The RSoC is finished
That's sad, I know, but the RSoC is now finished since 2 months and I haven't post for even longer! :/
I have done quit a few commits this summer, and that was really nice to implement new features in a project such as radare2! Still, I have some regrets not to have had enough time for the RSoC... I had no time to implement all the task I was given, and I even still have some that I hope to do in the next few weeks.
And this year, having a lot of responsibilities in my school's associations, and having a few school projects, I find even less time than this summer, so I don't think I'll be able to contribute a lot as I expected.
Now stop complaining about my free time and let's do a quick summary of what I've done. The task was about structure templates, so the goal is to define a human readable structure, a bit like a C header for example, and to apply it on a binary to see each field easily. The method with header file is quickly described here, and I think I'll do a more complete example one day.
But my work was more focused on one r2 feature related to structures: pf. That
is the basic command for which you can have a quick help on r2 by hitting pf?.
The command works as follow:
pf iwf foo bar troll
Applies the iwf format at current offset. The iwf format is an
integer named foo, a word called bar, and a float, troll.
This gives the following output:
[0x00000000]> pf iwf foo bar troll
foo : 0x00000000 = 1179403647
bar : 0x00000004 = 0x0101
troll : 0x00000006 = 1.000000
More fields type can be easily found in the pf help.
Moreover, pf supports some nice tricks like pointers by using * or arrays
using []...
eg:
pf *i[2]w pointer_to_int array_of_words
The next point is to store a format by entering following command:
pf.name iwf foo bar meh
We can now apply the format with pf.name. But the thing is that we can now use
the stored format as a structure in a new format using ?.
eg:
[0x00000000]> pf.meh iw int word
[0x00000000]> pf.boh i?w otherint (meh)plop otherword
[0x00000000]> pf.boh
otherint : 0x00000000 = 1179403647
plop : struct<meh>
int : 0x00000004 = 65793
word : 0x00000008 = 0x0000
otherword : 0x0000000a = 0x0000
That way, you can define linked lists for example, to apply on memory dumps, or create nested structures for complex templates.
Other features are the JSON output, with pfj, or the already done templates
such as the elf32 header that you can easily load with pfo elf32.
On last thing is the writing mode (not fully supported for arrays and nested
structs, which are my remaining tasks) that you can use that way.
You define a format:
pf.name iwf foo bar meh
And then you can modify its field with:
pf.name.bar=0xfa0
That prints the command you should have to type to write 0xfa0 at the right offset, and a bit of r2 shell makes life easy (see the dot before the command, to execute the output of it as if entered in r2):
[0x00000000]> pf.name
foo : 0x00000000 = 0
bar : 0x00000004 = 0x0000
meh : 0x00000006 = 0.000000
[0x00000000]> .pf.name.bar=0xfa0
[0x00000000]> pf.name
foo : 0x00000000 = 0
bar : 0x00000004 = 0x0fa0
meh : 0x00000006 = 0.000000
There are still some features in pf, but I think you now have a good overview
of what pf can do, and so what I've done during my RSoC.
To sum up, that was a great wonderful experience, and I've learned a lot of
various interesting things. I hope to finish the last tasks soon, and after
that, pf will really be a powerful tool to dump nice elf headers, or
analyse strange corrupted PNG files! :)
Finally, I really thank my mentors pancake,
xvilka, and jvoisin for
helping me doing the task, and for organizing the RSoC in general. I also thank
maijin for having done a lot of tests in pf
and for reporting a lot of unexpected features, and I also thank all the r2
community for being nice on the IRC chan, and for supporting such a great
project!