Convert Figma logo to code with AI

rizinorg logorizin

UNIX-like reverse engineering framework and command-line toolset.

2,681
361
2,681
448

Top Related Projects

20,547

UNIX-like reverse engineering framework and command-line toolset

15,995

Clone this repo to build Frida

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

51,154

Ghidra is a software reverse engineering (SRE) framework

7,537

A powerful and user-friendly binary analysis platform!

Quick Overview

Rizin is an open-source reverse engineering framework and command-line toolset. It provides a set of libraries, tools, and plugins for analyzing binary files, disassembling code, and performing various reverse engineering tasks. Rizin is a fork of the radare2 project, aiming to improve upon its foundation.

Pros

  • Comprehensive set of reverse engineering tools and features
  • Highly extensible through plugins and scripting capabilities
  • Active development and community support
  • Cross-platform compatibility (Linux, macOS, Windows, and more)

Cons

  • Steep learning curve for beginners
  • Command-line interface may be intimidating for some users
  • Documentation can be inconsistent or outdated in some areas
  • Performance may be slower compared to some commercial alternatives

Code Examples

# Example 1: Basic analysis of a binary file
import r2pipe

r2 = r2pipe.open("./binary")
r2.cmd("aaa")  # Analyze all
print(r2.cmd("afl"))  # List functions
# Example 2: Disassemble a specific function
import r2pipe

r2 = r2pipe.open("./binary")
r2.cmd("s main")  # Seek to main function
print(r2.cmd("pdf"))  # Print disassembly of function
# Example 3: Search for specific byte patterns
import r2pipe

r2 = r2pipe.open("./binary")
print(r2.cmd("/x 90909090"))  # Search for NOP sled

Getting Started

To get started with Rizin, follow these steps:

  1. Install Rizin:

    git clone https://github.com/rizinorg/rizin
    cd rizin
    sys/install.sh
    
  2. Open a binary file:

    rizin /path/to/binary
    
  3. Analyze the binary:

    [0x00000000]> aaa
    
  4. Explore commands:

    [0x00000000]> ?
    

For more detailed information and usage examples, refer to the official Rizin documentation.

Competitor Comparisons

20,547

UNIX-like reverse engineering framework and command-line toolset

Pros of radare2

  • Larger community and longer history, potentially leading to more resources and support
  • More extensive documentation and tutorials available
  • Wider range of plugins and extensions due to its established ecosystem

Cons of radare2

  • Steeper learning curve, especially for newcomers to reverse engineering
  • Less focus on code quality and maintainability compared to Rizin
  • Slower development cycle and issue resolution

Code Comparison

radare2:

RCore *core = r_core_new ();
r_core_cmd (core, "aaa", 0);
r_core_cmd (core, "pdf", 0);
r_core_free (core);

Rizin:

RzCore *core = rz_core_new ();
rz_core_cmd0 (core, "aaa");
rz_core_cmd0 (core, "pdf");
rz_core_free (core);

Both projects share similar API structures, but Rizin uses a slightly different naming convention (e.g., rz_ prefix instead of r_) and has some simplified function calls (e.g., rz_core_cmd0 instead of r_core_cmd).

15,995

Clone this repo to build Frida

Pros of Frida

  • Dynamic instrumentation allows real-time analysis and modification of running processes
  • Cross-platform support for mobile, desktop, and embedded systems
  • Extensive scripting capabilities using JavaScript

Cons of Frida

  • Steeper learning curve for beginners compared to static analysis tools
  • May be detected by anti-tampering mechanisms in some applications
  • Performance overhead when instrumenting complex applications

Code Comparison

Frida (JavaScript):

Java.perform(() => {
  const MainActivity = Java.use('com.example.app.MainActivity');
  MainActivity.secretFunction.implementation = function() {
    console.log('secretFunction called');
    return this.secretFunction();
  };
});

Rizin (Command-line):

> aaa
> afl
> pdf @main
> s sym.secret_function
> pdf

Summary

Frida excels in dynamic analysis and runtime manipulation, offering powerful scripting capabilities across multiple platforms. It's particularly useful for mobile app security testing and reverse engineering. Rizin, on the other hand, focuses on static analysis and provides a more traditional reverse engineering approach with a command-line interface. While Frida allows for real-time modifications, Rizin is better suited for in-depth static analysis of binaries. The choice between the two depends on the specific requirements of the reverse engineering task at hand.

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

Pros of Capstone

  • Lightweight and focused solely on disassembly
  • Supports a wide range of architectures (x86, ARM, MIPS, PowerPC, etc.)
  • Easy to integrate into other projects due to its simple API

Cons of Capstone

  • Limited to disassembly only, lacking advanced analysis features
  • No built-in debugger or emulation capabilities
  • Less comprehensive documentation compared to Rizin

Code Comparison

Capstone (C):

#include <capstone/capstone.h>

csh handle;
cs_insn *insn;
size_t count;

cs_open(CS_ARCH_X86, CS_MODE_64, &handle);
count = cs_disasm(handle, code, code_size, address, 0, &insn);

Rizin (C):

#include <rz_core.h>

RzCore *core = rz_core_new();
rz_core_file_open(core, filename, 0, 0);
rz_core_bin_load(core, filename, 0);
rz_core_cmd0(core, "pd 10");

Both Capstone and Rizin are powerful tools for reverse engineering and binary analysis. Capstone excels in its simplicity and focus on disassembly, making it ideal for integration into other projects. Rizin, on the other hand, offers a more comprehensive suite of analysis tools, including a debugger and emulation capabilities, at the cost of increased complexity.

51,154

Ghidra is a software reverse engineering (SRE) framework

Pros of Ghidra

  • More comprehensive decompiler with support for multiple architectures
  • Extensive GUI with advanced visualization features
  • Backed by NSA resources, potentially leading to more frequent updates

Cons of Ghidra

  • Larger resource footprint, slower startup time
  • Steeper learning curve for beginners
  • Java-based, which may not be preferred by some users

Code Comparison

Rizin (command-line interface):

r2 -A binary
[0x00000000]> pdf @ main

Ghidra (Java API example):

Program program = ProjectUtilities.openProgram(project, binary);
Function mainFunction = program.getFunctionManager().getFunctionAt(program.getAddressFactory().getAddress("main"));
DecompInterface decompInterface = new DecompInterface();
DecompileResults results = decompInterface.decompileFunction(mainFunction, 30, monitor);

Both tools offer powerful reverse engineering capabilities, but they cater to different user preferences. Rizin is lightweight, scriptable, and ideal for quick analysis, while Ghidra provides a more comprehensive suite of tools with a focus on visual representation and advanced decompilation. The choice between them often depends on the specific requirements of the reverse engineering task and the user's familiarity with each tool's ecosystem.

7,537

A powerful and user-friendly binary analysis platform!

Pros of angr

  • More comprehensive symbolic execution and program analysis capabilities
  • Extensive Python API for custom analysis scripts and automation
  • Supports a wider range of architectures and file formats

Cons of angr

  • Steeper learning curve due to complex API and concepts
  • Higher resource consumption, especially for large binaries
  • Less intuitive for quick, interactive binary analysis tasks

Code Comparison

angr example (Python):

import angr
proj = angr.Project('binary')
state = proj.factory.entry_state()
simgr = proj.factory.simulation_manager(state)
simgr.explore(find=0x400000)

rizin example (rizin shell):

r2 binary
aaa
s main
pdf

Summary

angr excels in advanced program analysis and symbolic execution, offering a powerful Python API for automation. It's ideal for complex reverse engineering tasks and vulnerability research. rizin, on the other hand, provides a more interactive and lightweight approach to binary analysis, making it better suited for quick inspections and manual reverse engineering. While angr offers more comprehensive analysis capabilities, it comes with a steeper learning curve and higher resource requirements. rizin is more accessible for beginners and faster for simple tasks, but may lack some of the advanced features found in angr.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Rizin logo

Rizin

Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.

Rizin is portable and it can be used to analyze binaries, disassemble code, debug programs, as a forensic tool, as a scriptable command-line hexadecimal editor able to open disk files, and much more!

To learn more on Rizin you may want to read the official Rizin book.

How to install

Look at install instructions on our web page.

How to build

Use meson to compile and install Rizin. Please make sure to get an updated meson (e.g. get it with pip install meson if your system does not provide one that is at least version 0.55.0).

Clone this repository:

$ git clone https://github.com/rizinorg/rizin

Then compile and install with:

$ meson setup build
$ meson compile -C build
$ sudo meson install -C build

Now you can use rizin:

$ rizin
 -- Thank you for using rizin. Have a nice night!
[0x00000000]>

To uninstall rizin, execute sudo ninja -C build uninstall.

Please have a look at BUILDING.md for more information about building Rizin.

Contributing

We very much welcome any kind of contributions, from typos, to documentation, to refactoring, up to completely new features you may think of. Before contributing, we would like you to read the file CONTRIBUTING.md, so that we can all be on the same page.

Tests

Look at test/README.md.

Supported features

Supported Operating Systems

Windows 7 and higher, Apple macOS/iOS/iPadOS, GNU/Linux, [Dragonfly|Net|Free|Open]BSD, Android, QNX, Solaris/Illumos, Haiku, GNU/Darwin, GNU/Hurd.

Supported Architectures

i386, x86-64, ARM/ARM64, RISC-V, PowerPC, MIPS, AVR, SPARC, System Z (S390), SuperH, m68k, m680x, XAP, XCore, CR16, HPPA, ARC, Blackfin, Z80, H8/300, Renesas (V810, V850, RL78), CRIS, XAP, PIC, LM32, 8051, 6502, i4004, i8080, Propeller, Tricore, CHIP-8, LH5801, T8200, GameBoy, SNES, SPC700, MSP430, Xtensa, NIOS II, TMS320 (c54x, c55x, c55+, c64x), Hexagon, DCPU16, LANAI, MCORE, mcs96, RSP, C-SKY(MCore), VAX, AMD Am29000.

There is also support for the following bytecode formats:

Dalvik, EBC, Java, Lua, Python, WebAssembly, Brainfuck, Malbolge

Supported File Formats

ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, NE, LE, LX, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, ELF, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), DMP (Windows pagedump), WASM (WebAssembly binary), Commodore VICE emulator, QNX, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs.

Tools

Apart from the main tool rizin, there are also other tools tailored for specific purposes and useful for shell scripting or as separate standalone tools:

  • rz-bin - provides all kind of information about binary formats
  • rz-asm - a command-line assembler and disassemblers
  • rz-diff - a tool to compare two binaries as raw data or analyzed executables
  • rz-hash - allows to calculate different hashes or even encrypt data
  • rz-gg - a small "eggs" code generator useful for exploitation purposes
  • rz-find - binary analog of find tool, allowing to search patterns and bit masks
  • rz-sign - tool to create, convert and parse FLIRT signatures
  • rz-ax - a calculator and number format converter
  • rz-run - a tool that allows to specify running environment and arguments for debugged file

Scripting

We provide a way to interact with Rizin from Python, Haskell, OCaml, Ruby, Rust, and Go languages through rzpipe. Other languages although not currently supported could be easily added.

Community

Our website and blog: https://www.rizin.re/

Join our Mattermost community to discuss Rizin, its development, and general topics related to the project.

We also provide the following partial bridges to other messaging platforms: