4.4.0 Codename: pangolin

Release Notes

Version: 4.4.0
Previous: 4.3.1
Commits: 328
Contributors: 41

Highlights

• Replace shellscript, nodejs and V testsuites with r2r.c which is shipped by default
• Added initial analysis plugins for super-h and tricore
• Fix build and some runtime issues on IBM s390x
• Updated rap:// cleaned up implementation inside RSocket for client and server
• Speedup type linking (300x faster)
• Fixed all the timeouts and crashes from bins/fuzz
• Add support for retpoline switch table analysis (spectre/meltdown)
  • Fix #16418 - Implement blind main detection on endbr+mov files
• Add commands to emulate a basic block or the whole path until reaching an address
• Fix support for the latest GLIBC for heap parsing
• Improved automatic function signature association for the imports
  • Fixed afs command to show proper footprint
  • Add support for typedef and added NSString type on darwin binaries
  • Fixed all the t subcommands to print all types as C
• Improved visual class browser and the visual bit editor
• ragg2 now allows to change the path of the shellcode to run
• Graph visualization is now faster
• Use RPVector for io->maps - speedup map traversal (overall speedup)
• Lots of code cleanup and refactorings reducing memory usage and performance
• DEX loading is now 2x faster
• Fix assembler: MOV for x86 and LDR for arm64
• Improved the bin loader to support iOS 13.4 dyldcache files
• Improved support for ObjC IVAR fields loading them as C structs
• Add improved icc subcommands to print as classes as C, ObjC or Java
• Automated Emscripten (JS/WASM) builds in CI
• Fixed static build by defining a new file naming policy
• Default installation path with sys/install.sh is now always /usr/local
  • Previous installations in /usr will be purged
• Only check for major and minor version numbers when loading plugins

More details

Authors

• Alexis Ehret alexis.ehret@epita.fr
• Anton Kochkov xvilka@gmail.com
• Aung Khant Ko aungkhantko@protonmail.com
• David CARLIER devnexen@gmail.com
• Disconnect3d dominik.b.czarnota@gmail.com
• Florian Märkl info@florianmaerkl.de
• Francesco Tamagni mrmacete@protonmail.ch
• Frédéric Tobias Christ 26125115+frederictobiasc@users.noreply.github.com
• HoundThe cgkajm@gmail.com
• Itay Cohen itaycohen23@gmail.com
• Khairul Azhar Kasmiran kazarmy@gmail.com
• Khairul Kasmiran kazarmy@gmail.com
• Khairulmizam Samsudin xource@gmail.com
• Liumeo liumeo@pku.edu.cn
• Lowly Worm cutlassc91@gmail.com
• Maijin maijin@reverseshade.com
• NIRMAL MANOJ C nimmumanoj@gmail.com
• Paul I pelijah@users.noreply.github.com
• Riccardo Schirone sirmy15@gmail.com
• Rikard Falkeborn rikard.falkeborn@gmail.com
• Rishi Bhatt bhattrishi8@gmail.com
• Robin robin@codeinject.org
• Sergey Alirzaev zl29ah@gmail.com
• Sylvain Pelissier sylvain.pelissier@gmail.com
• Tigre000 minjk1213@gmail.com
• Zi Fan zifan.tan@gmail.com
• aar0nge 624945656@qq.com
• curly bhattrishi8@gmail.com
• davidpolverari david.polverari@gmail.com
• gur111 gur111@users.noreply.github.com
• karliss karlis3p70l1ij@gmail.com
• kuqadk3 kuqadk3@gmail.com
• luke-goddard 56234834+luke-goddard@users.noreply.github.com
• mdolmen mathieu.dolmen@gmail.com
• pancake pancake@nopcode.org
• philoinovsky 30727682+philoinovsky@users.noreply.github.com
• yossizap yossizap@gmail.com
• Óscar Carrasco oxcabe@gmail.com

Changes

anal

• Add initial SuperH and Tricore analysis plugins
• Added option to search all vtables
• Fix infinite loop in aae - check if address is valid
• If possible use symbol name instead of entry name for function name (#16528)
• makes the local variable access detection work on arm64
• Fix asserts when trying to use a unexistant or wrong analysis plugin
• Minor Fixes for XRefs counting (#16546) 
• Fix #16413 - Analyze code refs spotted with aae
• Implement x86 anal.jmp.retpoline switch tables (spectre/meltdown)
• Tweak arm64 ldr ESIL for var access
• Add opaddr field in ab/abj output
• Improve noreturn and aesu times, show it in afi & afij
• Fix dup af+ removing function from hts (#16526)
• Fix #16308 - Add fcn arg in r_core_anal_propagate_noreturn to avoid O(n) in af
• Fix ao~bytes and add test
• Improve aef by skipping calls and improving the logic
• Improve aeg command and add aaef as an alias for aef@@@f
• Fix #16225 - Remove the unused fcn_locs causing an UAF
• Implement Shortest Path between BBs and add tests for abt (#16200)
• Implement aesB command to step until the given basic block
• Implement afsj command to get the JSON definition of the function signature
• Add acvf command and devirtualizing vtable method calls (#16157)
• Implement aeb command to emulate a basic block (#16174)
• Guess a better name for functions when multiple flags point there

asm

• Fix #16433 - Use MOV opcode B8+ for MOV r64, <0x80000000 to 0xffffffff> #16572
• Fix #16433 - Support movabs for x86_64's MOV r64, imm64 (#16527)
• x86_64: Use MOV opcode C7 for MOV r64, -<1 to 0x80000000> (#16551)
• Fix arm64 branch assemble (#16205) 
• Support asm.cpu for Tricore architecture (#16161)

bin

• Fix infinite loop in macho commands parser (#16562)
• Fix heap overflow in the relocs ELF parser
• Improve COFF symbol info (#16523)
• Fix crash issue induced by an integer overflow in the mach0 parser
• Fix #16455 - iij asserts for ld-uclibc with a null import
• • Fix asserts in iij for ld-uclibc with a null import
• Add rust lang support to iD command (#16490)
• Fix #16418 - Implement blind main detection on endbr+mov files
• Fix COFF symbols/imports info (#16446)
• When computing ELF relocations, use DYNAMIC segment if available (#16419)
• Make dyldcache accelerator info optional
• • Make dyldcache accelerator info optional
• Do not use r_buf_data in DEX results in 1.5x faster parsing (22s vs 33s)
• Implement icc*, in sync with ic* to get C strcuts from mach0 classes into r2
• Add mach0 class fields with padding and sorted by offset
• WIP: Improve ObjC's IVAR fields support
• Fix #16265 - Segfault in rabin2 -O e/123 with ELF
• Fix memory leak in RBin. NE relocations
• This allows to open dyld cache files from iOS 13.4 for which
• Idea for fixing id? and idp? etc commands (#16244)
• Fix PE endian and alignment issues spotted by ASAN
• Strip minuses from the hash names for sha256 PE signatures (#16156)
• Fix heap overflow in the relocs ELF parser
• Fix crash issue induced by an integer overflow in the mach0 parser
• Fix #16455 - iij asserts for ld-uclibc with a null import
• Make dyldcache accelerator info optional
• Fix memory leak in RBin. NE relocations
• Fix PE endian and alignment issues spotted by ASAN

build

• Fix Build on NetBSD (#16520)
• Update SDB
• Make msbuild quieter (#16482)
• Create more GitHub Actions jobs for meson and gcc/clang
• Build fixes to make emscripten builds happy (#16406)
• Avoid duplicated module filenames to fix static.sh
• Rename util/diff.c to udiff.c to avoid libr.a collission
• Build *.deb packages only for master branch (#16320)
• Run sys/static in the Debian task
• Fix #9240 - sys/install.sh uses always /usr/local + rpath now

core

• Remove asm.linesup (#16293)
• Fix wen command for io.va=true, add two tests
• Fix #16281 - Do not load system-wide plugins twice
• Only check for major and minor version numbers when loading plugins
• Add cmd: acvf [offset] ([class name])
• Add r2 -NN to not load plugins
• Always use r_getopt, do not depend on libc (not just on windows)
• Use r_core_cmd_lines() for -c (#16290)
• Use @{} instead of @() and fix this modifier
• Implement @v: value modifier, like @x: but with endian and size
• Fix #15978 - segfault when using r2pipe webserver + local visual (#16508)
  • Makes r2 interop more stable

debug

• Fix tcache address and offset in print_tcache_instance()
• Fix dmht for glibc caused by wrong tcache offset and definition (#16247)
• Fix tcache_perthread_struct definition
• Test dmha/dmh for glibc x64 (#16307)
• Fix #16432 - openbsd fork+attach EBUSY issue
• Decouple shlr/gdb registers profile from code (#16312)
• Minor fix to get dmh to work with riomap (#16286)
• Detect glibc version and set dbg.glibc.tcache accordingly (#16255)
• Fix chunk listing with tcache and add test (#16239)
• Fix #16219 - Add $DB variable for dbg.baddr
• Add tests for rebasing in debug
• Fix debug rebase regressions
• Clean drx/drt/drp help message (#16203)

diff

• Fix print string in radiff -qu (#16212)

disasm

• Show realnames on function's signature when enabled
• Fix #16263 - Do not newline after showing switch cases

egg

• Fix shellcode path customization (#16384)

graph

• Optimize r_anal_get_bbaddr() to make graph navigation faster

io

• Fix #16210 - Show error message and update help for we
• Fix #14371 - Make wfs paired with wts, rename wfs to wfx
• Use RPVector for io->maps - speedup map traversal
• Fix #16347: o+ sets maps as writable like oo+ (#16381)

json

• Fix #16233 - ~{} works on colorized JSONs
• • Fix #16233 - ~{} works on colorized JSONs
• Use pj in zj (#16321)
• Use pj in ilj
• Add pj_ad api to print raw data

lang

• Update support for V in libr/lang

ports

• Fix #16109 - Add R_SYS_ARCH for s390x

print

• Fix #16394 - Make pm [file] work again
• • Fix #16394 - Make pm [file] work again
• Implement hex.offset config variable to hide address column from hex-dump (#16373)

refactor

• Initial r_anal_fcn_* purge (#16238) 

reg

• Make r_reg_get_list() search harder (#16202)

search

• /ad/ in /bin/ls ate 9 extra MB that was never freed
• Fix memory leak in /ad/ using r_regex api wrongly
• Fix #16327 - Search in range with io.va=false
• Add LZMA-BE magic signatures
• Display correct lengths for cryptography search commands (#16262)

socket

• Initial refactoring of the rap:// protocol (-75 LOC)
• Fix socket connection issue (#16218)

test

• Fix all the crashes and timeouts in the fuzz tests
  • Related to aav, aae, aa,
• Move test/new/* into test/
• Add interactive mode to r2r (#16466)
• Format some missed tests
• R2R for Windows (#16410)
• Add Timeout to R2R.c (#16371)
• Enable R2R in C for all CI except Windows (#16354)
• Initial support for test categories and fix the windows build
• r2r new flags: -n to not run -v for version, add manpage
• Delete the r2r.v and use r2r.c
• Autodetect dbdir in r2r.c (#16365)
• Add ic + icc* tests for objc
• R2R in C Enhancements (#16310)
• Initial Implementation of R2R in C (#16216)

tests

• Move test/new/* into test/
• Format some missed tests
• r2r new flags: -n to not run -v for version, add manpage
• Add ic + icc* tests for objc

tools

• Fix #16389 - r2r -qv and r2 -v to show version and quiet versions (#16472)

types

• Fix #13677 - Add txt command and make txf accept an argument
• Fix empty struct and add test (#16408)
• Fix tp and tpx to accept types with spaces
• Implement tc* and fix tc glitch
• Add NSString and size_t types in tcc+r2
• Optimize 'tl', r_core_link_stroff and r_type_link_at (0.01s vs 3s)
• Use the proper API to find function in tl
• Add R_TYPE_TYPEDEF to RTypeKind (#16243)
• Enhance the way imports are processed in r_anal_function_get_signature
• Implement tpv command and some random code cleannup
• Fix afs not showing signatures correctly with preloaded sdb types
• Fix afs not showing types and args

util

• Implement r_table_uniq as API and query (#16385)
• r_buffer: do not move seek when using _at APIs (#16401)
• Make r_str_split_duplist() thread-safe (#16341)
• Remove r_str_rmch and simplify r_str_replace_char*
• Add pj_ko and pj_ka APIs

visual

• Add anal classes to "Vb" (#16383)
• Fix cursor visibility after leaving visual graph (#16298)
• Visual bit editor now shows bits up and down
• Add VdN (afs!) to edit function signature with cfg.editor