10 rzeczy których mogłeś nie wiedzieć o Radare2

I think we have everything set up. Sorry for the problems. Before we start, I will try to show something. If someone can't see the letters on the top, I invite you. There are a few places in the front. I don't know if I will be able to. I haven't sent the demo to the gods, so maybe not. But we'll see. The left part of the screen is not visible. It won't be that important, maybe. More in the middle, so it's visible. But we'll see, we'll be in the laundry. I'm glad that you came to the radar session. I guess Kamil didn't scare you with the number of errors he found during the phase of this project. And I hope you'll find out something interesting about

this tool, if you didn't know yet. A few words about me. I'm here for the first time and I'm in the group where everyone hangs dogs, i.e. programmers. I will say that I only put the Stacktrace exception logs above it and I know what SQL injection is. So, when it comes to context, it's about me. For you, the link that is most important will be the one that is related to what I will be talking about here, where I publish my considerations or analysis I'm not a professional, so my point of view is that I'm not a hobbyist, I'm not a person who sits around for 8 hours a day and does the same thing. so

I definitely have a different perspective. If someone is interested in software, especially dotnet stuff, because that's what I'm mainly doing, I also have a blog where I describe dotnet stuff. If someone wants to listen to me, although I don't know if my voice is super attractive, I also recently recorded a podcast, Ostra Piła, where we talk not only about technical topics, but also soft topics related to software, so I invite you, if someone likes the podcast, they can listen to it. And you can find me on Twitter. Recently mainly there, so if anyone wants to know something or ask, I invite you. Okay, so that it's not just about me, but about Radar, so yes, topic: 10 things you might not know about Radar 2.

Things won't be sorted according to any priority, importance or any other sorting topology. Just things that I thought could be interesting and that you might not know about. So, the first thing is that radar exists here. Has anyone heard of such a tool as Radar2? Although it's not a fair question, because someone has found out that such tools exist. So I commented on it with a meme, because of course Okay, everyone knew that the radar exists. But what's interesting is that it exists for quite a long time. And I'll be honest, when I saw when the project started, I was shocked that I hadn't heard about this tool before. Does anyone know when the project started?

I have stickers if anyone wants. Okay, but for the answer. Does anyone know when the radar project started? There are two dates, I'll take two dates. Just don't do brute force like with this date with Adam, I guess. No. He is not that old. He was 10 years old recently. But it took quite a while. I didn't expect such a date to appear. In 2006 the project started, but in 2009 it was rewritten. That's why I said I can consider two dates as correct. If you look at GitHub, where this project is located, the first commit is from February 2009. So this can also be considered the first date. So if you don't know and you found out, you can take

a sticker after the session. You will know that Radar exists after the session. I didn't give the point that I needed 10 to make it even, but I think that I found out by accident that this project exists. Maybe not in a shock, but I was positively surprised by the possibilities of this tool. Okay, two. Radar2 is a support for many platforms. I know it may seem a bit strange, but as I said, I'm a person who does it hobbyistically, and I would say amateurly, and I don't have a pro idea. So for people who use IDA Pro every day, the fact that there are many platforms is not very interesting because they have it every day. But for me, IDA Free, of

course, I always wanted to do something with 64-bit files, but it was like "Sorry, but go buy a full version because we don't support it in the demo version". So for me it was... very good, because more and more often these 64-bit files appeared on the CTFs or other situations and I couldn't use Aida because unfortunately the free version didn't have such an option. Unfortunately, as I do it professionally, I didn't like to pay such money for a license. Maybe someday when I go into the profession, maybe I'll recruit so many companies here, maybe someone will recruit me. I may have an idea for it, but I don't have one at the moment. That's why Radar supports a lot of

platforms. I didn't check if it supports all of them. I probably do some marketing, because it's their website. So I have to be on the front page and have all the green ones. Otherwise it wouldn't be good. But as I use it, I didn't have any problems with any platforms. I didn't have any problems with support of some very obscure platforms. And that's cool, because we can have one tool that, once we learn it, will allow us to work with many files. I also copied some architecture or some debugger that Radar supports. As we can see, there is a lot of it and they are constantly adding new ones. If there is such a need, the project is actively developing and new ones are

coming. As Kamil said, the bugs have been fixed and I have a version with them. If you have any questions, you can ask them. Let's move on. Radar2 is an ecosystem. If you hear about Radar2, you probably know There is talk about a debugger, but this is true, but often incomplete. There are many tools that are part of this package. Some of these tools are less known, some are more known, but it is worth not forgetting about it. It is worth remembering that it is not only the tool that you are using to run R2, but there are a few others. I've already mentioned a few of them, so we have a tool called RASM. I'll skip these two.

It's a simple assembler-disassembler. If you need to change the mnemonics to hexes in some architecture, you can do it. On the other hand, you also have a tool here, together with the package. You don't have to look for it or try to do it in any other way. You can directly start it from the console and do it. We have some examples, you can choose architecture, so all the ones it supports, you can also do it in these architectures. So it's pretty cool, because it's not just the x86 or 64-bit, but even the java bytecodes were supported. They have been supporting my platform, dotnet, but they withdrew for various reasons from the support. We also have a Rabin,

which you can see a bit off at the bottom, but it's an extractor, so if we need to extract something from a bin, like here I'm extracting an entry point, we can use this simple tool. We don't have to search for it in other tools, we just have it in the package with the radar. We have Radiff, which was mentioned yesterday, maybe not in super positive words. I agree, because it will find some binary differences. But Bintiff was mentioned, it is much better. But we also have something that if we didn't have anything else on the system, we can use it. It will detect some differences in bytes, you can also try it. to display as an

opcode, not just some dry hexes. If someone doesn't have a translator in their eyes, they can display it as an opcode. It works. I wrote it down so that it would be for the fact that I don't use it and I tried to turn it on on my Mac and it didn't work. It's a language that looks like C, but it's a bit... We see some sort of stacks, we declare other weird miracles. But it is supposedly, at least from the definition, transferable. So we write some code in this high-level, RAE language and we can compile it. Although I don't know who would want to do it. Honestly, I won't be here to look for something that I think is a bit pointless. So

I think it's not. It's more for the I don't know, maybe for spam? I don't use it. What else do we have? Rax, a converter. If someone doesn't have a calculator, they can convert binary numbers into hexes in the console. There is. There is. Rarun, let's say, I have a very large I have high expectations, but I haven't used this tool yet. I've written a nice definition here, a launcher that allows us to define certain system parameters and with these changes, for example, start a crack. We don't have to introduce these modifications on our own system, we just do it with the help of RARUN. and our application will work with the system settings. I haven't used it yet, I don't

have the need for it, I don't fully understand all the elements that are connected to it, but there is something like that and you can use it. RAH hash - if someone likes hashes and needs to count, you can run it. It's cool that you can write different algorithms and get the result right away, and not just one. Raffind - as it suggests, we can find some patterns in binary files. In fact, not only binary files, but in files. That was a quick overview. These tools are there and they're OK. If someone needs them, they can use them. The best tool for this, and not really a tool, is the airpipe. I'll stop here for a bit longer. It's really

cool and I use it a lot. Airpipe is a connector that allows you to get to the radar from other languages of programming. I use it a lot in Python, when I need to solve a crack or something like that. It allows you to from Python level, to program radars. And it's cool, because when I've done this analysis and I need to automate something, for example, to do 31 steps, Of course, I could also add some commands in Radar, which are made when breakpoint is caught. But in Python it's much more convenient. You can see it's quite obvious what's happening here. I don't know if I should explain it at all, but I normally connect to binar, I

run it, here's a beautiful do command, with a fake flag, I set breakpoints, and then in the loop, I do DC, which is continue, so I run the application. If it works, then if I did it right, and I know it's right, then I'll be in this place, this breakpoint will pop up. So if the command goes through, it doesn't matter how long the application will run, it will be at this point. So then I know that in the DL register I have another flag sign, so I can just read it off, so in Radar you read registers, so DR. with a question mark, I read it out, I add it to the flag. Then, to let the program know that I've typed in the correct one, because it's

not A, it clears EAX, so that the next loop rotation would go, otherwise the application would just fail. And thanks to this simple script, it gets a full flag, because of course, after the output, this flag will have exactly the flag that would actually be needed for the application to go through the whole cycle. So, as I said, R2Pipe is not really an app, because it doesn't have its own equivalent. I won't show it in the console. But it's a cool tool and I think it's worth getting to know. As far as I know, there's a Python version, as you can see, and there's also Ruby. Maybe there are other versions, but I don't know.

I mainly use Python, it works pretty well. I didn't encounter any problems. Maybe I'm spitting too much on the screen, I don't know if it can be controlled so that the radars don't show up on the screen, that it's connected to the DLL. It's probably possible, but it wasn't a problem that I had to change it. Because, as you know, this is an application that I will run three times and then it will go to the drawer, but it doesn't bother me that there are some messages. But if more things were happening, it might be problematic. So I recommend R2Pipe. The fourth point. In fact, Radar2 is not just text. In fact, text should be in quotation marks, because it's basically just text, but not

just text. And we have, if you haven't seen it, besides text, we have a graphic mode. I will show you the console in a moment. We have nice blocks here. Radar can draw them by dividing the code into jumps and coli. It's easier to understand. As we can see, the code is a bit hard to understand. Even though we have these arrows, it's much more convenient here. But as I said, not only the graphic mode, because we have another mode. We have the window mode. It's something like soft-ice, if anyone remembers it. It was also text-based and had such windows. So here we have some late 90s drawings, Turbo Pascal had windows like that. There

was a lot of blue, but now there's a lot of black. But there are windows like that and it's useful for debugging. If we have debugging, it's a bit worse in this mode. Here it's a bit easier because we have disassembly, we have some registers, we have some stack. These windows can be configured somehow. So it's much easier to use this mode than the first one. There is also an idea, which was a shock for me. There is a project called Cutter. It has changed its name recently, because it was called differently before. It was included in the whole Radar2 brand. It looks pretty good. Something I could even use. But there's a disclaimer on the website to

not use it because it's bugged and they've just put it under themselves. I mean, developers of Radar. And they want to pull it under somehow. But it's more for people who don't know Radar at all and would like to use it, but the keyboard is burning them in their fingers. You can click with mouse. I wanted to install it to show you. Unfortunately I don't have enough space to install Qt, because it needed 30GB from me. Unfortunately I don't have enough space. But maybe I will manage to do it. But it's cool. We have main disassembly, call graph, some nice charts. So if you want, you can install it, but don't be afraid at the beginning. Let's try this demo. I'll try to show

you how these modes look like. I'll try to show you how these modes look like. I hope you can see everything better here. If you can't see anything, then say it. I'll try not to write with one hand. I don't have a chair. But I'd like to sit down. Thanks. I've got it. I feel like I'm playing an instrument. Okay, it's too low. As always, the more "A" you give, the more analysis you'll get. People laugh at this, that if you do too little "a" and something doesn't work, add one more. But generally, he will do some kind of initial analysis, I don't want to go into "analyze" either, but I wanted to show you these modes. And as I said, double

"v", or maybe let's do it like this, first "v", here we have a mode that shows the listing, I hope you can see it, can you see it from the back? OK, someone nodded their head. We have a listing in the form of continuous. As I said, these arrows appear on the left side. However, when there are a little more of them, it becomes a little more complicated to handle. That's why, as I said, we have the same idea again. If V is too small, we give 2V and it will be much better because we have blocks. We have blocks and we have transitions that, as I said, here is also a bit of a You can't see much on the screen, but that's because I have 22 fonts

set up so that you can see it from the back. If there is a smaller font, it is more meaningful because it is all smaller. However, the blocks are cool, you can get a little more of the flow of the application. We have some jumps, we have a path for true, we have a path for false, so it's cool. We also have windows, soft-size windows, menu, file, edit view tools everything that the soul desires. So, as I said, this is more a debug mode, but not necessarily, because I like to debug in this flow of code. But here we have some additional things that we can configure. We have these registers, we have some stack that shows us

something, so it can be useful sometimes. I won't show IDE, because as I said, I didn't manage to install it. But as I said, I'm saying this for the fact that there is an IDE, because maybe someone will want to. Okay, the fifth one. Looking for ROPs. If you need to write some exploits, you can use Radar to look for some gadgets in Retro-oriented programming, because it also has such functionality. Why not? I'll try to leave this chair here, but I'll try standing. Here we have... You can't see everything, but... You can see, but not see. We can look for some gadgets, like PopRax, and it will find all the gadgets that contain this instruction. The best part is that we can also enter some

regular expressions, so we can enter Pop, R, DX, RCX, Rax, and we want to have a Jareta at the end and then he will find us something. Maybe we will try to do something like that. I will try without sitting down. I think I have to put it in the list of the other one, because there is not much of it. So we have /r, which is for looking for ROPs. If you were lost in Radar and didn't know what to use, it's a question mark. And everywhere, well, not everywhere, but in many places, the question mark just prints help. and if you see the unfortunate R, you can give a question mark and it will write it out. Same with A. What does A do? We don't

know, but if we write A and a question mark, we have all of them. What does 2A do? We don't know. And we have 3A. We can see what 3A does. And so on. C, same thing, so there's some kind of bad luck here. However, this question mark is useful because it's a tool very well-oriented for using the keyboard, very well-oriented for using sometimes non-intuitive 3 or 4-letter shortcuts. Luckily, there is a help function that helps. But I'm done talking, so let's try to find the oil. If I'm not mistaken, we want some pop. It's probably 64-bit. Let's try some Rax and RET. I didn't find it. Maybe there's no one in this one. Oh, here we

found something. We found some gadgets. They are a bit long, but some of them are useful. But if you want to control it, you can do it with E, you can modify system parameters, radar, and we have a section called "ROP". If we add a tab, we have "LEN", so we can enter that we only want to use two-part gadgets, two instructions. If I search, I will find only two-element gadgets. Sometimes we need a specific length. Not that the more the better, but for the purpose. It's cool because you don't have to write your own software, you don't have to use something else to search for these oils. We can use Radar. Why not? What do we have next? We

have a sixth. Radar is an emulation. I've just found out that you don't have to debug with radar. You can emulate what's happening in your code. There's a flag "emu=1" and then your code will have a lot of comments. You can't see it here either, so I'll go to... Maybe I won't get out of it at all. Let's try it. So, let me show you a magical analysis. We'll go to some methods and see the code. So, we have some comments. I don't know if I had too many, I don't know if I had them turned on. One hand is not good. But we can turn on emulation, emu = 1. And now the radar will try to... You can't see much here, but there is, for

example, in the second line, there is EAX equal to something. Then we have some EIP here. I'll try to show you something here. Especially with jumps, it tries to assess whether a given jump has a jump possibility. And, for example, it writes that it's likely or not likely. So it tries to understand what's going on and tell you: "OK, with this analysis, it seems that this jump will not be made". So we don't have to, if we have some malware or whatever, or even we have a Linux DLL, so I won't even start it here, We don't have to debug to see it, we can try to make radar analyze it and show us additional comments, which, of course, as it is a machine, can be

wrong. We still have to try to interpret it in our own way, whether it makes sense or not. But it's definitely a step forward to keep doing it. It's definitely much easier when we have a start, than when we have to start from scratch. Maybe by the time when there's a harder part of the analysis, everything will be fine, and we'll have to start from that point. Some of the work is already done, some of it is maybe even the most boring, because there are some trivial things that we don't want to do, like yesterday at the session, that when we apply some signatures and some of the methods are already recognized, then half of the work is ready. We don't have to do that. So you can emulate

with Radar. And it's not only the support platforms that are supported there, but also you can expand, which I will tell you in a moment, how it can be done. However, there is also the possibility of expanding Some things can be misunderstood, some things can be misunderstood incorrectly, so we can influence it. We have it in the sources, if we use the sources, we can change it as much as possible. Any questions? Oh, we have it, I'm going on. Okay, number seven. We're getting into features that are not necessarily useful. As you saw, Radar draws all the blocks. So someone came up with an idea: "Hey, we have these blocks, why not share them as Radar functions?" And in some committee they shared them

and we can just draw. We can... So again, we have a list of methods we can use to define the question. And we have AGN at the bottom. So if we write "security" and I will do the letters, then nothing will happen. But if we write, for example, Nothing will happen. We need edge, right? A-G-E. We define edge. Unfortunately, it's a bit bad here, because we need to enter these labels. So I think I would need some fix here. Maybe some shorter identifiers. Or I don't know if it's possible. Tap? Unfortunately. You know what, it would be difficult, but... It's a bad programmer, isn't it? Ah, okay, okay, okay. I see, I see, I see. Okay, because it wouldn't connect. And the whole

demo would go... Demo is very spectacular, because if we type in "agg" we get a graph. You can't see it, because it's cut off. The trusted third party cut the graph. But you can define such graphs. My example is pointless, because I don't know who would want to do something like that to show that it's possible. But I see some kind of application and in general, okay, there is such functionality in Radar that these blocks are drawn. As I say, here it is, in fact, full graphs must be implemented, because we can connect them in reverse and it shows that it is such a loop, so you can do something like that. Maybe it will be useful for someone. I don't have a bigger one right

now, but there are some blocks. Besides it's nice to use them to visualize code, but we have it by default, by double V. If someone has a nice application, let them know, it will be a sticker. OK, blocks. I couldn't put these screens here, because you can't see anything. Can you see anything on this screen? So we have an answer. Eight. Packet manager. It was a mind-blow for me, but now everyone has to have a package manager. Every tool, some yarn, whatever. Too many package managers. But it's cool, I'll tell you. As I said, you can expand the radar not only by playing with the code, but also by writing the extension. It's probably written in C, so you need

to have something in common with the code. But we don't have to cover the whole project of the radar, which is huge. As Kamil said, there are things that sometimes hurt your eyes from looking at it. We can also write a package and expand it. This is cool, because it increases the number of people who can join this project. I have a draft, but I don't know, maybe you can see it. R2PM, Radar to Package Manager, standard init update, and we have a package for mini-dumps. We can analyze dumps, I see Sebastian woke up, as I said the word dump. We can analyze dumps, which is not normally available in Radar. There is no such

functionality, but there is a package that allows it. There are a lot of these packages. Here is a list, so it is scrolled. And for example, I recently, let's say, as I am calling crosses from the middle age, I started playing with Z80, because I had Timex 2048 when I was little. And I was so excited to write something and I wrote some emulator of it. And I saw that Radar has assembler. So I will use it. I already have it installed here, so I won't show you how to install it. But I will show you something else. I will show you that Radar also understands Z80. I just downloaded my repo with ROM to

this machine. And now when I show you the code, I'm trying to analyze it, but as you can see it doesn't make sense. But if we type in architecture z80, it's z80. And this is how ROM looks like, because I remember the DI and the XORs by heart. So it's cool that Radar allows me to do that. And now I can compare whether what I write and analyze there actually looks like this. Because until now, when I didn't know it was like this, I had a manual and I looked at hexes. F3 at the beginning, DI. I thought that there was something to do differently. But I didn't know. And here you can see the radar. It allowed me

to display disassembly in my double hobby projects. And I can compare it with the emulator I created. It looks the same. It looks similar. So I have to say, nice job. As far as my project is concerned. I even got it with this analysis. So you also have, as I said, there are a lot of packages. If you don't type the name after S, it will list everything. Unicorns, SWF, bottles, if someone would use them, you can analyze it. There is some of it. Oh, R2Wars, I have to check it. One more time? Ok, I have it on the slides, so don't let me go ahead. Yes, there is a game, I'll show you in a moment. So, we have a

lot of these packages. Some Lua, Perl, Python. So everyone will find something for themselves. Pcaps? I didn't know. PHP is not there. You can add it, right? There is even something for C#. And it's R2Pipe, I heard that. But it's less about that, because it's not about watching these packages now, but to notice the fact that It's nice that it's expandable and that people create these packages and we can easily to expand the radar, even though its functionality is huge, it's still possible to use these packages to make something that doesn't fit the whole thing. For example, we have a great functionality, but the main developer, Pancake, says no. Well, then, no, no, and we'll make a package.

And maybe it will only be used for us, but we can put it on GitHub. And people can use it. So there are packages and you can use it. Okay, we have a package manager. Okay, number nine. We're almost at the end. Statistics. If someone needs it, Radar also allows because it has to have everything, you can also draw, for example, graphs. I mean, graphs are too much said, because it looks like this. But here, for example, there is a byte analysis of a given value in a given block, probably every 100 bytes. So we can display such statistics here. It's also more like this to understand binary we work with. If it has a lot of zeros or other values, it can tell us something. It

doesn't necessarily have to use It can be used in your example, but it is. If someone had to see the entropy of bytes before they go to analysis, it doesn't have to come out of the radar. It can do it. From what I remember, it is like this. So P equals and we have again. I don't know what it's about, so I open the question mark and I have it. We have print entropy for each file block size. P equals E. I don't know if it should be read like that, but we have it, like in the Entropy. We see that there are some bytes at the top. What did I open? Smoothie, okay. Here we have some zero, a lot

of zeros and some values. There is also a version of Flame, but when it turned on, if someone liked other colors, it's somewhere... Yes, double equals. I don't know, sometimes there is a problem with scrolling. When you look for ropes, you can see how many lines he lists. If you write a weak line, which is very common, he will ask you if you can list 4000 lines. Fortunately, you can reflect and say no. Sometimes you get a list of things and you can't do anything about it. There is entropy, if someone needs it. If someone can't start working without seeing entropy, because they don't know anything, they can use radars to see it. Okay, now

the best part, the fan. This guy, Pancake, is a funny guy, because... Not only the work, but as it was said, it's 2048. The game. So... It's hidden. I mean, hidden. It's been said a lot, hidden. That's why when I was here, I didn't show you everything, because it's hidden here. Shit. If you go to help, you'll see 2048. And it works, it's funny that you can play 2048. I didn't manage to play it yet. But I think I have too little motivation. But it works. If someone got bored with analyzing and would like to go and relax, reset, so to speak, then they can do it again, without leaving the radar. Combine for all sins.

Maybe I'll succeed here? No, it would take too long. But you know, it can't be a regular 2048, because here you have a power of two, which corresponds to the value displayed. And of course, standard Vim arrows work too. I used to use arrows, of course, because I never got to Vim. But it works. 2048, I say, if anyone wanted, it can play, it doesn't have to reverse. And it's also good, as long as it uses radars. Here I have a drop-off, but I've already shown it to you. There is Clippy. If someone was missing Office, he has Clippy. Here, too, damn, you can't see anything on these slides. I have to go in. Yeah, go out. Clippy, the e-mail sign is turned on

and it's not actually described, so maybe it's a hidden one. Damn, it's hard to write one by one. Okay, there's Clippy. He'll tell you what you need to tell him. I just found out that my changer puts a tilde on the console. I wanted laser. We have the text, Clippy, beautiful, one to one, from Word. And why am I telling you this? It's not that you play or use Clippy, but... Okay, I'll tell you. These are easter eggs in Radar. And as I said, this guy is funny because he throws things like this on the occasion of normal commits. For example, he got bored and decided how many lines he needed to write 2048. And somewhere during the session he

talks about how many lines he needed. but these easter eggs are hidden, they are not as visible as in 2048, when I entered the menu. Only when someone discovers that such an easter egg exists, he will reveal it and it will be available for the average death-victims. That's why I encourage you to check out his commits, because you can find interesting things, like 2048 or Clippy. I also say that it's fun, I don't know if it's intentional, but there are I don't know if I can swear on stream, but "Oh my fucking god" is a real RADAR2 command. There are a few commands that are known acronyms, like "What the fuck" - "Write to file"

which in this case even works, I mean, the abbreviation fits. There are a few others that I don't quite understand, that's why I didn't include them. But there is also a thread on GitHub, where you can propose other things. I proposed iDDQD from DOOM, but I don't know... What would it fit into? Of course, it's not a problem to come up with a shortcut, but it's a problem to have a reasonable functionality or function encoded. So WTF is the most suitable. If you need write to file, you can easily remember. So not all radar commands are difficult to remember. Some are very simple. One is easy. And a lot of A's. The more A's, the better the analysis. That's the

basic rule. As I said, I've already mentioned that there are easter eggs. So if you look at his committees, you can find something. Apparently, there's one now, because he said it during his session. It's possible that it's not yet discovered, so you can check out some of the committees in the background and if someone finds it, I think you can write to him. He's a very open person and communicative. Maybe a benefit, maybe a sticker, although you can also get a sticker from him. I have 11, so I definitely didn't miss those points, not because I chose the first one, because there's a lot more. I chose 10, but you could change a lot of things, because

it's a really big company. I didn't change things like reverse debugger. It has reverse debugger functionality. I don't know how to change it. I don't know if you know it. If you have some kind of app, you can go backwards. And you can play the app as if you were going backwards. We also have a DGB remote protocol. DGB has its own communication protocol. If we want to debug through remote, radar supports it. So you can send it from the DGB server and use radar to analyze it. We have QR codes. It's funny because you can generate a QR code. from 10 or so bytes of our application and present it as a QR code.

Then scan it with your phone and get those bytes. It might be useful to someone, but I don't know, I don't see any use for it. I thought about sending those bytes, because I have a QR code and it encodes it. Instead of base64, I could have a QR code for it. I'm only mentioning three of them, there's a lot of them. And we could talk for hours about Radar 2. However, the message is that despite the bugs that Kamil mentioned, the entry threshold is really big, just like Veeam. Once you get to a certain level, it's fine. But the initial stage is difficult. This is where the question mark comes in handy. If you add a document, you get help.

And even if you don't know which letter to start with, just give a question mark and you'll be shown the instructions. So even though the entry threshold is big, it's not hard to get help. What's next? How to look for information? An additional slide if someone would like to get interested in Radar2. They have a blog. They don't blog often, but you can find some cool stuff there. Some new stuff is also there. There is Radar2Book. On GitHub there is a project called Radar2Book, which you can contribute if you want, which introduces Radar to the world. from the installation to the description of the tools I mentioned, to some basic commands. But this is also a

starting point, not a complete book of how to use this tool. Of course, as I said, it's open source, you can make a pull request and add information there. GitHub issues. Let's face it, there are some bugs, especially if you want to use the radar on Windows. I think it's the least effective part of the project. There are a few basic bugs that some things just cut off. I recently found in the latest version, I don't know if it was the latest, that you can't attach to PID. I had an app that worked, I wanted to attach to it to debug, but then a mistake occurred. Unfortunately, there are mistakes, but fortunately they are fixed. Kamil said it during his session, that two days and there's a

new version on GitHub that has fixed the mistake. Although my mistake has been waiting for 12 days, for some interest. Maybe it's extremely difficult. Stack Overflow, Stack Exchange. There is no problem with not copying, as Jarek said in his session. We don't copy code, but some instructions, so we usually format disks or something like that. But it won't work for production. And there's a conference, Radar to Con, and if you like regex, there was an edition 2016 and 2017. Oh, that's bad. There should be square brackets. A sticker. Who said that? There are a lot of cool sessions. There was one session where I was just motivated. Pancake was talking about hidden stickers. I don't know if I should call it stickers, but there

are hidden things in Radar, like this game or clips. And it also says about the easter eggs that the newest one is not yet discovered, so if someone does, let them know. Ok, so that's it. Here is the biggest password that can help you with working with the radar. Use the radar from GIT, because as I said, you will start today, tomorrow there will be a new commit, you will get this new commit with new things, with improved bugs and with new bugs, so... So it happens. Usually they correct it. There are no new mistakes. There are, for sure. There is no problem with such a project. Radar from Git, I recommend it. When I was at Kamil's session, he made some mistakes, and then I started compiling in

the hotel and I have the version with the mistakes fixed. That's all I wanted to say. If there are any questions, I don't know if I have time. I think I have time. Let's start with the questions from the network. First question: Jarosław Górny informed us that the clip is described. And now the first question from the user XY: What will happen to the project when Catalonia announces independence? The second question: Foxtrot Charlie: Does Radar 2 support symbolic execution? Yes, when it comes to Catalonia, I don't know. From what I've heard, the guy is Spanish, so I don't know what will happen, what problems will be there. The advantage is that it's on GitHub, so as soon as possible, make a fork repo

and keep it on your own account. As for the symbolic execution, I have no idea. If I needed a symbolic execution somewhere, I used these external tools, I don't remember the names, but I don't know. I have to find out, so I'll write it down and FoxRothCharlie will get an answer on Twitter. Any more questions from the network? I have a question, Paweł, can you hear me? Yes, I can. I have a question, does a radar session support loading several binaries at once? For example, the main binaries of some dependency, so that you can analyze them simultaneously? Good question, I don't know, there are certainly projects, so you can record your session to the project file, to open it later, so that you don't have

to do the same work from the beginning. But I have no idea how many binaries there are. Okay, and is there a maximum size of the binary that you use or can you try it? You know what, try it. With the ones I've analyzed, I didn't expect it to be a problem, because they were smaller. Okay, thanks. Cool. Here's another one. I think so, because then it will be heard not only for me, but for everyone. You said that someone has an idea to call out these charts. Can I do it now? Yes, yes. Ok, so I have an idea. You showed R2Pipe earlier, so you can draw these charts using R2Pipe. So you can write a script, in which you read all dynamic

libraries, and depending on them you can use R2Pipe to draw graphs. Quite a cool solution. Yes, you can do it. Thanks. Anyone else? If not, then thank you very much. If anyone wants to talk to me on Twitter, or now, I'm still here. Today and tomorrow, at least for the moment, I'm here. Thank you very much.