Radare2 GSoC 2016 Introduction Project Ideas Micro Tasks

Microtasks

It is strongly recommended that students who want to apply to the radare2 GSoC/RSoC projects will perform a small tasks, to get the idea of students’ capabilities and make them familiar with radare2 codebase, structure and development process. Here is the list of such “qualification” tasks:

^

Improve analysis

The current code analysis have many little caveats and issues which may be good to be addressed, fixing them and writing more tests is very important to stabilize and enhance it.

See these issues

^

Flash bytecode

Flash is slowly dying, but there's still people using it and there are still appearing 0day vulnerabilities in the wild, so it will be interesting to be able to disassemble flash from memory inside r2.

This task implies writing a plugin for flasm in radare2-extras to be able to disassemble, assemble and optionally analyze Flash bytecode.

See Issue #3705

^

Lua bytecode

Add disassembler, assembler and analyzer for the latest LUA vm.

See Issue #3836

^

Python bytecode

See universal python disassembler for example and Issue #4228 for current state of it.

^

Improve ragg2 compiler

Ragg2 - simplistic compiler for C-like syntax into tiny binaries for x86-32/64 and arm. Programs generated by ragg2 are relocatable and can be injected in a running process or on-disk binary file. Fixing ragg2 issues will help a lot for creating small payloads for exploiting tasks.

^

Better PE (Portable Executable) format support

There are lot of missing features in the current PE file parser. Here you can find a full list of those. Implemeting it will help for radare2 usage in malware analysis.

^

PCAP loading support

Add pcap support. See issue

^

BOCHS support

Add bochs support. See issue

^

Display "malwareness" indicators

Add command for print indicators like in PEStudio (i.e display version information that already parsed) See issue

^

Sdbtization

Radare2 is being slowly refactored to store all the information about session, user metadata and state of debugger in the SDB - simple key-value database. This work still ungoing. So helping us with a few sdbtization bugs will introduce you into the radare2 codebase structure. See issues

^

Better crypto identification support

radare2 currently supports Yara (see radare2-extras repository), but it will be good to extend the support to handle more hashing algorithms by code analysis by integrating more updated Yara signatores or using Manalyze, writing a blog post or documentation for it.

See Manalyze

^

UTF-8 support in graphs

This task requires implementing proper support for multibyte characters in RConsCanvas in order to render UTF-8 characters in the graphs for having better ascii-art boxes and lines.

Issue #2091

^

Node groups

Being able to select multiple nodes in the graph and group them to colorize them and specify a name for them.

^

Smarter lines in graphs

Avoid overlapping edges, currently the ascii art graphs does not overlap nodes, but some edge lines are passing thru.

^

Save/restore graph state

This task is necessary when node grouping or layout have changed, this information can be stored in projects by just reusing the agn and age commands to recreate a graph and feeding the body of the nodes in base64.

^

Better support for AOT and ART binaries

Current version of r2 is able to load ART and AOT binaries, but we are not yet able to extract all the information that lives in there

^

Better support for DEX

Multidex is not yet supported, and there are some specially crafted dex bins that will not load properly. This task requires writing tests, checking with fuzzed and obfuscated dex binaries and fix the bugs found in the process.

^

Better support for Dalvik

There are some bugs in the current disassembler that will be good to address them. Also, it will be good to have a dalvik assembler for binary patching.

^

Better support for Activities and Permissions (list them, references, etc)

Take ideas from Androguard, and be able to follow execution flow paths to understand which permissions are used in a specific region of code, how to reach a specific activity, etc.

^

Fix dyldcache (already listed in fatmacho task)

Dyldcache for user libraries and kernel modules is already supported, but it is not working because of the api changes in RBin. This task implies writing tests for dyldcache (we need to cook a dyldcache that can be distributable, not the ones from Apple). And fix the rbin api to get this working.

^

Support remote iOS debugging

Support gdb:// against apple’s debugserver. This feature already works for i386 simulator, but fails when using arm/arm64 backend on real hardware).

^

Implement LDID in rabin2

Add support for reading/writing LDID mach0 information. This is basically calculating the SHA1 hashes of a specific range of bytes in the binary and store them in the header.

rabin2 -O ldid ios-bin

^

Support to spawn Apps, not just programs

See debugserver -x springboard and such to spawn apps from the backboard otherwise they get killed.



--radare2 @ 2016