GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
RASIGN2(1) Rasign2 User Manuals RASIGN2(1)

rasign2 - a tool for generating and managing binary file signatures

rasign2 [options] [file]

The rasign2 tool is designed for creating, dumping, and managing signature files for binary analysis. It facilitates the generation of signature databases (SDB) from binary files, making it easier to identify and catalog functions and other symbols. The tool can interpret FLIRT 'I.sig' files, execute custom Radare2 scripts, and output signatures in multiple formats.

Perform a more thorough analysis by adding extra 'a' to the analysis command. The more 'A's, the deeper the analysis.

Equivalent to r2 -A

Interpret the input file as a FLIRT 'I.sig' file and dump its signatures.

Display the help menu.

Output signatures in JSON format.

Execute the specified Radare2 script on the input file.

Add generated signatures to the specified file. Creates the file if it does not exist.

Enable quiet mode, suppressing normal output.

Show output as Radare2 commands.

Operate on an SDB signature file. Use '-o -' to save to the same file.

Save all signatures under the specified signspace.

Add collision signatures before writing to a file.

Display version information.

Merge or overwrite signatures with the same name.

Basic signature generation:

rasign2 -o libc.sdb libc.so.6
This command generates signatures from 'libc.so.6' and saves them in 'libc.sdb'.

Enhanced analysis:

rasign2 -A -o enhanced_libc.sdb libc.so.6
This performs a deeper analysis before generating signatures, potentially discovering more functions.

Output in Radare2 commands:

rasign2 -r input_file | grep main
Prints the discovered signatures for 'main' as Radare2 commands.

JSON output:

rasign2 -j input_file
Outputs the generated signatures in JSON format.

Merging signatures:

rasign2 -m -o existing_sigs.sdb new_sigs.sdb
Merges or overwrites signatures in 'existing_sigs.sdb' with those from 'new_sigs.sdb'.

The z command in radare2 is dedicated to the management of binary signatures, known as zignatures. Zignatures are used for identifying and cataloging functions across different binaries by their unique characteristics, such as bytes patterns, graph metrics, and other attributes.

The behavior of zignature processing can be fine-tuned through a variety of configuration options, accessible via 'e??zign.' in radare2. Some key configuration options include:

Autoload all zignatures located in dir.zigns.

Use bytes patterns for matching.

Use graph metrics for matching.

Use Hash for matching.

Minimum similarity required for inclusion in zb output.

Use types for matching.

Zignatures can be added with the 'za' command, supporting a variety of types such as bytes patterns, graph metrics, and more.

Adds a bytes pattern zignature.

Adds a graph metrics zignature.

The z command encompasses several subcommands for managing zignatures:

Show zignatures.

Find matching zignatures in current offset.

Search for best match.

Diff current function and signature.

Show zignatures in radare format.

Manage zignature files.

Manage FLIRT signatures.

Search zignatures.

Compare current zignspace zignatures with another one.

Manage zignspaces.

Show zignatures matching information.

The comprehensive management of zignatures through these commands facilitates a robust workflow for binary analysis, enabling the identification of known functions and facilitating the analysis of binary similarities and differences.

Zignatures in radare2 can be created with a variety of metrics, each capturing different aspects of binary functions. These metrics include:

Radare2 creates a mask from analysis to match bytes patterns.

Direct bytes pattern matching.

Associates a base64-encoded comment with the zignature.

Uses the real function name for matching.

Utilizes graph metrics such as cyclomatic complexity, number of edges, basic blocks, and end blocks.

Matches based on the original offset of the function.

Uses references for matching.

Incorporates cross references into the zignature.

Employs hashing of function basic blocks for matching.

Matches based on variables and arguments.

Each metric allows for a nuanced approach to identifying and comparing functions across binaries, enabling more accurate and comprehensive analysis.

The z command in radare2 is versatile, offering various functionalities through its subcommands. Here are five usage examples:

z
Displays all zignatures currently loaded in radare2.

z.
Searches for and displays zignatures that match at the current offset in the binary.

z/
Searches and match all signatures loaded against all the analyzed functions in order to give a name to every one.

zo libc.sdb
Loads zignatures from the specified SDB file into the current session.

zaF
Generates zignatures for all identified functions in the binary and adds them to the current session.

zb
Searches for and displays the closest matching zignatures to the function at the current offset, helping identify similar functions across binaries.

These examples showcase the `z` command's ability to manage zignatures efficiently, aiding in the binary analysis process by leveraging the power of zignatures for function identification and comparison.

r2(1), radare2(1)

https://www.radare.org/

pancake <pancake@nopcode.org>

17 Mar 2024 1.0
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.