FreeBSD Manual Pages
NAME ragg2 -- radare2 frontend for r_egg, compile programs into tiny bina- ries for x86-32/64 and arm. SYNOPSIS ragg2 [-a arch] [-b bits] [-k kernel] [-f format] [-o file] [-i shellcode] [-I path] [-e eggstr] [-E encoder] [-B hexpairs] [-c k=v] [-C file] [-n num32] [-N num64] [-d off:dword] [-D off:qword] [-w off:hexpair] [-p padding] [-P pattern] [-q fragment] [-FOLsrxvhz] DESCRIPTION ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm. This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and integrated with r_asm and r_bin. Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file. Since the ragg2-cc merge, ragg2 can now generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process. This feature is conceptually based on shellforge4, but only linux/osx x86-32/64 plat- forms are supported. DIRECTIVES The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'. -a arch set architecture x86, arm -b bits 32 or 64 -k kernel windows, linux or osx -f format output format (raw, c, pe, elf, mach0, python, javascript) -o file output file to write result of compilation -i shellcode specify shellcode name to be used (see -L) -e encoder pass egg program as argument instead of in a file -E encoder specify encoder name to be used (see -L) -B hexpair specify shellcode as hexpairs -c k=v set configure option for the shellcode encoder. The argu- ment must be key=value. -C file include contents of file -d off:dword Patch final buffer with given dword at specified offset -D off:qword Patch final buffer with given qword at specified offset -w off:hexpairs Patch final buffer with given hexpairs at specified offset -n num32 Append a 32bit number in little endian -N num64 Append a 64bit number in little endian -p padding Specify generic paddings with a format string. Use lower- case letters to prefix, and uppercase to suffix, keychars are: 'n' for nop, 't' for trap, 'a' for sequence and 's' for zero. -P size Prepend debruijn sequence of given length. -q fragment Output offset of debruijn sequence fragment. -F autodetect native file format (osx=mach0, linux=elf, ..) -O use default output file (filename without extension or a.out) -I path add include path -s show assembler code -S append a string -r show raw bytes instead of hexpairs -x execute (just-in-time) -X execute rop chain -L list all plugins (shellcodes and encoders) -h show this help -z output in C string syntax -v show version EXAMPLE $ cat hi.r /* hello world in r_egg */ write@syscall(4); //x64 write@syscall(1); exit@syscall(1); //x64 exit@syscall(60); main@global(128) { .var0 = "hi!\n"; write(1,.var0, 4); exit(0); } $ ragg2 -O -F hi.r $ ./hi hi! # With C file : $ cat hi.c main() { write(1, "Hello\n", 6); exit(0); } $ ragg2 -O -F hi.c $ ./hi Hello # Linked into a tiny binary. This is 165 bytes $ wc -c < hi 165 # The compiled shellcode has zeroes $ ragg2 hi.c | tail -1 eb0748656c6c6f0a00bf01000000488d35edffffffba06000000b8010 000000f0531ffb83c0000000f0531c0c3 # Use a xor encoder with key 64 to bypass $ ragg2 -e xor -c key=64 -B $(ragg2 hi.c | tail -1) 6a2d596a405be8ffffffffc15e4883c60d301e48ffc6e2f9ab4708252 c2c2f4a40ff4140404008cd75adbfbfbffa46404040f8414040404f45 71bff87c4040404f45718083 SEE ALSO radare2(1) AUTHORS Written by pancake <pancake@nopcode.org>. May 4, 2021 RAGG2(1)
NAME | SYNOPSIS | DESCRIPTION | DIRECTIVES | EXAMPLE | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ragg2&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>