Solving ‘heap’ from defcon 2014 qualifier with r2

This article will introduce r2 to resolve a simple CTF from Defcon ’14 using Linux. For those who do not know radare2 is a unix-like reverse engineering framework and commandline tools and the most important thing about it is that it is open source thus we can play with it.

Radare2 gives us the possibility to do reverse engineering and more by free as we will look on this post though we are not going too deeply into the commands. I leave it as an exercise for the reader.

Most people complain about the lack of doc that r2 has but that is far from the truth. Radare has:

  • Open source Book in which anyone can contribute.
  • Talks.
  • Asciinema showing usage examples.
  • If you append ? in each command in r2’s console you will get a little help.
  • There is a blog.
  • IRC channel on #radare.
  • Last but not least we have the source code.

[Read more…]