Chapter 7: Remoting capabilities

Radare can work locally or remotelly without hard differences. The reason is that everything remains on the IO subsystem that abstracts the access to system(), cmd() and all basic IO operations thru the network.

Here's the help of the command:

[0xB803C7F0]> =?
 =                  ; list all open connections
 =<[fd] cmd         ; send output of local command to remote fd
 =[fd] cmd          ; exec cmd at remote 'fd' (last open is default one)
 =+ [proto://]host  ; add host (default=rap://, tcp://, udp://)
 =-[fd]             ; remove all hosts or host 'fd'
 ==[fd]             ; open remote session with host 'fd', 'q' to quit

lets introduce the command with a little example :) A typical remote session could be:

- At remote host1:
$ radare listen://:1234

- At remote host2:
$ radare listen://:1234

- At localhost:
$ radare <bin>

; Add hosts
]> =+ rap://<host1>:1234//bin/ls
Connected to: <host1> at port 1234
waiting... ok
5 - rap://<host1>:1234//bin/ls

; Of course, you can open remote files in debug mode (or using any io
; plugin) specifying the uri when adding hosts: 
]> =+ rap://<host2>:1234/dbg:///bin/ls
Connected to: <host2> at port 1234
waiting... ok
5 - rap://<host1>:1234//bin/ls
6 - rap://<host2>:1234/dbg:///bin/ls

; Exec commands in host1
]> =5 px
]> = s 0x666
...

; Open a session with host2
]> ==6
fd:6> !cont entrypoint
...
fd:6> q

; Remove hosts (and close connections)
]> =-

So, you can init tcp or udp servers, add them with '=+ tcp://' or '=+ udp://', and then redirect to them the radare output. For instance:

]> =+ tcp://<host>:<port>/
Connected to: <host> at port <port>
5 - tcp://<host>:<port>/
]> =<5 cmd...

The '=<' command will send the result of the execution of the command at the right to the remote connection number N (or the last one used if no id specified).