Downloads:
796
Downloads of v 0.4.0:
56
Last Update:
21 Jul 2022
Package Maintainer(s):
Software Author(s):
- Rizin Organization
Tags:
rizin debugging security reverse-engineering program-analysis exploitation- Software Specific:
- Software Site
- Software Source
- Software License
- Software Docs
- Software Issues
- Package Specific:
- Package Source
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download
Rizin
This is not the latest version of Rizin available.
- 1
- 2
- 3
0.4.0 | Updated: 21 Jul 2022
- Software Specific:
- Software Site
- Software Source
- Software License
- Software Docs
- Software Issues
- Package Specific:
- Package Source
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download
Downloads:
796
Downloads of v 0.4.0:
56
Maintainer(s):
Software Author(s):
- Rizin Organization
Rizin 0.4.0
This is not the latest version of Rizin available.
- 1
- 2
- 3
Some Checks Have Failed or Are Not Yet Complete
Not All Tests Have Passed
Deployment Method: Individual Install, Upgrade, & Uninstall
To install Rizin, run the following command from the command line or from PowerShell:
To upgrade Rizin, run the following command from the command line or from PowerShell:
To uninstall Rizin, run the following command from the command line or from PowerShell:
Deployment Method:
This applies to both open source and commercial editions of Chocolatey.
1. Enter Your Internal Repository Url
(this should look similar to https://community.chocolatey.org/api/v2/)
2. Setup Your Environment
1. Ensure you are set for organizational deployment
Please see the organizational deployment guide
2. Get the package into your environment
Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)-
Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
- You can also just download the package and push it to a repository Download
-
Open Source
-
Download the package:
Download - Follow manual internalization instructions
-
-
Package Internalizer (C4B)
-
Run: (additional options)
choco download rizin --internalize --version=0.4.0 --source=https://community.chocolatey.org/api/v2/
-
For package and dependencies run:
choco push --source="'INTERNAL REPO URL'"
- Automate package internalization
-
Run: (additional options)
3. Copy Your Script
choco upgrade rizin -y --source="'INTERNAL REPO URL'" --version="'0.4.0'" [other options]
See options you can pass to upgrade.
See best practices for scripting.
Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.
If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:
choco upgrade rizin -y --source="'INTERNAL REPO URL'" --version="'0.4.0'"
$exitCode = $LASTEXITCODE
Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
Exit 0
}
Exit $exitCode
- name: Install rizin
win_chocolatey:
name: rizin
version: '0.4.0'
source: INTERNAL REPO URL
state: present
See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.
chocolatey_package 'rizin' do
action :install
source 'INTERNAL REPO URL'
version '0.4.0'
end
See docs at https://docs.chef.io/resource_chocolatey_package.html.
cChocoPackageInstaller rizin
{
Name = "rizin"
Version = "0.4.0"
Source = "INTERNAL REPO URL"
}
Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.
package { 'rizin':
ensure => '0.4.0',
provider => 'chocolatey',
source => 'INTERNAL REPO URL',
}
Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.
4. If applicable - Chocolatey configuration/installation
See infrastructure management matrix for Chocolatey configuration elements and examples.
Private CDN cached downloads available for licensed customers. Never experience 404 breakages again! Learn more...
This package was approved by moderator TheCakeIsNaOH on 10 Aug 2022.
Rizin
Rizin is a fork of the radare2 reverse engineering framework with a focus on
usability, working features and code cleanliness.
Rizin is portable and it can be used to analyze binaries, disassemble code,
debug programs, as a forensics tool, as a scriptable command-line hexadecimal
editor able to open disk files, and much more!
To learn more on Rizin you may want to read the
official Rizin book.
Supported features
Supported Architectures
i386, x86-64, ARM, MIPS, PowerPC, SPARC, RISC-V, SH, m68k, m680x, AVR,
XAP, System Z, XCore, CR16, HPPA, ARC, Blackfin, Z80, H8/300, V810,
V850, CRIS, XAP, PIC, LM32, 8051, 6502, i4004, i8080, Propeller,
Tricore, CHIP-8, LH5801, T8200, GameBoy, SNES, SPC700, MSP430, Xtensa,
NIOS II, Java, Dalvik, WebAssembly, MSIL, EBC, TMS320 (c54x, c55x,
c55+, c66), Hexagon, Brainfuck, Malbolge, whitespace, DCPU16, LANAI,
MCORE, mcs96, RSP, SuperH-4, VAX, AMD Am29000.
Supported File Formats
ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI,
Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable,
ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump),
WASM (WebAssembly binary), Commodore VICE emulator, QNX,
Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs.
Scripting
We provide a way to interact with Rizin from Python, Haskell, OCaml,
Ruby, Rust, and Go languages through rzpipe.
Other languages although not currently supported could be easily added.
Community
Our website and blog: https://www.rizin.re/
Join our Mattermost community to discuss Rizin, its
development, and general topics related to the project.
We also provide the following partial bridges to other messaging platforms:
Log in or click on link to see number of positives.
- rizin.0.4.0.nupkg (d30e30a72586) - ## / 62
- rizin_installer-v0.4.0-x86_64.exe (b6ee42207aa5) - ## / 62
- rizin_installer-v0.4.0-x86.exe (de561f05766b) - ## / 66
In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).
Chocolatey Pro provides runtime protection from possible malware.
Add to Builder | Version | Downloads | Last Updated | Status |
---|---|---|---|---|
Rizin 0.4.1 | 257 | Monday, September 12, 2022 | Approved | |
Rizin 0.4.0 | 56 | Thursday, July 21, 2022 | Approved | |
rizin 0.3.1 | 128 | Saturday, November 27, 2021 | Approved | |
rizin 0.3.0 | 98 | Saturday, September 25, 2021 | Approved | |
rizin 0.2.1 | 89 | Wednesday, August 25, 2021 | Approved | |
rizin 0.1.0 | 160 | Saturday, January 23, 2021 | Approved |
2021-2022 rizin Rizin Organization
Here we are again with a new release of Rizin, v0.4.0. We are still in the v0.y.z realm, but we are getting closer and closer to what we can consider our first stable release v1.0.0, with fully working projects and a uniform shell experience. In the meantime, we are moving forward with several side projects that we hope you will enjoy and that will help your reverse engineering experience, like automatic signature detection, FLIRT signatures creation, firmware base address computation, a new Intermediate Language (RzIL) and more.
As usual, keep reading for more insights and let us know of any bugs you find or improvements you would like to see in future versions.
New
- FLIRT files can be used to apply analysis information gathered from one binary to another one, allowing the reverse engineer to more easily recognize library functions or standard functions that are usually not binary specific. Rizin can now create such FLIRT files (both in
.pat
and.sig
extensions), which can be later applied to other Rizin sessions or even opened directly by IDA.
$ rizin -A -qc "zfc /tmp/curl.sig" curl-example-dbg
704 FLIRT signatures were written in '/tmp/curl.sig'
$ rz-sign -aa -o /tmp/curl.pat curl-example-dbg
rz-sign: written 704 signatures to /tmp/curl.pat.
- Signature files (e.g.
.sig
) can be placed in the installation prefix to form a library that Rizin automatically uses while analyzing a binary, in order to find known functions and ease the reversing process.
$ rizin -A curl-example
[x] Applied 5 FLIRT signatures via sigdb
- Automatic golang function and string recovery for x86/x64/PowerPC/MIPS/ARM/RISC-V.
$ rizin -A example-go-1.18-stripped
[x] Found go 1.18 pclntab data.
[x] Recovered 4794 symbols and saved them at sym.go.*
[x] Analyze all flags starting with sym.go. (aF @@f:sym.go.*)
[x] Analyze all instructions to recover all strings used in sym.go.*
[x] Recovered 3448 strings from the sym.go.* functions.
A new Intermediate Language RzIL has been introduced in Rizin, primarily intended for representing the semantics of machine code and designed as a clone of BAP's Core Theory. It is going to replace ESIL in the future, even though they will both live within Rizin for the time being. ARM32, ARM64, AVR, and 6502 assemblies can already be lifted to RzIL, allowing you to emulate code without running it. Some of the reasons that moved us away from ESIL are: its lack of typing, for example it was hard to discern accesses of different signs, sizes, and bool from integer; its hard to read string representation; being all string-based without a real structure.
As many reverse engineers are familiar with the concept of SMT (Satisfiability Modulo Theories), RzIL should be familiar as well. In essence, it's a superset of SMT Bitvectors theory plus SMT Arrays (Bitvector-indexed arrays of Bitvectors to represent memory), and Effects (to represent side effects, like jump or branch). Thus, main core concept that was added in Rizin is the algebra of bitvectors, with corresponding functions in RzUtil. Moreover, the readable representation of RzIL was added, in a form of S-expressions:
$ rz-asm -a arm -b 32 -d 1233a0e1
lsl r3, r2, r3
$ rz-asm -a arm -b 32 -I 1233a0e1
(set r3 (<< (var r2) (cast 8 false (var r3)) false))
- Sometimes when reverse engineering a firmware you get just a raw binary, without any structured file format (e.g. ELF). Finding the base address where the raw data is supposed to be run from is often a tedius process. We now try to automate the identification of few possible candidates addresses through the new
B
command.
$ rizin -e log.level=3 -qc B stm32f103-dapboot-v1.20-bluepill.bin
INFO: basefind: located 7 strings
INFO: basefind: located 1459 pointers
score candidate
-----------------
4 0x08000000
1 0x79ca6000
Improvements
- Improved analysis on DEX files, especially on cross-references to imports.
- GPL code can be now disabled via
-Duse_gpl=false
- rz-diff
-H
option now supports infinite scrolling when binary diffing. - Improved accuracy of the strings search and EBCDIC encoding support.
- Significant improvement of the Hexagon disassembly and analysis.
Extras
- FLIRT signature database is the database generated from rizinorg/sigdb-source, used as a library of signatures that can be automatically recognized in the binaries you analyze. It can be installed via the meson option
-Dinstall_sigdb=true
while installing Rizin from source or added later viae flirt.sigdb.path=path/to/sigdb
. - rz-libyara is now available as RzCore plugin for parsing and creating yara rules.
- rz-libdemangle is our extracted library providing APIs to demangle symbols for various languages. It currently supports C++, Rust, Swift, Java, MSVC and ObjC. C++ and Rust are under GPL license and they can be compiled out if necessary. As a standalone library it can be used by any other project, so try it out if you need it!
- Official Apple swift demangler is now available as RzDemangler plugin.
- rz-retdec Retdec decompiler plugin for Rizin
- rz-libmc7 Siemens Simatic S7 bytecode dissassembler
- rz-tracetest a testing tool for the correctness of RzIL lifters, which compares executions of instructions from a real trace against the result of executing the same instructions in the RzIL VM. This is a very important piece to ensure that our RzIL lifters produce good results.
Build
- fix versions of the Rizin libraries so that patch releases do not require a recompilation of dependent programs
- completely switch to Meson subprojects and removal of
shlr
directory - add
-Wimplicit-fallthrough=3
compiler flag by default when supported - add option to download and install sigdb together with Rizin
RzUtil
- Fixes the portable build so that themes and other resources are loaded when the whole portable installation directory is moved
- Several fixes, cleaning API, adding documentation to existing API
- Removal of various unused functions and general cleanup of the library.
- Add RzBitVector API, extensively used in RzIL
- Add new type of RzBuffer based on RzIO
- String types, structures and search has been refactored to unify its usages across RzUtil, RzAnalysis and RzCore.
RzType
- Fix printing of several types
- Add API for pretty printing of types and reuse it whenever possible
- Parse comments in types definitions
- Fix self-referential typedefs parsing
- Separate variadic argument in a different grammar token
- Improve error message when types are redefined
RzSignature
- FLIRT
.pat
files are now parsed and applied viazfs
- FLIRT
.sig
and.pat
files can now be created viazfc
. - rz-sign has been rewritten to create, dump and convert (in both ways)
.pat
and.sig
FLIRT files. - Fixed endianness issues on FLIRT
.sig
files. - Support for FLIRT signature database which is now applied in the analysis step or manually via
aaF
(useaaFl
to list the database signatures) - rz_sign is now a standalone library.
RzIO
- Add
shm://
support on Android and Windows - Partial support for loading all files included in
.a/.lib
archive files - Fix opening of multi-dex files with proper base address
- Several improvements and fixes to WinKD, WinDBG and DMP plugins
RzHash
RSA-MD
licensed code has been replaced withLGPL
implementation.- Small refactoring to fix some null dereference bugs when openssl is used.
RzDemangler
- New library to demangle symbol names in various languages, extensible by plugins
- By default uses libdemangle for
C++
,Rust
,Swift
,Java
,MSVC
,Obj-C
RzDebug
- Add support for coredump generation on NetBSD and FreeBSD
- Add support for file descriptors listing on NetBSD
- Add serialization functionality for breakpoints, so they can be saved/restored to/from projects
- Fix signal handling on NetBSD
- Several fixes and improvements for WinDBG, WinKD, DMP plugins
- Add support for Windows on ARM
- Add support for debugging DMP files
- Add unit tests for software breakpoints
- Add support for getting backtraces from a Windows Kernel Dump for x64
RzCrypto
- Replaced
MS-PL
AES code withLGPL
implementation from Nettle. - Fixed various endianness issues on some algorithms.
- Rewrite of ESIL implementation of
DES <k>
opcode for AVR arch.
RzCons
- Fix bug on Windows when
e scr.vtmode=1
- Fix visual panels mode on Windows, which was not restoring terminal mode correctly
- Fixes 'ctrl+arrow and 'alt+arrow key' in the shell
- Fix console settings after
rizin -
on Linux - Add durian color theme based on summerfruit.vim
- Remove editor features
- Remove global variables
- Retain prompt when exiting using ^D
RzBreakpoint
- Add serialization of breakpoints
- Add unit tests for software breakpoints
- Make dcu fail on failed bp instead of blindly continuing
- Make breakpoint size respect address-specific bits
RzBin
DEX
- Implement vfiles to support relocations on dex binaries
- Resolved big bottleneck which improved parsing performances
- Added support for imports resolved by direct_methods via super calls
PE/PDB/DMP
- Rewrite PDB parser
- Small fixes and improvements to PE parser
- Add Triage Dump (Minidump) parsing support for dmp64 bin plugin
ELF/DWARF
- Still refactoring of the ELF plugin
- Fix some relocations in ARM, Hexagon, PowerPC (including big endian) and related patching.
- Fix
main()
retrieval of/bin/ls
binary on Fedora 35/36 - Several bug fixes in DWARF
Mach-O
- Refactor Mach-O relocations patching and convert to RzBinVirtualFile
- Refactor bin_xnu_kernelcache to use RzBinVirtualFile
- Add Support For dyld4 Atlas-style Shared Library Caches
- Add support for DYLD_CHAINED_PTR_64_OFFSET (#1996)
- Add support for DYLD_CHAINED_PTR_ARM64E_USERLAND24 (#2197)
- Fix CVE-2022-1240 and CVE-2022-1244
Others
- Rewrite bFLT plugin
- Identify
.bf
extension as brainfuck if the content is not recognized otherwise - Add support for SH, MIPS and ARM to the COFF format
- Fix several format parsing on big endian platforms
- Fix memory leaks in the way SDB was used within RzBin
- Fix vaddr/paddr when doing string scanning
- Add API to convert paddr/vaddr based on binary info only
- Recover Golang symbols for 1.2/1.16/1.18+ when the right sections are found in the binary
RzAsm/RzAnalysis
- Fixed RzAnalysisOp info returned on PowerPC and RISC-V archs.
- Improved dalvik analysis when move-exception appears after a gotos or return or mid-opcode jump.
- Improved dalvik analysis by resolving jumps via invoke-xxx/range
- Added missing Python magic values for new python versions.
- Improved Hexagon to support compact struct conversion.
- Implemented golang string recovery for x86/x64/PowerPC/MIPS/ARM/RISC-V.
- Refactoring RzAnalysis (like removal of
cb_printf()
from RzAnalysis, usage of-Wimplicit-fallthrough
, etc..) - Refactor ARM analysis to handle 4-byte IT-opcodes
- Reduced registers shown in the output of
dr
andVpp
when analysing an ARM64 bin - Remove
analysis.endsize
config variable, improving the analysis results of several binaries, where functions were not properly analyzed due to conditional jumps only having one following basic block instead of two. - Separation of fpu and gpr in arm64 reg profile
- Fix infinite loop if first case of switch table points to same block
- Fix integer overflow and excessive memory usage in jump table analysis
RzShell
aa
,af
,ar
,av
,ax
,ah
,ac
,a8
,aO
,ao
,an
,ab
,as
,b
,c
,db
,do
,ds
,dt
,dl
,dr
,g
,o
,y
,ec
,f
,i
,C
,pc
,pd
,pm
,psW
,r
,w
commands and subcommands were converted to RzShell- several
ae
subcommands were converted to RzShell B
commands for base-address computation were added..(
command was added to call a macro multiple times with arguments takenn
at a time.zfc
has been added to create FLIRT signature filesdex<se>
has been added to visualize dex class information, like you can do withjava<cfimpsr>
command for java classes.0x
command was removed in favour ofs 0x....
- shell commands were grouped under
shell?
(e.g.echo
,cat
,ls
,rm
, etc.)
Full Changelog: v0.3.4...v0.4.0
This package has no dependencies.
Ground Rules:
- This discussion is only about Rizin and the Rizin package. If you have feedback for Chocolatey, please contact the Google Group.
- This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
- The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
- Tell us what you love about the package or Rizin, or tell us what needs improvement.
- Share your experiences with the package, or extra configuration or gotchas that you've found.
- If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.