Writing a file with radare2 `w`?
Reverse Engineering Asked by I Support The Boycott on June 21, 2021
Radare2 supports a w which writes a string.
w foobar write string 'foobar'
However, it doesn’t seem to work for me,
$ touch foo
$ radare2 ./foo
w foobar
The file foo remains empty. Am I supposed to flush or save?
3 Answers
TLDR
radare2opens a file inread-only modeby default. (see the manualr2 -hfor further information.)- to allow writing to a file, start radare2 in
write mode(r2 -w file). - when in a
read-only sessionalready,oo+will re-open the file inwritemode. - the
cache mode(e io.cache=true) mimics writing access but changes in radare2 are not actually written to disk.
Write Mode - Example
- Open the file
fooinwrite mode:$ r2 -w foo
- Print 32 bytes (with
px 32):[0x00000000]> px 32 - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0x00000000 ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x00000010 ffff ffff ffff ffff ffff ffff ffff ffff ................
Note: The first 32 bytes (and the rest of the file) are empty.
Let's write "Hello World!" into the file:
[0x00000000]> w Hello World!And print the 32 bytes again:
[0x00000000]> px 32 - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0x00000000 4865 6c6c 6f20 576f 726c 6421 ffff ffff Hello World!.... 0x00000010 ffff ffff ffff ffff ffff ffff ffff ffff ................
Great! Now we can see that "Hello World!" is written to the file.
- Let's quit radare2 and
catthe file to see the content:[0x00000000]> q$ cat foo Hello World!
Cache Mode - Example
- Open the file
fooin write mode:$ r2 foo - Print the first 32 bytes@
[0x00000000]> px 32 - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0x00000000 4865 6c6c 6f20 576f 726c 6421 ffff ffff Hello World!.... 0x00000010 ffff ffff ffff ffff ffff ffff ffff ffff ................ - Activate 'cache mode`:
[0x00000000]> e io.cache=true - Make some changes in radare2:
[0x00000000]> w Goodbyte World! :) - Proof that radare2 mimicked writing as if in
write mode:[0x00000000]> px 32 - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0x00000000 476f 6f64 6279 7465 2057 6f72 6c64 2120 Goodbyte World! 0x00000010 3a29 ffff ffff ffff ffff ffff ffff ffff :).............. - Quit radare2:
[0x00000000]> q - Examine actual file contents:
Note: The file didn't change! That's the effect of$ cat foo Hello World!cache mode.
Correct answer by Megabeets on June 21, 2021
Just to update @Megabeets answer.
When you start with an empty file (created by touch), the w command will not work by default even if the r2 will be started in write mode. The missing information is, in that case, the mapping
[0x00000000]> om
[0x00000000]
Returns an empty result. Apart from listing, the om command can also be used to create the mapping:
Usage: om[-] [arg] # map opened files
| om list all defined IO maps
...
| om fd vaddr [size] [paddr] [rwx] [name] create new io map
...
In order to do the mapping, one needs to specify (for example) the following command
[0x00000000]> om 3 0x0 12
[0x00000000]> om
1 fd: 3 +0x00000000 0x00000000 - 0x0000000b rwx
That will create, for the file description 3, a 12 bytes in size mapping starting from an address 0x0.
After that w will work:
[0x00000000]> w Hello world!
[0x00000000]> px 32
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
0x00000000 4865 6c6c 6f20 776f 726c 6421 ffff ffff Hello world!....
0x00000010 ffff ffff ffff ffff ffff ffff ffff ffff ................
[0x00000000]>
Answered by Paweł Łukasik on June 21, 2021
Create an input/output mapping to allow writing to a non-mapped file
To allow writing up to 64 byte starting at offset 0x00000000, map changes in radare2 to file descriptor 3 (the file opened in radare2).
[0x00000000]> om 3 0x0 64
[0x00000000]> om
1 fd: 3 +0x00000000 0x00000000 - 0x0000000b rwx
Explanation
An empty file (as created by touch) has no input/output mappings (even when opened with in write mode).
To confirm no region has been mapped, you can list all defined IO maps with the radare2-command om.)
To create an i/o-mapping use om with parameters:
om fd vaddr [size] [paddr] [rwx] [name] create new io map
Example
radare2 -w test_file -- What has been executed cannot be unexecuted [0x00000000]> w This won't be written anywhere, because no mapping exists. [0x00000000]> om [0x00000000]> om 3 0 64 [0x00000000]> om 1 fd: 3 +0x00000000 0x00000000 - 0x0000003f rwx [0x00000000]> w Hello World! [0x00000000]> V
Answered by Semnodime on June 21, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?
Recent Answers
- Jon Church on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Peter Machado on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Joshua Engel on Why fry rice before boiling?