar to y*

refactor

• Add linting to spot misuses of r_strbuf_appendf and fix them all
• Minor optimization of generated esil expressions
• Remove some unused macros in anal_riscv_cs
• Remove occurences of $$ in riscv esil
• Remove occurences of $$ in mips_gnu esil
• Remove occurences of $$ in bf and mips_cs esil
• Move the asm.m68k.gnu into the anal
• move asm.arm_windebg to anal.arm_wd
• Remove occurences of $$ in v810/v850 esil
• Minor optimization of generated esil in anal_arm_cs.c
• Minor optimization of esil generation in anal_arm_cs.c
• Avoid =[*] in arm_cs esil
• Remove occurences of $$ in arm_cs esil
• Move lanai from asm to anal
• Move the hppa plugin from asm to anal
• Use more R_LOG in cmd.open
• Merge asm.arm.gnu into anal.arm.gnu
• Move asm.ppc.cs into anal.ppc.cs
• Merge asm_arm_cs disassembler into anal_arm_cs

search

• Add help message for /at?
• /at accepts a comma separated list of optypes
• Enable emulation in /as, it's fast enough and results are better
• Test and benchmark --with-sysmagic in the CI

shell

• Add open command as a wrapper for the system launcher
• Fix #20387 - woa 1 confusing error message
• Honor autocompletion in the of command
• Use RCoreHelp for j? and uc? to fix a lint
• Add |E |D |J pipe aliases for base64 command execution and encoding
• Support interpreting executable binaries with r2 -i or '.'
• Don't print eol chars for now to fix an r2pipe issue
• Make command repeat behave as expected with the foreach operator
• Improve the yank command and help
• Honor : table modifiers in om,
• omt->om, and make omr print map size with no args
• Implement s** for proper seek history parseable output
• Implement ics command to list address of class methods
• Protect ms shell with scr.interactive
• Fix null deref crash in RTable and improve C,
• Implement 'e,' for table format, old e, is now e:
• Use RCore.help instead of eprintf in more commands under aa
• Implement y- command and some other indentation fixes
• Use : instead of =! in all the io plugin help messages
• Fix autocompletion for :. for r2frida

tests

• Fix total amount count of tests in r2r output
• Add test index progress in default output
• Support REQUIRE in r2r tests
• Add a few tests for cBPF conditional jumps.

tools

• Remove all global variables in rahash2
• Implement native r2pm pkg registry, buffer r2pm -s
• Enable r2pm-native when calling it from r2
• Use R_LOG in libr.main and fix RLogLevelMatch
• Allow rasm2 -f to open files with r_io files
• Fix ragg2 -C for pe64
• Fix memory leak on error path of rabin_do_operation()
• Fix leaks of allocated memory for duplicate plugins
• Check return value of r_list_new()
• Improve pid directive in rarun2, better info reporting

types

• Fix #16492 - Handle - suffix in te and ts, add tests

util

• Tests for the "standard" splist() implementation
• Minor bugfix in strbuf.c
• Add some more asn1 oids from apple
• Check for RGraph in r_graph_free()
• Fix several issues in r_syscmd_join()
• Fix leak of char* in r_table_visual_list()
• Fix leak in some yanking cases
• Fix possible leak of list after each loop iteration
• Move eprintf...

5.7.6

Release Notes

Version: 5.7.6
Previous: 5.7.4
Commits: 167
Contributors: 19

Highlights

More details

Authors

Adwaith V Gautham Alessandro Carminati Axel Iota ChoobieDesu Denis Ovsienko Dennis Goodlett Ilya Trukhanov Lazula Maurizio Papini Paul B Mahol RHL120 Richard Patel Sergi Àlvarez i Capilla Seunghwan Chun condret mrmacete pancake pancake pluswave

Changes

anal

• Add mnemonic API to pickle arch
• Add last opcodes to pickle assembler
• Add python pickle machine (pypm) dissassembler
• In cBPF jt and jf are unsigned, fix the code
• Handle arm64's BTI instruction as a nop
• • Revert "ARM disassembler: don't compute [pc, reg] memory location
• ARM disassembler: don't compute [pc, reg] memory location
• Updated syscalls for aarch64 to linux 5.19.0-rc1
• Update syscall table for linux-x64 from kernel 5.19-rc1
• Fix leak in wasm opcode disassembly
• • Fix leak in wasm opcode disassembly

analysis

• Handle arm64's BTI instruction as a nop
• • Revert "ARM disassembler: don't compute [pc, reg] memory location
• ARM disassembler: don't compute [pc, reg] memory location

analysis"

• • Revert "ARM disassembler: don't compute [pc, reg] memory location

arch

• Fix riscv left shift bugs and implement archinfo
• Revert "Update capstone which improves the PPC support
• Update capstone which improves the PPC support
• Add pickle assembler

arch"

• Revert "Update capstone which improves the PPC support

asm

• Fix for riscv

bin

• Fix returning imports table
• Fix use-after-free in the macho swizzler
• Add RABIN2_MACHO_NOFUNCSTARTS option for testing purposes
• Expose dbgInfo.LineNum on macho files
• Fix macho swizzle bug by cloning the plugin struct
• Early check to avoid null deref on files with missing buffer
• Workaround for the fatbin slice selection regression
• Refactor wasm custom name parsing

build

• GIT_TAP=$R2_VERSION if no .git is found
• Initial work towards onifying r_util

ci

• Build r2 with muon+samu
• Publish m1 packages automatically on release time
• Add line count history helper scripts

cons

• Speed up rendering by caching context pointer
• Fix picking colors for 256 colors terminals
• Fix display issues with pss visual mode

core

• Add cmd.undo and handles it for w and CC commands

crash

• Fix double free when shrinking vectors
• Fix oobread in iOS arm64 kernel parsing
• Fix FPE crash in p2 visual mode
• Fix buffer overrun in pd reported by durandal_1707
• Fix crash when calling strcmp on NULL
• Fix heap oobread in the macho parser
• Fix asan heap oobread in the tms320 disassembler

disasm

• Dont show asm.describe on strings

doc

• Increase maximum recommended line length

esil

• Fix x86 - ROL RCL ROR RCR with memory locations

fs

• Fix last covs and support mount in ms
• Refactor the RFS.Shell and add the getall command
• Add fs.cwd to define default path in ms

globals

• Remove time_t now global variable for magic

io

• Update the embedded libzip under shlr/zip
• Tiny optimization in RBuffer -0.01s speedup

lint

• Fix a new linting to remove the double error message in RLOG calls

magic

• Add RSA/DSA key magic

panels

• Add Assembler entry in Tools/

print

• Fix color changing for same block and prc=f
• Fix p=F output
• Allow to change entropy bars width with '[]' keys
• Fix p=e output

projects

• Fix two more projects tests with the new onnu

r2pm

• Fix r2pm.sh path resolution issue

refactor

• Refactor a few eprintf to R_LOG_ERROR
• Merge asm.riscv into anal.riscv
• Remove unused daylight logic in magic/mdump
• Remove optyp global variable for magic
• Ignore asm->immdisp
• Merge arc from asm into anal and build it with meson
• Merge v850.np into v850
• Use arch/bits info from anal if asm is not available in r_core_bin_update_arch_bits
• Merge asm_x86_cs into anal_x86_cs
• Merge asm.mips(cs,gnu) into anal.mips
• Merge asm.tms320 into anal.tms320

search

• Fix /rx
• mbr magic is not good for deltified matches
• Remove noisy mail.news magic file
• Fix /as on arm64-linux and add missing tests to cover it
• Improve little and big endian LZMA header magic matching

shell

• Add the infamous command tac
• Implement ~$!! as a tac replacement and clarify the ~$! use
• Handle the s# command as in 's #'
• Partial #19887 - Refactor c[248], add and test c[248]*

tests

• Fix ARC tests and improve r2r.asm output

tools

• Fix #20439 - rafind2 -V search for values like in /v
• Fix #16209 - ragg2 on macOS
• Use of RNum.calc in rax2 to honor error code
• Honor opasm in rasm2 -LL output

util

• Be more strict when parsing numbers
• The RThread.start(true) had racy deadlocks, re-enable the bg http server
• Use R_LIKELY and r_return in the skiplist api
• Optimized implementation of rand for skiplist

view

• Fix r_cons_printf call in calculator
• Add FPU/XMM/YMM panel displays

visual

• Fix recently introduced stack buffer overflow
• Make PageUp/Down keys less laggy
• Allow seek to previous result item when it is at 0 offset

5.7.4

Release Notes

Version: 5.7.4
Previous: 5.7.2
Commits: 79
Contributors: 11

Highlights

More details

Authors

Alex Bender Baldanos Dennis Goodlett Richard Patel Richard Patel Sergi Àlvarez i Capilla condret gitcolt pancake pancake tbodt

Changes

anal

• Honor syntax cfg in cs anal plugins
• SPARC ignores cfg.bigendian because all instruction fetches are BE
• Add big endian support for arm prelude search

arch

• Re-enable the bpf.mr assembler

asm

• Remove all instances of "ptr " in x86 cs assembly output
• Move the lm32 plugin into the anal

bin

• Fix o-- issue on macho-arm64
• Don't hash files when loading, that's too heavy! 1.2s -> 0.8s
• Fix wasm function offset lookup
• Split wasm imports by types

ci

• Ignore odr-violations by default when running asanified r2r

cleanup

• Lint for x""

cons

• Add r_sys_signable() and use it from r_cons_thready

core

• Fix loading xtr bins without arch dedicated asm plugin loaded

doc

• Correct help msg fro ph command

fs

• Fix mountpoint listing in the rfs shell

io

• Add omu command to create a unique map
• Miniscule optimization of io vread and mapping operations

lint

• Add R_MUSTUSE hint
• Add a linting to avoid R_LOG calls ending with a dot
• Use r_str_startswith() in libr/io/p instead of strncmp

print

• Fix (null) printing on pi command

projects

• Fix #20405 - Multiple fixes and improvements in projects

refactor

• More eprintf -> RLOG here and there
• Merge asm.java into anal.java
• Move asm.sh disassembler into the anal.sh
• Add another source linting to avoid newlines in RCore.cmd()
• Minor simplification of meson build files
• Merge asm_rsp into anal_rsp
• Merge asm_propeller into anal_propeller
• Merge asm_m680x_cs into anal_m680x_cs
• Merge asm gb into anal
• Merge the asm.mcs96 plugin into anal
• Merge asm.cris into anal.cris
• Use more R_LOG instead of eprintfs and add more linting checks
• Add sys/lint.sh and run it in the CI
• Merge asm.8051 into anal.8051
• Merge asm.sparc into anal.sparc
• Merge asm.alpha into anal.alpha

shell

• Fix #16395 - Add open file command to the ms shell

tests

• Remove the -r and -m flags from r2r

tools

• Down with capitalism - lowercase all capitalized strings in r*2 -h
• Add RABIN2_VERBOSE env var to set bin.verbose=true in rabin2
• rabin2 -qqqqqq doesnt swap between simple and simplest now

web

• Few http webserver improvements

5.7.2

Release Notes

Twitter thread: https://twitter.com/radareorg/status/1539561234453987328?s=21&t=RMA5QEUIJoG6tdVvPCc-Cg

Version: 5.7.2
Previous: 5.7.0
Commits: 192
Contributors: 26

Highlights

More details

Authors

Aleksey Kislitsa Apkunpacker Ben Demick Denis Ovsienko Dennis Goodlett Dennis Goodlett GiulioL GiulioLyons HighW4y2H3ll Lazula RHL120 Richard Patel Richard Patel Sergi Àlvarez i Capilla aemmitt aemmitt-ns colt condret lazymio meme pancake pancake pipothebit rax2 rax64 ypsvlq

Changes

anal

• Add op->cycles for M68K move
• Set data alignment of m68k CPUs
• Use r10 as SP and as an sp alias on arm64
• Fix archinfo for BPF
• Add icg str argument for filtering classes to graph
• Add z vector registers for ARM64 in the register profile
• Add R_REG_TYPE_VEC
• Remove dead code
• Add esil support for VMOVDQU in anal_x86_cs.c
• Fix ARM ujmp op type with rjmp & mjmp
• Fix #20215 - Handle op->direction in XOR x86 instructions
• Reduce LOC of i4004 assembler (only use gperf for 1 byte instructions)
• Move i4004 asm to anal

analysis

• Set data alignment of m68k CPUs
• Use r10 as SP and as an sp alias on arm64
• Fix archinfo for BPF
• Add icg str argument for filtering classes to graph
• Fix ARM ujmp op type with rjmp & mjmp

arch

• Fix reg profile, add archinfo and opinfo for bpf.cs
• Initial import of the asm.bpf plugin from extras
• Add initial anal.bpf.cs plugin + disasm tests

asm

• Support tbz,tbnz,rev16,rev32 instructions in the arm64 assembler
• Support cset and sxt(b,h,w) instructions in the arm64 assembler
• Support mnemonic list for all Capstone-based plugins
• Support ccmn and csel instructions in the arm64 assembler
• Support more arm64 instructions

bin

• Fix #17174 - Add the flagname and real symbol name details in the output of icj
• Better handling of invalid/corrupted wasm files
• Use RPVector for wasm imports
• Use RPVector for wasm data section
• Refactor wasm start section parsing
• Move RBinWasmObj-code to RPVector
• Wasm use rpvector on elements
• WASM use RBinWasmObj in vector parsing
• Update wasm tests for exports
• Fix wasm iE duplicates
• Rename wasm subection index member to sec_i
• Change wasm subsections into RPVectors
• • Use RPVector for wasm tables entries
• • Use RPVector for wasm memmories entries
• • Use RPVector for wasm global entries
• Refactor wasm and add function section parsing
• • Remove unsed buf_read_new from wasm parser
• • Refactor wasm vector sub-section parsing
• • Add wasm function sub-section parsering
• Fix ELF default arch of x86
• Avoid false positives when loading s390 modules
• Refactor wasm function types
• Wasm allow partial custom name parsing
• Wasm iE improvment

build

• Windows builds include debug information by default
• Add macos-m1 GHCI builds
• Update v35arm64 to fix build on riscv
• Massage MAKE_JOBS for sys/debian.sh too
• Remove the r2p symlink on Make purge

cons

• Fix/clarify the use of cons.vtmode/line.vtmode/vmode
• Reduce stack in RLine.histLoad() and early return on windows to fix a crash

core

• Fix fortune file detection
• Make the gnu disassemblers thread safe

crash

• Fix oobread in RTable exposed via an ELF reproducer
• Fix #20336 - wasm bin parser
• Fix oobread in wv
• Fix #20248 - DoubleFree in RCons.pop() triggered via RCore.cmdStr()
• Fix infinite loop in gdbserver =g
• Fix several bugs in the RStack API

disasm

• Fix negative on unsigned value in v850.pseudo
• Update to the latest capstone to fix a bug for BPF
• Fix #17961 - missing flags in asm.reloff=1 + scr.color=0

doc

• Rename doc/crosscompile to doc/cross-compile.md
• Add ABI stability explanation

esil

• Fix SHRD instruction ESIL
• Add ESIL to the anal.bpf.cs plugin

io

• Fix bug in io_ihex
• Optimize io.open() by skipping plugin iteration if no uri found
• Add stdin:// uri handler in the io.malloc plugin

parse

• Make existing types available to r_parse_c_string

print

• Fix #20310 - Handle help suffix on more pd subcommands
• Convert pf d specifier to hex dword

r2pipe

• Fix: pthread_create: Resource temporarily unavailable

r2pm

• Handle R2PM_UNINSTALL on Windows
• Fix environment message for the package manager
• Improvements in the native r2pm, being able to install samu and muon

refactor

• Merge asm.avr into anal.avr
• Merge asm.xap into anal.xap
• Merge asm.i8080 into anal.i8080 and add a test
• Merge asm.xcore_cs into anal.xcore_cs
• Merge asm.amd29k into anal.amd29k
• Merge asm.h8300 into anal.h8300
• Merge asm.lh5801 into anal.lh5801
• Merge asm.cr16 into anal.cr16
• Merge asm.v850 into anal.v850 and add a test
• Merge asm.malbolge into anal.malbolge
• Merge asm.v810 into anal.v810
• Merge asm.pdp11 into anal.pdp11
• Merge asm.6502 into anal.6502
• Remove more R_TH_LOCAL in TCC
• Remove excess zeroing in anal_bpf.c
• Merge asm.riscv.cs into anal.risc.cs
• Move asm.pyc to anal.pyc
• Merge asm.nios2 into anal.nios2

search

• Honor cfg.bigendian in /v subcommands

shell

• Fixes for the R2_FORTUENS system and home paths
• Fix history file path construction
• Fix error message in e- when resetting in debugger
• Remove newline in date and pt. output
• Expose R2_HISTORY in r2 -hh and r2 -H to locate history file

tests

• Add Capstone aoml cases
• Generate r2r.json for profiling the testsuite
• Sort lines in r2r -h
• Use absolute path for r2r -o

tools

• Fix disalignment glitch in rasm2 -L and rasm2 -LL

util

• Compile-time optimization for r_str_startswith()

visual

• Fix arrows in visual prompt on windows cmd V:

windows

• Autoset vtmode=1 or 2 depending on shell or visual
• Detect cmd.exe as vtmode=2
• vmode fixes visual shift issue in cmd.exe
• Support building windbg plugin under mingw