Chapter 11: Rabin

Under this bunny-arabic-like name, radare hides the power of a wonderful tool to handle binary files and get information to show it in the command line or import it into the core.

Rabin is able to handle multiple file formats like Java CLASS, ELF, PE, MACH-O, etc.. and it is able to get symbol import/exports, library dependencies, strings of data sections, xrefs, address of entrypoint, sections, architecture type, etc.

$ rabin -h
rabin [options] [bin-file]
 -e        shows entrypoints one per line
 -i        imports (symbols imported from libraries)
 -s        symbols (exports)
 -c        header checksum
 -S        show sections
 -l        linked libraries
 -L [lib]  dlopen library and show address
 -z        search for strings in elf non-executable sections
 -x        show xrefs of symbols (-s/-i/-z required)
 -I        show binary info
 -r        output in radare commands
 -v        be verbose

The output of every flag is intended to be easily parseable, they can be combined with -v or -vv for a more readable and verbose human output, and -r for using this output from the radare core. Furtheremore, we can combine -s, -i and -z with -x to get xrefs.