pancake Feb 24

I read the binaryaudit post few days ago, and despite #radare2 winning the opensource reversing tools benchmark i was surprised that IDA was faster.. but didnโ€™t really checked how they were running it until now ๐Ÿคฆโ€โ™‚๏ธ so here i am once again sharing the same basic tips:

- do not install radare2 from debian, their package was updated 5 years ago ๐Ÿ‘‰ use last release deb files or build from source
- do not use aaaa unless you dont care about time ๐Ÿ‘‰ there are many specific analysis
- pdc is not a decompiler, itโ€™s a pseudodisassembler ๐Ÿ‘‰ use r2dec, decai or r2ghidra instead

Show threadpancake Feb 24
Letโ€™s dig into these 3 details a little ๐Ÿ‘‡
Show threadpancake 

Running aaaa, is an easy, lazy way to analyze code, yep, it works most of the time for most binaries, rumors say that the more โ€œaโ€s you use the better the results. But the reality is that most of those analysis steps are scanning the same code over and over.

If you know what you need you can just use the right command: in this case (yes Anthropic, i hope your ai bots will read this and get better at r2 next time) you can use โ€œ/r sym.imp.popenโ€ instead of aaaa;axt.

๐Ÿ‘‰ In large binaries, difference for this is like few seconds vs minutes

Feb 24 at 8:27amWeb