Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RASIGN2(1)		     Rasign2 User Manuals		    RASIGN2(1)

NAME
       rasign2 - a tool	for generating and managing binary file	signatures

SYNOPSIS
       rasign2 [options] [file]

DESCRIPTION
       The rasign2 tool	is designed for	creating, dumping, and managing	signa-
       ture files for binary analysis. It facilitates the generation of	signa-
       ture  databases	(SDB)  from binary files, making it easier to identify
       and catalog functions and other symbols.	The tool can  interpret	 FLIRT
       'I.sig' files, execute custom Radare2 scripts, and output signatures in
       multiple	formats.

OPTIONS
       -a     Perform  a  more	thorough  analysis  by adding extra 'a'	to the
	      analysis command.	The more 'A's, the deeper the analysis.

       -A[AAA]
	      Equivalent to r2 -A

       -f     Interpret	the input file as a FLIRT 'I.sig' file	and  dump  its
	      signatures.

       -h     Display the help menu.

       -j     Output signatures	in JSON	format.

       -i script.r2
	      Execute the specified Radare2 script on the input	file.

       -o sigs.sdb
	      Add generated signatures to the specified	file. Creates the file
	      if it does not exist.

       -q     Enable quiet mode, suppressing normal output.

       -r     Show output as Radare2 commands.

       -S     Operate on an SDB	signature file.	Use '-o	-' to save to the same
	      file.

       -s signspace
	      Save all signatures under	the specified signspace.

       -c     Add collision signatures before writing to a file.

       -v     Display version information.

       -m     Merge or overwrite signatures with the same name.

USAGE EXAMPLES
       Basic signature generation:
	      rasign2 -o libc.sdb libc.so.6
       This  command  generates	 signatures from 'libc.so.6' and saves them in
       'libc.sdb'.

       Enhanced	analysis:
	      rasign2 -A -o enhanced_libc.sdb libc.so.6
       This performs a deeper analysis before  generating  signatures,	poten-
       tially discovering more functions.

       Output in Radare2 commands:
	      rasign2 -r input_file | grep main
       Prints the discovered signatures	for 'main' as Radare2 commands.

       JSON output:
	      rasign2 -j input_file
       Outputs the generated signatures	in JSON	format.

       Merging signatures:
	      rasign2 -m -o existing_sigs.sdb new_sigs.sdb
       Merges  or overwrites signatures	in 'existing_sigs.sdb' with those from
       'new_sigs.sdb'.

THE Z COMMAND IN RADARE2
       The z command in	radare2	is dedicated to	the management of binary  sig-
       natures,	 known	as zignatures. Zignatures are used for identifying and
       cataloging functions across different binaries by their unique  charac-
       teristics, such as bytes	patterns, graph	metrics, and other attributes.

CONFIGURATION OPTIONS
       The  behavior of	zignature processing can be fine-tuned through a vari-
       ety of configuration options, accessible	 via  'e??zign.'  in  radare2.
       Some key	configuration options include:

       zign.autoload
	      Autoload all zignatures located in dir.zigns.

       zign.bytes
	      Use bytes	patterns for matching.

       zign.graph
	      Use graph	metrics	for matching.

       zign.hash
	      Use Hash for matching.

       zign.threshold
	      Minimum similarity required for inclusion	in zb output.

       zign.types
	      Use types	for matching.

ADDING ZIGNATURES
       Zignatures  can be added	with the 'za' command, supporting a variety of
       types such as bytes patterns, graph metrics, and	more.

       za foo b	558bec..e8........
	      Adds a bytes pattern zignature.

       za foo g	cc=2 nbbs=3 edges=3 ebbs=1
	      Adds a graph metrics zignature.

ZIGNATURE COMMANDS
       The z command encompasses several subcommands for managing zignatures:

       z      Show zignatures.

       z.     Find matching zignatures in current offset.

       zb     Search for best match.

       zdzignature
	      Diff current function and	signature.

       z*     Show zignatures in radare	format.

       zo     Manage zignature files.

       zf     Manage FLIRT signatures.

       z/     Search zignatures.

       zc     Compare current zignspace	zignatures with	another	one.

       zs     Manage zignspaces.

       zi     Show zignatures matching information.

	      The comprehensive	management of zignatures  through  these  com-
	      mands  facilitates  a  robust  workflow for binary analysis, en-
	      abling the identification	of known  functions  and  facilitating
	      the analysis of binary similarities and differences.

SUPPORTED ZIGNATURE METRICS
       Zignatures  in  radare2	can be created with a variety of metrics, each
       capturing different aspects of binary functions.	These metrics include:

       a: bytes	pattern
	      Radare2 creates a	mask from analysis to match bytes patterns.

       b: bytes	pattern
	      Direct bytes pattern matching.

       c: base64 comment
	      Associates a base64-encoded comment with the zignature.

       n: real function	name
	      Uses the real function name for matching.

       g: graph	metrics
	      Utilizes graph metrics such as cyclomatic	complexity, number  of
	      edges, basic blocks, and end blocks.

       o: original offset
	      Matches based on the original offset of the function.

       r: references
	      Uses references for matching.

       x: cross	references
	      Incorporates cross references into the zignature.

       h: bbhash
	      Employs hashing of function basic	blocks for matching.

       v: vars (and args)
	      Matches based on variables and arguments.

	      Each  metric  allows  for	 a nuanced approach to identifying and
	      comparing	functions across binaries, enabling more accurate  and
	      comprehensive analysis.

USAGE EXAMPLES FOR THE Z COMMAND
       The z command in	radare2	is versatile, offering various functionalities
       through its subcommands.	Here are five usage examples:

       Show all	zignatures
	      z
       Displays	all zignatures currently loaded	in radare2.

       Find matching zignatures	at the current offset
	      z.
       Searches	 for  and displays zignatures that match at the	current	offset
       in the binary.

       Scan all	functions to find matching zignatures
	      z/
       Searches	and match all signatures loaded	against	all the	analyzed func-
       tions in	order to give a	name to	every one.

       Load zignature files
	      zo libc.sdb
       Loads zignatures	from the specified SDB file into the current session.

       Generate	zignatures for all functions
	      zaF
       Generates zignatures for	all identified functions  in  the  binary  and
       adds them to the	current	session.

       Search for the closest matching zignatures
	      zb
       Searches	 for and displays the closest matching zignatures to the func-
       tion at the current offset, helping identify similar  functions	across
       binaries.

       These  examples showcase	the `z`	command's ability to manage zignatures
       efficiently, aiding in the binary analysis process  by  leveraging  the
       power of	zignatures for function	identification and comparison.

SEE ALSO
       r2(1), radare2(1)

WWW
       https://www.radare.org/

AUTHORS
       pancake <pancake@nopcode.org>

1.0				  17 Mar 2024			    RASIGN2(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rasign2&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help