It is strongly recommended that students who want to apply to the radare2 GSoC/RSoC projects will perform a small tasks, to get the idea of students’ capabilities and make them familiar with radare2 codebase, structure and development process. Here is the list of such “qualification” tasks:
The current code analysis have many little caveats and issues which may be good to be addressed, fixing them and writing more tests is very important to stabilize and enhance it.
See these issues^
Flash is slowly dying, but there's still people using it and there are still appearing 0day vulnerabilities in the wild, so it will be interesting to be able to disassemble flash from memory inside r2.
This task implies writing a plugin for flasm in radare2-extras to be able to disassemble, assemble and optionally analyze Flash bytecode.
See Issue #3705^
Add disassembler, assembler and analyzer for the latest LUA vm.
See Issue #3836^
See universal python disassembler for example and Issue #4228 for current state of it.^
Ragg2 - simplistic compiler for C-like syntax into tiny binaries for x86-32/64 and arm. Programs generated by ragg2 are relocatable and can be injected in a running process or on-disk binary file. Fixing ragg2 issues will help a lot for creating small payloads for exploiting tasks.^
There are lot of missing features in the current PE file parser. Here you can find a full list of those. Implemeting it will help for radare2 usage in malware analysis.^
Add pcap support. See issue^
Add bochs support. See issue^
Add command for print indicators like in PEStudio (i.e display version information that already parsed) See issue^
Radare2 is being slowly refactored to store all the information about session, user metadata and state of debugger in the SDB - simple key-value database. This work still ungoing. So helping us with a few sdbtization bugs will introduce you into the radare2 codebase structure. See issues^
radare2 currently supports Yara (see radare2-extras repository), but it will be good to extend the support to handle more hashing algorithms by code analysis by integrating more updated Yara signatores or using Manalyze, writing a blog post or documentation for it.
This task requires implementing proper support for multibyte characters in RConsCanvas in order to render UTF-8 characters in the graphs for having better ascii-art boxes and lines.
Being able to select multiple nodes in the graph and group them to colorize them and specify a name for them.^
Avoid overlapping edges, currently the ascii art graphs does not overlap nodes, but some edge lines are passing thru.^
This task is necessary when node grouping or layout have changed, this information can be stored in projects by just reusing the
age commands to recreate a graph and feeding the body of the nodes in base64.
Current version of r2 is able to load ART and AOT binaries, but we are not yet able to extract all the information that lives in there^
Multidex is not yet supported, and there are some specially crafted dex bins that will not load properly. This task requires writing tests, checking with fuzzed and obfuscated dex binaries and fix the bugs found in the process.^
There are some bugs in the current disassembler that will be good to address them. Also, it will be good to have a dalvik assembler for binary patching.^
Take ideas from Androguard, and be able to follow execution flow paths to understand which permissions are used in a specific region of code, how to reach a specific activity, etc.^
Dyldcache for user libraries and kernel modules is already supported, but it is not working because of the api changes in RBin. This task implies writing tests for dyldcache (we need to cook a dyldcache that can be distributable, not the ones from Apple). And fix the rbin api to get this working.^
Support gdb:// against apple’s debugserver. This feature already works for i386 simulator, but fails when using arm/arm64 backend on real hardware).^
Add support for reading/writing LDID mach0 information. This is basically calculating the SHA1 hashes of a specific range of bytes in the binary and store them in the header.
rabin2 -O ldid ios-bin
debugserver -x springboard and such to spawn apps from the backboard otherwise they get killed.