ragg2

Help

  Usage: ragg2 [-FOLsrxhvz] [-a arch] [-b bits] [-k os] [-o file] [-I path]
   [-i sc] [-e enc] [-B hex] [-c k=v] [-C file] [-p pad] [-q off]
   [-q off] [-dDw off:hex] file|f.asm|-
   -a [arch] select architecture (x86, mips, arm)
   -b [bits] register size (32, 64, ..)
   -B [hexpairs] append some hexpair bytes
   -c [k=v] set configuration options
   -C [file] append contents of file
   -d [off:dword] patch dword (4 bytes) at given offset
   -D [off:qword] patch qword (8 bytes) at given offset
   -e [encoder] use specific encoder. see -L
   -f [format] output format (raw, c, pe, elf, mach0, python, javascript)
   -F output native format (osx=mach0, linux=elf, ..)
   -h show this help
   -i [shellcode] include shellcode plugin, uses options. see -L
   -I [path] add include path
   -k [os] operating system's kernel (linux,bsd,osx,w32)
   -L list all plugins (shellcodes and encoders)
   -n [dword] append 32bit number (4 bytes)
   -N [dword] append 64bit number (8 bytes)
   -o [file] output file
   -O use default output file (filename without extension or a.out)
   -p [padding] add padding after compilation (padding=n10s32)
   ntas : begin nop, trap, 'a', sequence
   NTAS : same as above, but at the end
   -P [size] prepend debruijn pattern
   -q [fragment] debruijn pattern offset
   -r show raw bytes instead of hexpairs
   -s show assembler
   -v show version
   -w [off:hex] patch hexpairs at given offset
   -x execute
   -z output in C string syntax

ragg2 man page

RAGG2(1)                                     BSD General Commands Manual                                     RAGG2(1)

NAME
     ragg2 — radare2 frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.

SYNOPSIS
     ragg2 [-a arch] [-b bits] [-k kernel] [-f format] [-o file] [-i shellcode] [-I path] [-e encoder] [-B hexpairs]
           [-c k=v] [-C file] [-n num32] [-N num64] [-d off:dword] [-D off:qword] [-w off:hexpair] [-p padding]
           [-P pattern] [-q fragment] [-FOLsrxvhz]

DESCRIPTION
     ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.

     This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and inte‐
     grated with r_asm and r_bin.

     Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file.

     ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code
     can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process.

     ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported.

DIRECTIVES
     The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments
     defined as lines starting with '#'.

     -a arch     set architecture x86, arm

     -b bits     32 or 64

     -k kernel   windows, linux or osx

     -f format   select binary format (pe, elf, mach0)

     -o file     output file to write result of compilation

     -i shellcode
                 specify shellcode name to be used (see -L)

     -e encoder  specify encoder name to be used (see -L)

     -B hexpair  specify shellcode as hexpairs

     -c k=v      set configure option for the shellcode encoder. The argument must be key=value.

     -C file     include contents of file

     -d off:dword
                 Patch final buffer with given dword at specified offset

     -D off:qword
                 Patch final buffer with given qword at specified offset

     -w off:hexpairs
                 Patch final buffer with given hexpairs at specified offset

     -n num32    Append a 32bit number in little endian

     -N num64    Append a 64bit number in little endian

     -p padding  Specify generic paddings with a format string. Use lowercase letters to prefix, and uppercase to
                 suffix, keychars are. 'n' for nop, 't' for trap, 'a' for sequence and 's' for zero.

     -P size     Prepend debruijn sequence of given length.

     -q fragment
                 Output offset of debruijn sequence fragment.

     -F          autodetect native file format (osx=mach0, linux=elf, ..)

     -O          use default output file (filename without extension or a.out)

     -I path     add include path

     -s          show assembler code

     -r          show raw bytes instead of hexpairs

     -x          execute (just-in-time)

     -z          output in C string syntax

EXAMPLE
       $ cat hi.r
       /* hello world in r_egg */
       write@syscall(4); //x64 write@syscall(1);
       exit@syscall(1); //x64 exit@syscall(60);

       main@global(128) {
         .var0 = "hi!\n";
         write(1,.var0, 4);
         exit(0);
       }
       $ ragg2 -O -F hi.r
       $ ./hi
       hi!

       $ cat hi.c
       main() {
         write(1, "Hello0, 6);
         exit(0);
       }
       $ ragg2 hi.c
       $ ./hi.c.bin
       Hello

SEE ALSO
     radare2(1), rahash2(1), rafind2(1), rabin2(1), rafind2(1), radiff2(1), rasm2(1),

AUTHORS
     Written by pancake <pancake@nopcode.org>.

                                                     Sep 30, 2014

Resources

Payloads in C · The Official Radare Blog