Skip to content

Commit

Permalink
Add the initial 'r2frida.1' manpage
Browse files Browse the repository at this point in the history
  • Loading branch information
radare committed Mar 17, 2024
1 parent 2bc2f2e commit 052c30f
Show file tree
Hide file tree
Showing 3 changed files with 156 additions and 1 deletion.
13 changes: 12 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
include config.mk

PREFIX?=/usr/local
R2V=$(VERSION)
R2V?=5.8.4
frida_version=16.2.1
Expand Down Expand Up @@ -325,14 +326,19 @@ user-install:
$(RM) "$(DESTDIR)/$(R2_PLUGDIR)/io_frida.$(SO_EXT)"
cp -f io_frida.$(SO_EXT)* $(DESTDIR)/"$(R2_PLUGDIR)"
cp -f src/r2frida-compile $(DESTDIR)/"$(R2PM_BINDIR)"
-sudo mkdir -p "$(DESTDIR)/$(PREFIX)/share/man/man1"
-sudo cp -f r2frida.1 "$(DESTDIR)/$(PREFIX)/share/man/man1/r2frida.1"

user-uninstall:
$(RM) "$(DESTDIR)/$(R2_PLUGDIR)/io_frida.$(SO_EXT)"
$(RM) "$(DESTDIR)/$(R2PM_BINDIR)/r2frida-compile"
-sudo $(RM) "$(DESTDIR)/$(PREFIX)/share/man/man1/r2frida.1"

user-symstall:
mkdir -p "$(DESTDIR)/$(R2_PLUGDIR)"
ln -fs $(shell pwd)/io_frida.$(SO_EXT)* $(DESTDIR)/"$(R2_PLUGDIR)"
ln -fs $(shell pwd)/io_frida.$(SO_EXT)* "$(DESTDIR)/$(R2_PLUGDIR)"
-sudo mkdir -p "$(DESTDIR)/$(PREFIX)/share/man/man1"
-sudo ln -fs $(shell pwd)/r2frida.1 "$(DESTDIR)/$(PREFIX)/share/man/man1/r2frida.1"

# system wide

Expand All @@ -341,14 +347,19 @@ install:
cp -f io_frida.$(SO_EXT)* $(DESTDIR)/"$(R2_PLUGSYS)"
mkdir -p "$(DESTDIR)/$(R2_BINDIR)"
cp -f src/r2frida-compile $(DESTDIR)/"$(R2_BINDIR)"
mkdir -p "$(DESTDIR)/$(PREFIX)/share/man/man1"
cp -f r2frida.1 $(DESTDIR)/$(PREFIX)/share/man/man1/r2frida.1

symstall:
mkdir -p "$(DESTDIR)/$(R2_PLUGSYS)"
ln -fs $(shell pwd)/io_frida.$(SO_EXT)* $(DESTDIR)/"$(R2_PLUGSYS)"
-mkdir -p "$(DESTDIR)/$(PREFIX)/share/man/man1"
-ln -fs $(shell pwd)/r2frida.1 $(DESTDIR)/$(PREFIX)/share/man/man1/r2frida.1

uninstall:
$(RM) "$(DESTDIR)/$(R2_PLUGSYS)/io_frida.$(SO_EXT)"
$(RM) "$(DESTDIR)/$(R2_BINDIR)/r2frida-compile"
$(RM) "$(DESTDIR)/$(PREFIX)/share/man/man1/r2frida.1"

release:
$(MAKE) android STRIP_SYMBOLS=yes
Expand Down
1 change: 1 addition & 0 deletions config.mk.acr
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
VERSION=@VERSION@
PREFIX=@PREFIX@
R2FRIDA_PRECOMPILED_AGENT=@PRECOMPILED_AGENT@
143 changes: 143 additions & 0 deletions r2frida.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
.TH R2FRIDA 1 "17 March 2024" "version 1.0" "R2FRIDA MANPAGE"

.SH NAME
r2frida \- frida plugin for radare2.

.SH SYNOPSIS
.B r2 frida://[action]/[link]/[device]/[target]

.SH DESCRIPTION
This is a self-contained plugin for radare2 that allows to instrument remote processes using Frida. It combines the comprehensive analysis capabilities of radare2 with the dynamic instrumentation toolkit Frida, enabling the inspection and manipulation of running processes. With r2frida, users can execute scripts in multiple languages, attach to or spawn processes across various environments, and automate tasks using r2pipe.

.SH INSTALLATION
To install r2frida, the recommended method is via r2pm:
.PP
$ r2pm -ci r2frida
.PP
For manual compilation, dependencies include radare2, pkg-config, curl or wget, make, gcc.
.PP
Note that r2frida is self-contained, it will use the Typescript compiler from the Frida SDK and use the frida compiled inside the plugin so you don't need to install Python, Node or Frida in your system to use it.
.PP
r2frida runs on all systems supported by Frida. This is Linux, macOS, Windows, QNX, Android and iOS.

.SH HELP
.PP
Use 'r2 "frida://?"' to get help on the URI format.
.PP
Run the ':?' command inside r2 to enumerate all the r2frida commands (executed and implemented inside the target process's agent)
.PP
.SH USAGE
.B r2 frida://0
Attaches to the pid0 in frida for a special session running locally. This can be used for testing and exploring r2frida commands.
.Pp

.B Launch/Spawn Options/Actions:
.RS
.TP
.B list
Lists processes or apps.
.TP
.B attach
Attaches to a specific process.
.TP
.B spawn
Spawns a new process. Use the ':dc' command to continue the execution of the process.
.TP
.B launch
Spawns and resumes an app or process.
.RE

.SH COMMANDS
The r2frida commands are prefixed with a colon ':'. This is because those commands are implemented in the io plugin itself, so they need to be routed through the selected IO plugin.
.RS
.TP
.B :e
Edit r2frida options.
.TP
.B :i
Get architecture/bits info from the target.
.TP
.B :dt
Trace list of addresses or symbols.
.TP
.B :db
List or place breakpoints.
.TP
.B :dc
Continue breakpoints or resume a spawned process.
.TP
.B :dx
Call target symbol with given args.
.RE
.SH ENVIRONMENT
Those environment variables can modify the behaviour of r2frida, use them with care.
.PP
.nf
R2FRIDA_SCRIPTS_DIR=~/.local/share/radare2/r2frida/scripts
.It
R2FRIDA_SAFE_IO=0|1 # Workaround a Frida bug on Android/thumb
.It
R2FRIDA_DEBUG=0|1 # Used to trace internal r2frida C and JS calls
.It
R2FRIDA_RUNTIME=qjs|v8 # Select the javascript engine to use in the agent side (v8 is default)
.It
R2FRIDA_DEBUG_URI=0|1 # Trace uri parsing code and exit before doing any action
.It
R2FRIDA_COMPILER_DISABLE=0|1 # Disable the new frida typescript compiler (`:. foo.ts`)
.It
R2FRIDA_AGENT_SCRIPT=[file] # path to file of the r2frida agent
.SH CONFIGURATION
.PP
Run the ':e' command to list, read and change all the runtime configuration options of r2frida
.PP
.nf
:e java.wait=false
:e want.swift=false
:e io.safe=false
:e io.volatile=true
:e patch.code=true
:e search.bigendian=false
:e search.in=perm:r--
:e search.from=0x100be8000
:e search.to=0x100bec000
:e search.kwidx=0
:e search.align=0
:e search.quiet=false
:e stalker.event=compile
:e stalker.timeout=300
:e stalker.in=raw
:e hook.backtrace=false
:e hook.verbose=true
:e hook.time=true
:e hook.logs=true
:e hook.output=simple
:e hook.usecmd=
:e file.log=
:e symbols.module=
:e symbols.unredact=true

.SH EXAMPLES
.TP
.B Attach to process
$ r2 frida://attach/usb//12345
.TP
.B Spawn app
$ r2 frida://spawn/usb//appname
.TP
.B List libraries
$ r2 -c ':il' frida://0
.TP
.B Trace fread
$ r2 -c ':dt fread' frida://0
.TP
.B Set breakpoint
$ r2 -c ':db 0x12345678' -c ':dc' frida://0

.SH "SEE ALSO"
https://www.nowsecure.com
.br
https://www.radare.org
.br
https://www.frida.re
.SH AUTHORS
pancake <[email protected]>

0 comments on commit 052c30f

Please sign in to comment.