Authors

Aleksey Kislitsa Alex Bender Anton Kochkov Antoni Viciano Dennis Goodlett Dennis Goodlett Elaine Gibson GustavoLCR Jose Antonio Romero Lazula Mario Haustein Mathieu Dolmen Ole André Vadla Ravnås RHL120 Sergi Àlvarez i Capilla Sylvain Pelissier Wadim Mueller condret freddy gogo2464 kakamaika pancake pancake rax2 rhl120 ypsvlq

Changes

anal

• Initial support for op.family on the v850.np plugin
• Add missing =BP for v850
• Fix crash when doing aac in frida://0 which calls 's $S'
• aav output is now cleaner and less verbose
• Implement native r0 relative references in v850
• Fix oobread bugs in the v850.np plugin
• Add missing status registers on v850.np
• Fix missing calling convention when using asm.arch=*.XXX
• Optimize thumb code analysis (4x faster)
• Fix leak in r_anal_get_gperf_cc
• Honor anal.timeout and better ^C handling in aaaa
• Add missing op types to r_anal_optype_to_string
• Remove RAnalPlugin.jmpmid and use ANAL_ARCHINFO_ALIGN instead
• Add r_anal_is_aligned
• Move VAX disassembler to anal
• Fix invalid basic blocks on switch/jmptbl on arm64
• Use @@@F instead of @@f in aaa - fix deadlock in iaito
• Update to the latest v35arm64
• Use RArchConfig in RReg, Add RReg.hasbits() apis
• Improve boundary oobread checks for anal.8051
• Honor anal.calls in aap
• Kill anal.endsize
• Introduce RAnalPlugin.jmpmid and replace some is_x86
• Fix infinite loop when anal.vars on huge empty basic blocks
• Fix a couple of infinite loops in aav
• Do the whitespace thing that pancake wanted me to do
• Add missing Motorola cpu models for m68k.gnu and m68k.cs
• Honor asm.syntax=att in v850.np and handle more op.type
• Better s390 instruction details
• Remove asm.bf, and move its .opasm to the anal.bf
• Add the RAnal.mnemonics() callback in RAnalBind for the arm.v35
• Remove the asm.arm.v35 and move (and fix) the mnemonics cb
• asm.cpu listing fixes for anal plugins
• Remove duplicated register definitions for AVR
• Move asm.xtensa into anal. fix dupplicated symbols linkage bug
• Fix null derefs in anal.avr plugin and improve defaults
• Fix #19990 - Fix aoml for non-x86 targets and add tests
• Fix #7094 - Add direction information in xrefs
• Add =SN and =R0 to 8051
• Add RAnal.use in RAnalBind to use it from RAsm

analysis

• Implement native r0 relative references in v850
• Optimize thumb code analysis (4x faster)
• Fix #19990 - Fix aoml for non-x86 targets and add tests
• Fix #7094 - Add direction information in xrefs
• Add =SN and =R0 to 8051
• Add RAnal.use in RAnalBind to use it from RAsm

api/abi

• Rename REgg.Cfile to REgg.cfile
• Rename corebind fields to coreb, for consistency with analb, iob
• Use RArchConfig in RPrint
• Expose RAnal.opDirection.toString as a public method
• Make CRBTree.foreach() C++ friendly
• RStr.isTrue/isFalse accept NULL argument now
• Use RLog in RCons
• Introduce r_arch.h. Use RArchConfig in RAnal and improve RRef api

arch

• Support '$' in regprofile offset column
• Move tricore from asm to anal

asm

• Move the asm.ppc.gnu into the anal
• Remove the v850.gnu plugin
• Move the asm.pic into anal.pic
• Support cls, clz for 32 and 64 bit registers in the arm64 assembler
• Move asm.snes into anal.snes
• Fix assembling with the arm.v35 plugin
• Move 8051 test into db/tools/rasm2 and fix null deref in asm
• Support 'msub, madd, mneg, ngc, sbc, asr, ror, cls, clz, rev, rbit, rbit16, rbit32, umulh' in the arm64 assembler
• Initial implementation of shared RAsmConfig
• A little better asm directive parsing
• 8051: handle any mov case for reassembling

assembler

• Support assemble for mul, udiv, sdiv, lsl, lsr, mvn, tst arm64 instructions
• Fix endian issue in binary input for rasm2 and add tests
• Support assemble for add, and, eor arm64 instructions

bin

• Better handling of Wasm Names
• Fix large loading times in macho parser for binsz=-1
• Fix off-by-one bound check in wasm format
• Simplify functions in wasm format
• Fix leak in wasm custom names
• Better formating wasm custom name
• Fix parsing LE and COFF on big endian host
• Fix pyc parsing on big endian machines
• Fix leak in wasm sections
• Add bin.maxsymlen to make this symbol name length limit configurable
• Do not accept symbol names in mach0s larger than 2KB
• Fix wasm section parsing
• Remove global from elf parser
• Fix another race condition in the macho parser
• Remove another static global in the sections cache of objc
• Move the local-global cache into the macho object
• Fix allocation peak in macho property parser
• Expose CLR metadata in ih output instead of messy eprintfs
• Add bin.xtr.xalz plugin using the new loadbuf field
• Remove the bin.xalz plugin as its meant to be io or bin.xtr
• Fix null derefs on partially initialized xtr bin plugins
• Fix main detection in x64 elf, after updating condret's machine
• Use the new RBinInfo.charset in bin.s390
• Add headers, sections, symbols and entrypoints to the bin.s390 plugin
• Initial import of the bin.s390 plugin
• Permit RBin plugins to expose a default charset
• Select 'arm' fatmacho slice on -a arm.v35
• Fix #6647 - check map bounds in the pebble bin loader
• RBinFile size must be ut64, not signed int to open > 2GB files

build

• Use meson's gittap command on make
• Fix #13196 - Honor SHARED in configure-plugins
• windows_heap is included in cmd_debug
• Fix meson build with use_sys_openssl
• Leftover for --disable-threads causing runtime problems
• Use longer names in enum to avoid conflicts with the SerenityOS toolchain
• Deshadow some variables, in progress for the full -Wshadow cleanup
• Make capstone include directories consistent
• Add xtensa for the meson (requested for Windows)
• Honor capstone commit in ci
• Fix for --without-pull not working in install.sh

cons

• Add scr.maxpage to remove the CONS_MAX_USER constant
• Fix r_cons_get_cur_line() on windows
• Add ec bgprompt for a colorful shell and visual prompts
• Fix glitch in scr.html when scr.color=1

core

• Introduce R_LIKELY macros and update sdb
• Fix RCons recursive buffer fill causing iaito memory usage problems
• Initial import of the RThreadChannel API with the ::x command
• Deprecate anal.cpu, just use asm.cpu
• Improve RLog API and usage, document R2_LOG_ vars in r2 -hh

crash

• Fix integer overflow in string search causing oobread
• Fix crash in vtable analysis on UB
• Fix 4 byte oobread in msp430 disassembler
• Fix null deref in macho parser
• Fix oobread in java parser
• Fix oobread crash in java parser
• Revert "Prefer memleak over usaf in io.bank's rbtree bug
• Revert "Properly fix the UAF in r_io_bank_map_add_top
• Fix oobread and null deref in symbols file parser
• Revert "Prefer memleak over usaf in io.bank's rbtree bug
• Revert "Properly fix the UAF in r_io_bank_map_add_top

debug

• Cleanup dbg.trace config vars and better error messages
• Software breakpoints fail on m1, lets just enable hwbp by default
• Add d: to run the cmd callback of the debug plugins
• Fix #19966 - Reset seek in r_debug_execute() to real PC

disasm

• Fix disp[ep] regression for v850.np
• Handle comments from analop.ptr, not only for call ops
• Add a parse plugin for tweaking references to r0
• asm.sub.names requires a flagname of strlen > 4
• Honor asm.syntax=att in asm.arch=s390

doc

• Add ubuntu22, kali, haiku and voidlinux as repology badges
• Update ae?? esil keywords help message
• Update README and add doc/devdebug.md

emu

• Fix st.b and stsr esil for v850
• In the V8xx families the R0 is a WTG register
• Make ESIL TODO messages go thru R_LOG_DEBUG instead

emulation

• Fix st.b and stsr esil for v850
• In the V8xx families the R0 is a WTG register

esil

• Fix invalid shifts on esil emulation
• Initial implementation of the v850 prepare/dispose
• Deprecate ESIL's $r and S2D keywords
• Tiny fixes for the v850.np esil

fs

• Implement my command and fix help messages for m subcommands

hash

• Fix argument ... with mismatched bound [-Warray-parameter=] warnings

io

• Fix potential bug in r_io_nread_at
• Fix the io.rbuf plugin (broken since 2017)
• Add the io.xalz plugin
• Honor io.cache in r_io_is_valid_offset()
• Fix some TODOs in libr/io/io_bank.c
• Revert "Fix use-after-free in iobank rbtree usage
• Fix map boundary adjustment in r_io_map_add and r_io_map_add_bottom

io"

• Revert "Fix use-after-free in iobank rbtree usage

json

• Initial support for JSON help messages
• pdrj: change JSON output, group instructions by basic blocks

lang

• Find python3, python2 and python in PATH on #!python

print

• Implement ax, to list xrefs using RTable
• Improve ascii art output of pfb
• Initial implementation of pfb, binary formatting
• Use wx+ instead of wx;s+16 in pc* command

projects

• Create a struct for rvc state
• Fix ax\x00 glitch causing projects to be noisy
• Pc without argument uses prj.name if defined
• Save and restore the register values
• Add P* and P! to dump script and run shell in project dir
• What's bool stays bool, makes eval changes more consistent
• Fix serializing macros (* using ; instead of ,
• Fix #20040 - invalid char bug in afl* when function names contain ';'
• Dont save dir. variables in project scripts
• Make P command follow the r2 philosophy for consistency
• P+ is now an alias for Ps for consistency with P-
• Dirty anal on user comments

r2pipe

• Fix #19606 - Dont route the RCore.cmdstr() when there's a redirection >

refactor

• Move mcore into anal
• Move asm.s390* into anal.s390* and fix aod when not using asm plugins

refactoring

• Move mcore into anal

search

• Implement search.in=flag

shell

• Implement gLj and Lgj for listing egg plugins in JSON
• Implement Llj and #!?j for rlang plugin listing
• Implement Lpj for #19982
• Implement Lmj and mLj to list r_fs plugins loaded
• Implement Lij, Ltj and Lhj (via the new phj)
• Implement LDj command to list decompilers installed in json
• Fix bug when loading an r2 script with '.'
• Don't ignore invalid subcommands of i
• Add help for V?
• Implement and document iz* and izz*
• Add help messages for ms mp mL mo commands
• Handle pd1 and pi1 (imm without space)
• Handle ? in all the dc subcommands
• Add JSON output for r2 -V
• Rename anal.cpp.abi to anal.cxxabi, and add options for dbg.malloc
• Handle Loj and Lij as alias for iLj and oLj
• Add R2_COLOR env var for r2 when setting up scr.color
• Fix help message for the ?= command
• Better error handling in pushd/popd
• Fix #19830 - implement pushd/popd commands
• Implement 'mktemp' syscmd command
• Add missing help for ++, -- and r2pm
• Implement .. as an alias for s..
• Fix #19973 - Add - and + commands as alias for s- and s+
• Initial import of the WIP sh interpreter
• Implement proper dyslexic subcommands for La/aL
• Use more RLog, and add log.origin
• Show proper error when no function found in afv

tests

• Dont let r2r -o overwrite files
• Add test for 'q' return code bug and minor cleanup r2r
• Support gmake in the testsuite (BSD runs)
• Add 8051 disassemble/reassemble checks

tools

• Improve binary input handling in rasm2 with 0b and Bx
• Fix #20030 - Add binary input support for rasm2
• Check for hexpair keyword before adding a null in rafind2

types

• Typedef facility under t for pf support
• Proper use of the SDB api in anal/type.c
• Fix C types parser on unknown archs

util

• Add R_LOG_DISABLE hint for extra debugging
• Fix bug and optimize deletion in new rbtree api

visual

• Improve ec bgprompt in V: shell
• Fix #20049 - '.' in stack panel seeks to SP or BP if unset

webui

• Better material webui disasm defaults
• Fix scr.color=3 glitches in the html filter
• Fix /index missing icon and update project commands used
• Remove broken and outdated graph webui
• Update the www/m webui with latest versions of all the frameworks

write

• wb -> wX, wb = write big endian bits in byte

Authors

Apkunpacker Dennis Goodlett Fernando Domínguez Francesco Tamagni Lazula RHL120 SeanH Sergi Àlvarez i Capilla condret junchao-loongson max-lv mdolmen n01e0 pancake pancake

Changes

analysis

• Fix comma separated args in r_anal_function_format_sig
• Skip more types of call instructions on linear emulation
• Add missing 'direction' field in the output of aoj
• ar command using ->anal, otherwise for non-debug builds that fails
• Allow abt to handle addresses in the middle of basic blocks
• Handle addresses in the middle of basic blocks in abf
• Implement 'abf' command to list incoming bbs
• Run 'aap' before 'aae' on arm64 binaries in 'aaa'

bin

• Hide some dyldcache parsing error messages and improve string filtering
• Fix infinite loop in strings and better use of is_breaked()
• Handle ^C when loading dyldcache binaries
• Show friendly warning when loading without R_DYLDCACHE_FILTER
• Fix two more oobread bugs in the dyldcache plugin
• Fix oobread crash in the rebasing method of dyldcache
• Fix negative allocation attempt in izz that will surely fail
• Fix mach0 class 64bit address sorting bug
• Show 'missing X info' error in rabin2 -H
• Warn the user when no header fields are found
• Fix rebasing Mach-O DYLD_CHAINED_PTR_64
• Add support for parsing swift metadata from macho binaries
• Assume all machos are made by clang
• Honor baddr=0 in RBin, as it's done for RIO
• Fix oobread in symbols header parsing

build

• Add missing loongarch for the meson
• Add support for Visual Studio 2022 (community+enterprise)

ci

• Disable offline builds
• Ignore asan memory leaks when running the tests
• Run the tests for non-debugger builds

crash

• Fix null deref in code meta commands
• Fix oobread bug in NE parser
• Fix null deref in ne parser
• Fix #19940 - infinite loop in x/i on invalid instructions
• Fix oobread and unaligned casts in the NE entrypoint logic
• Fix random segfault happening with wrong null preconditions in iobank
• Fix UAF in aaef
• Fix oobread in NE parser
• Fix null deref in the ne parser
• Fix oobread in dyldcache
• Fix another oobread in the NE parser
• Fix another oobread segfault in the NE bin parser
• Fix oobread segfaults in the NE bin parser
• Fix oobread in the macho parser
• Fix 1 byte oobread in the cris analysis plugin

crypto

• Fix undefined behaviour bugs in serpent crypto algorithm

debugger

• Apple Silicon can hwstep

disasm

• Fix #19876 - Smarter local variable and argument sorting
• Show args before vars in afv summary also in pd

egg

• Initial WIP implementation of the ESIL backend for ragg2

emulation

• Fix aeim on --without-debugger builds

esil

• Fix 'aeb' emulating the right instructions
• Fix PPC ESIL of addis instruction
• Honor esil.maxsteps in more commands and stop earlier when no =PC
• Add esil.maxsteps to avoid infinite emulation loops

json

• Fix aeabj output which returned different information than aeab
• Instruct drrj to not emit ansi escapes to not damage

print

• Fix pief printing N bytes instead of N instructions
• Add psa command to print any kind of string
• Support relative pointer resolution in pxr
• Implement pfP for relative pointer format memory formatting
• Add pfW for signed short format

projects

• Add an error return to r_core_project_cat

r2pm

• Increase commit log from 3 to 10 in

search

• Initial implementation of the aavr command

security

• Add sandbox checks for the debugger io plugins

shell

• Fix infinite loop in -1 command
• Improve wz help and error handling
• Run r2pm from core internally
• Fixes for the Trim.args() for ?e
• Handle ^C in fg and improve ^C in pd
• Lowercase all the help messages for consistency (2)
• Honor escaping semicolons in macro definitions
• Lowercase all the help messages for consistency
• Use standard help api for aeim too
• Add the cmp command to compare two (alias) files
• Implement 'curl' command
• Implement @c: temporal seek operator
• Add r_core_return_code() and use it
• Fix glob matching in several cases
• Use strstr instead of rstr.glob for now in @@
• Fix seek history for the 's..' partial seeks

signatures

• Update byte signature flag name
• Fix autoloading of

tools

• Add rahash2 -J for simplified single object name=hash output
• Allow rahash2 -a to be passed multiple times

types

• Fix #16335 - tp not handling blocksize properly

util

• Add tests for the code tokenizer and fix <<= assignments

visual

• Visual color theme editor available from panels

zign

• Fix bug in z/, that creates misplaced functions

Authors

Dennis Goodlett Dennis Goodlett Jules Maselbas Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aandersonl aemmitt-ns pancake pancake

Changes

anal

• Remove the hexagon from anal
• Save sp,bp,src,dst in heap outside the loop
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Do not perform var/arg analysis on Java/Dalvik
• Add missing eiz/riz registers for x86 and x64
• Add mermaid output to all ag commands
• Add an* and fix many other conceptually broken logics in an

analysis

• Remove the hexagon from anal
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Add missing eiz/riz registers for x86 and x64
• Add an* and fix many other conceptually broken logics in an

asm

• Fix #19489 - Implement assembler for jrcxz

bin

• Add help for the CL command
• Cache file_exists when iterating over the source files
• Complete DWARF4 register mappings

build

• Only build library archives when -Dblob is provided
• Fix some static meson blob dependency leftovers
• Fix sys/release-notes when HEAD a tagged
• Make -Dblob=true statically link all r2 libraries

ci

• Publish r2blob-w64 on release and fix artifact name

crash

• Fix heap OOB read in macho.iterate_chained_fixups
• Fix UAF in aaaa on arm/thumb switching
• Fix buffer overflow in asm.nbytes, add hard limit to 64
• aaef on arm/thumb switches causes uaf
• Break large loops when method name resolution fails

debug

• Improve help message for dd? and autocomplete
• Add 'dd+' to open files in the child process as read-write
• Fix unitialized buffer read bug enumerating process files
• Add ddf command
• Fix dd command and update tests accordingly
• Skip wired-to-ground registers in dr=
• Fix drj in debug mode

disasm

• Fix #19838 - Show pins in the disassembly as comments
• Improve the way asm.nbytes plays with asm.flags.inbytes
• Fix issue in asm.tabs.once causing iaito to trim instructions

doc

• Update the Windows build instructions

esil

• Add ESIL for x86 SSE float instructions
• Implement 'aeb' using APIs instead of commands
• Add aaepa command to set all unknown imports as ret0
• Fix aecs and add test emulating hello world without libc
• Add aaep and extend aep to support pin specific commands
• Implement ESIL for the Stlxr arm64 instructions

fix

• Fix undefined behaviour in RVector, RPVector, RInterval and container_of

print

• Initial import of the code tokenizer

refactor

• Lots of cleanups to reduce the regressions in TCC
• Dont use != NULL as its implicit in C, even for bool casts

shell

• Improve help message for psz, aek, aae, aep, aer and aex commands

tools

• Use R_SYS_BITS by default in rasm2

visual

• Fix back scrolling in the decompiler pane in panels
• Improve panels prompt drawing the bottom box line one line above
• Add scr.notch to blank N lines on top of the screen
• Improve panels interactions with decompiler frame
• Record seek history when cliking around in panels
• Fix blank decompiler issue when clicking randomly in panels

windows

• Add w64-static builds in the CI
• Add 'configure.bat static' argument to build r2blob.static.exe
• Fix meson -Dblob=true builds for static
• Fix r2blob for windows

Authors -------

Dennis Goodlett Dennis Goodlett Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aemmitt aemmitt-ns archcloudlabs pancake pancake pkubaj

Changes

anal

• Handle jump tables in agfm
• Add agfma to get assembly in mermaid graphs
• Add agfm command to print cfg graphs using mermaid syntax

analysis

• Add agfm command to print cfg graphs using mermaid syntax

bin

• Find strings on maddr'd binaries with izz
• Fix wide32 string detection that caused to miss other ascii strings
• Fix large loading times in macho parser
• Fix slow loading times for small ELF sample

build

• Fix #19726 - fix meson definition order issue when using syslz4
• Add rasm2 and rax2 wasi/wapm packages
• Build fixes for wasi/wapm/wasm and update sdb

charset

• Add initial support for katakana

crash

• Fix timeout analyzing a small class reported by clusterfuzz
• Fix DoS in PE/QNX/DYLDCACHE/PSX parsers
• Fix DoS in kernelcache bin parser
• Fix oobread in macho core symbolication
• Fix null deref in bin.symbols
• Fix DoS in the minidump parser
• Fix DoS on macho parser spotted by scan coverity
• Fix heap buffer overflow in dyldcache parser

debug

• Add support for powerpc, powerpc64, powerpc64le and riscv64 on FreeBSD

disasm

• Honor ArchInfo.opalign in pia
• Fix #19610 - Honor minopsz in pia

esil

• Add some sign extend to some v850 st/sst insns

print

• Fix #19729 - Make pswj consistent with psw output
• Fix #19739 - Fix oobread in pv* and fix bug in pvj

shell

• Add aot command to show instruction types (like /atl)

visual

• Restore and revert blocksize in V:
• Fix #19737 - Handle ESC and space in the ascii hex column

Anderson Angel Diaz Anton Kochkov Bernhard M. Wiedemann Dennis Goodlett Florian M Nerijus Bendziunas PauRE Sergi Àlvarez i Capilla nemarci pancake pancake wargio

api

• New r_inflate_lz4 API to reuse LZ4 across all libs
• Support building with system-provided lz4 library

asm

• Support assembling the cmn, teq and tst arm32 instructions
• Fix oobread bugs in cr16 disassembler
• Fix pop [rsp] emulation for x86

bin/io

• Add ELF reloc patching for R_386_32 and R_386_PC32
• Handle SH, MIPS and ARM in COFF binaries
• Initial support for XALZ binaries from Xamarin
• Fix ihex:// io parser as it was not working

ci

• Partial #19687: Add release github actions workflow
• Publish FreeBSD artifacts and purge the srcdir

cons

• Fix 'disable mouse' ansi code
• Minor rgb.parse optimization and remove the use of sscanf in pal.c
• Fix visibility issue in the bluy theme

crash

• Properly fix the UAF in r_io_bank_map_add_top
• Early break when parsing corrupted DEXs to avoid DoS
• Fix oobread in pxj
• Prefer memleak over usaf in io.bank's rbtree bug
• Fix DoS in MACHO parser spotted by clusterfuzz
• Improve boundary checks to fix oobread segfaults
• Fix DoS when loading a fuzzed DEX file
• Fix UAF in pyc parser
• Fix negative index in anal.arm64.cs
• Fix bins/*/rep8 - UAF crash in pyc parser
• Fix oobread segfault in java arith8.class
• Fix java oobread in id_000000,sig_06,sync_m1,src_000048

panels

• Fix panel focus glitch
• Fix overlapping titles on small frames
• Close menu when a different decompiler is selected

shell

• New 'w+' command, to write a string and seek at the end
• Fix parsing of 'ra?' and 'r0x' subcommands
• Add prgl command to decompress current block using lz4
• Fix Negative Offset in Hexdump Json Output

Authors -------

Adrian Laskowski Apkunpacker Claudemirovsky Dennis Goodlett Francesco Tamagni Lazula RHL120 Roman Valls Guimera Sylvain Pelissier aemmitt-ns gogo2464 junchao-loongson lasek0 meme pancake pancake

Changes

abi

• Move asm/wasm into anal, and add new opasm() callback

anal

• Simpler var counting API
• Add support for x86-32 callpop artifacts
• Add ablc, ab-, Fix and optimize in af- and aafs
• • Add ablc, ab-, Fix and optimize in af- and aafs
• Fix 'afls' and add tests
• Fix heap overread in loongarch when len < 4
• Add axl command for consistency with afl for 'axlc'
• Fix reference order and use the API in sixref (2x faster)
• Initial implementation of the 'aafs' command
• Add support for the new loongarch architecture
• Improve the v850.np analysis, fix all call refs

analysis

• Simpler var counting API
• Add support for x86-32 callpop artifacts
• Add ablc, ab-, Fix and optimize in af- and aafs
• • Add ablc, ab-, Fix and optimize in af- and aafs
• Fix 'afls' and add tests
• Add axl command for consistency with afl for 'axlc'
• Fix reference order and use the API in sixref (2x faster)
• Initial implementation of the 'aafs' command
• Add support for the new loongarch architecture
• Improve the v850.np analysis, fix all call refs

api

• Add r_core_help_match() to get help for a specific command

arch

• Initial import of the evm.cs plugin

asm

• Handle instruction operands in wasm.asm
• Refactor, improve and move chip8 support out of libr/asm

bin

• Parse relocs from Mach-O chained binds if no opcodes
• Add support for rebasing ARM64E_USERLAND24 chained format
• Fix isqq. command
• Fix #19541 - Fix null deref and stack exhaustion bugs in the kernelcache
• Implement iS, command (table query format for section listing)

build

• Fix #18621 - Specify ABI version to be X.Y instead of X.Y.Z
• Add 16GB pagefile for the windows ci
• Simplify meson logic and use ole's PR to fix Windows
• Add CI job to verify builds with system-wide capstone
• Use system capstone if available in sys/install.sh
• Fix ios-sdk compilation
• Bring back the 32bit builds for Cydia
• Use api9 for android-arm builds to bring back Kitkat support

charset

• Add iso8859_1

cleanup

• Remove globals from tcc code

cons

• Use static RThreadLock in cons
• Dont SIGINT in RCons when used in a thready way
• Improve the 'fc' command to unset and get color flags easily
• Add scr.theme and Lt commands as alias for 'eco'
• Improve the basic theme
• Fix all the known issues in the ayu theme
• Honor jmp/call argument colors by type

core

• Fix #19628 - wx+ as an alias for wxs
• Mark all globals (or most of them) as TLS variables
• Make RCons thread-friendly
• Fix race conditions in RCoreTasks
• Rewrite r_list_uniq with a faster algorithm

crash

• Fix null deref in xnu.kernelcache
• Optimize and fix heap overflow in asm.tabs using RStrBuf

debug

• Expose the 32bit arm reg profile on 64bit hosts

disasm

• Workaround to handle seg:off on x86_16 due to a capstone bug
• Fix #15473 - Align meta dwords in the middle of instructions
• Improve reg detection in asm highlighting + add test
• Fix reg/flag detection in disasm colorization
• Initial import of the v850.np plugin
• Handle anal.cpu=? and fallback for asm.cpu when no asm plugin
• Add asm.bytes.opcolor configuration option

doc

• Add 'first session' example in the README

esil

• Disable ESIL macros and add reproducer test
• Add helper function for pending macro handling
• Improve EVM analysis and update tests
• Macrofication of the '+=' and '-=' esil operations
• Add support for list12 logic in the v850.np distillation
• Fix esil for bnd jmp x86 instrs and cmn arm instrs
• Implement ESIL on more instructions for v850.np
• Handle ESIL in more v850.np instructions

help

• Fix helps for aan? aaf? and aes?
• Fix help for the 'aaa' subcommands

io

• Fix use-after-free in iobank rbtree usage

panels

• Autoset cache flag on whitelisted panels on create
• Fix #19410 - Fix cursor mode regression

parse

• Use static RThreadLock in TCC

ports

• Add basic support for loongarch

print

• Add 'pFB' command to use the new BPLIST parser
• Add scr.color.ophex to colorize 'px' with opcode type
• Honor flag colors in 'px' hexdump
• Fix pxa@e:hex.compact=true and add tests
• Improve the way color flags are handled
• Improve pcc output and add a test
• Add 'pcc' command to print block as C char*string
• Fix pdsf?, forbid V? and remove newlines in pxA?

projects

• A better way to check if a project has been saved
• Add prj.sandbox to enable experimental sandboxed project loading

r2pm

• Initial implementation of r2pm.c

refactor

• Use stdint like if there was no yesterday
• Remove asm.hexagon, anal one is enough
• Remove asm.ebc and merge disasm into the anal

search

• Implement /aF and /aFd to search for instructions in functions
• Add Rabin Karp algorythm to
• Add r_search_maps to
• Search adjacent maps together
• Move /e to new search API
• Fix bug in regex searching
• Add longest field to RSearch
• Add r_search_upate_read API

security

• Implement fine grained sandbox control

shell

• Implement rarun2 time=true attribute

tests

• Initial implementation of the dummy benchmark

tools

• Fix R2PM_DEPS handling in r2pm -ci

util

• Fix: Mark r_print_format globals as TLS
• Add atomic primitives for Windows
• Add safe static lock initialization
• Improvements and fixes for the threading APIs
• Introduce r_strf and stop using sdb_fmt

visual

• Fix #19409 - Close menu after creating a new panel from it
• Handle vE as in VE - edit color theme
• Fix fast jump with ahc on register calls

windows

• Use I64x instead of llx format strings for mingw builds too

write

• Add ws1, ws2 and ws4 commands for variable size pascal strings

## Authors

• Claudemirovsky (linking issues)
• Dennis Goodlett (search + signatures)
• Francesco Tamagni (dyldcache)
• Lazula (pD and git pull issues)
• condret (crash in omf command)
• gogo (8051 assembler and AVR disassembler improvements)
• pancake pancake (everything else)

Changes

Architectures support

Changes related to disassembly, assembly and analysis:

• Use cs_disasm_iter in anal.x86.cs to use less heap and speedup analysis and disassembly
• Disable the disassembler logic in the asm plugin for 8051
• Handle jbc [reg] in 8051 assembler
• Handle registers on push on 8051
• Improve pD, reading too many bytes on loop
• Better Analysis plugin handling from the asm module

Binary parsing

• Dont depend on case-sensitive FS to load the DLL sdbs
• Support Mach-O DYLD_CHAINED_PTR_64_OFFSET format

Build/ CI

• Check for an existing upstream remote in install scripts
• Fix libr_lang linking issue (introduced in 5.5.2)
• Do not remake on modules with d/ (faster 'make' builds)

Search

• Cleanup public API for
• Add JSON output to zb commands

Security

• Fix #19476 - heap overflow in aao
• Fix #19478 - null deref in symbols file

Authors -------

Ashwin Kumar Dennis Goodlett Lazula Octavio Gianatiempo Richard Liu Rick de Jager Sergi Àlvarez i Capilla aemmitt-ns aviciano condret gordon-quad meme meme pancake pancake slowhand99

Changes

ARM/THUMB

• Fix #19464 - incorrect assembly for adrp on arm64
• Use null plugin when using unexistent asm plugin
• Handle more ELF relocs for ARM binaries
• Fix #18967 - Fix emulation for the mov-pc thumb instruction

Binary parsing

• Add Plan 9 symbol parsing
• Fix PE Metadata header name parsing (.net related)
• Add bin_xtr.xtr_pemixed for PE user plugin

build

• Use remote URL for git pull in install scripts
• Enable mingw32/mingw64 builds in the CI (new first class platform)

cons/ui

• Improve the snow experience in panels mode
• Add eco! and eco* and sort eco listing
• Show prev nodes in graph.few
• Improve cursor up/down in visual disasm when code is analyzed

crash

• Fix invalid pointer read issue in dwarf parser
• Fix #19455 - Negative tainted offset used in buffer for pyc causing oobread
• Fix #19448 - Fix atoi on non-null terminated string in PE section headers
• Fix #19446 - null derefs in the x509 parser
• Fix #19443 - UAF in marshall null object
• Fix #19442 - Fix heap underflow in pyc marshalling
• Fix #19444 - Null derefs in PE signature logic

Other

• Fix #19463 - io write error reporting regression
• Fix #19473 - Support libc filename w/o version for heap analysis
• Fix Dalvik’s esil conditionals
• Initial support for VLIW on hexagon
• Fix infinite loop in r_str_replace

Diff / Signatures

• Implement symbol name list diffing in radiff2
• Fix zj vars output
• Add binary search alg to pvector

r2pipe

• Fix r2pipe.cmd("Z") when command fails returns no output
• Updated R2pipeSide support for Go and V

Authors

0mhu Abdelrahman Eid Antoni Viciano Dennis Goodlett Fernando Domínguez Francesco Tamagni Jose Antonio Romero Lazula Murphy RHL120 Sergi Àlvarez i Capilla SkUaTeR Sylvain Pelissier aemmitt-ns condret devnull850 dogtopus hot3eed junchao-loongson meme murphy pancake pancake rhl120 thymol0

analysis

• Check if ax[ft] argument is valid before showing xrefs to 0
• Implement axtm, axfm and add helps for axf? and axt?
• Improve debug message when misleading a function name
• Add serialization API for vars
• Improve sixref plugin UX
• Copy the z80.archinfo into the gb plugin
• Honor (min|max)-opsz and buffer bounds in aar
• Hide the 'no calling conventions' warning and add =R0 for x86
• Improve the reg profile for python
• Fix crash when using the pyc disassembler without pyc bin
• avr requires aeim before aaaa to not assert
• New 'avg' command and RAnal.global to manage global variables
• Remove unused enum
• Fix tests for RAnalVar function relocation
• Fix variable relocation on ood (#19219)
• Fix 1 bb function analysis with a2f
• Fix null deref when using anal.a2f
• Improve sixref plugin UX

asm

• Add the first multiarch assembler plugin: vasm
• Initial implementation of the RISCV assembler
• Minor refactors in disasm.c, primarily r_core_print_disasm()

bin

• Use r_str_ndup in another bound check in dwarf
• Fix crash when elf symbol initialization fails
• Always init Mach-O options with defaults
• Add Support For dyld4 Atlas-style Shared Library Caches
• Handle allbins in im, iM, iT, iC, iV, iz
• Implement multidex and proper multibin in apkall://
• Handle allbins for iz, ic, iI, ie and iM
• Implement 'ob *' to select all bins and honor in is,ii,ir,il
• Add MSX rom/bin parser plugin and test
• Fix some null checks around the open_many apis
• Implement 'is,' for table query for symbols
• Handle the ARM32 COFF case
• Improve swift demangler and add bin.demangle.trylib config
• Initial implementation of the HUNK file parser
• Detect canary on statically linked RT and stripped PEs

build

• Generate bin/d the same way as other sdb paths with meson
• Fix wasi builds and update wapm package in the new dist/wapm
• Respect v35 repos for offline builds
• Dont user latest meson because its broken :D
• Initial work towards supporting mingw32/64 again
• Rename MD5 symbols to prevent OpenSSL collision

cons

• Fix buffer overflow in RConsPixel API affecting the braile renderer
• Improve default theme
• Add scr.prompt.tabhelp enabled by default
• Move more context fields out of the globals
• Move the console flushing decision to the console context

core

• Deprecate the file.openmany config variable

crash

• Fix null deref in r2 -c 'oc 3' -
• Fix #19178 - UAF in aaft when anal.detectwrites is enabled
• Wrong bounds initializing dwarf dies (tests_64901)
• Fix oobread in z80 disassembler (tests_65081)
• Fix oobread crash in the ELF parser (tests_64931)
• Fix oobread crash in DWARF's parse_die (tests_64926)
• Save and check the reg arena size when peekpoking (Fix tests_64923)
• Fix oobread crash in DWARF parser (tests_64922)
• Fix oobread crash in dwarf parser with non-null terminated strings
• Fix oobread crash in DWARF parser (tests_64924)
• Fix oobread crash in the analysis loop with corrupted ELFs (tests_64928)
• Fix uaf crash in aaft (tests_64927)
• Fix UAF in aaft (tests_64923)
• Fix oobread in VAX disassembler (tests_64920)
• Fix oobread crash in RAnal.hexagon (tests_64900)

crypto

• Remove global usage in AES encryption
• Add AES Key Wrap Algorithm

debug

• Make the macOS debugger more stable
• Handle PPID on macOS debugger

diff

• Add ci commands to compare two rbinobject data

disasm

• Add disasm+decompiler side by side api for the codemeta api
• Use hints to follow dwords
• Add armv7 to the arm.v35 plugin
• Fix pdi~invalid bug, at least when bbsize > 32
• Add support for the ALPHA disassembler
• Add PDP-11 disassembler support from binutils

esil

• Improvements on the arm64.v35/cs plugins
• Kill esil [], []= and related operations
• Fix r2wars regression with REP cycle detection
• Use sdb_itoa instead of snprintf for emulation

fs

• Always use b64 encoded filepaths on the fs.io calls

help

• Add help for the an command

io

• Add r_io_map_add_bottom
• Fix mapslit in r_io_map_add
• Remove r_io_map_new from public API
• Free maps on r_io_maps_fini
• apk:// is the new apkall:// (add AndroidManifest.xml)
• Use io banks by default
• Speedup repetitive access to the same submap in io banks
• Speedup r_io_map_get (O(2n) => O(2))
• Add iobank support to r_io_read_at_mapped
• Use new rbtree API in io_bank.c
• Fix io bank cmp cb functions
• Refix r_io_submap_set_to (typo)
• Enable io bank support in r_io_map_resize
• Kill r_io_map_location
• Enable io bank support in r_io_nread_at
• Implement r_io_bank_{read_from/write_to}_submap_at
• Enable io bank support in r_io_v{read/write}_at
• Enable io bank support in r_io_map_depriorize
• Implement new r_io_desc_get_byuri() API
• Enable io-bank support in r_io_map_get_paddr
• Enable io-banks for r_io_map_del_for_fd
• Fix return value in io_default close entry
• Fix resource leak and logic bug in r_io_reopen
• Check for access bytes in r_io_bank_{read/write}_at
• Enable io-banks support in r_io_map_remap
• Enable io-bank support in r_io_map_new
• Kill r_io_map_add_batch
• Remove unnecessary return val from r_io_map_del
• Enable io-bank support in r_io_map_del
• Rename r_io_map_next_available to r_io_map_locate and add use_banks support
• Kill r_io_map_next_address
• Improve r_io_bank_locate for replacing r_io_map_get_next_available
• Add alignment support to r_io_bank_locate
• Enable io banks in search; Kill search.in = io.sky.*
• Add 2 comments for clarification
• Improve "om"-command, show '*'-marker for current map
• Implement map depriorization in io banks
• • Add r_io_bank_map_add_bottom and r_io_bank_map_depriorize
• • Fix potential bug in r_io_bank_update_map_boundaries and add some comment for clarification
• Some cleanup and code deduplication
• Fix oob write in r_io_bank_{read/write}_at
• Fix omb-command map ids
• Initial io.banks management commands
• Rename r_io_bank_update_map_location to r_io_bank_update_map_boundaries and make it useable for map resize (siol eternal)
• Some code cleanup (siol eternal)
• Use incremental timestamp on map creation instead of real ones (siol eternal)
• Implement r_io_bank_update_map_location (siol eternal)
• Use r_list_iter_get_prev (siol eternal)
• Implement r_io_bank_delete_map and fix some bugs (siol eternal)
• Add r_io_bank_drain (siol eternal)
• Implement r_io_submap_set{from/to} (siol_eternal) #18476
• Implement r_io_bank_write_at (siol_eternal)
• Implement r_io_bank_read_at (siol eternal)
• Constify bankid and mapid in io-bank api (siol eternal)
• Imnplement r_io_bank_map_priorize (siol eternal)
• Speedup r_io_bank_map_add_top (siol eternal)
• Add missing NULL-check (siol eternal)
• Fix potential segfault (siol eternal)
• Adjust codingstyle in libr/io/io_map.c (siol eternal)
• Implement r_io_bank_locate (siol eternal)
• Implement r_io_bank_map_add_top and r_io_bank_get (siol eternal)

print

• Add lowercase seven-segmented-ascii-art alphabet for ?ea
• Implement ?ef = echo framed text command
• Add pve command to print values on any endianness

projects

• Fix a problem serializing vartypes causing analysis info lost
• Add .rvc_ignore
• Add an rvc clone command

refactor

• free/fini methods should return void
• Cleanup and boolify some more debug apis
• Boolify RIO.close()
• Minor refactors in disasm.c, primarily r_core_print_disasm()

rvc

shell

• Don't check for decompilers in $PATH
• Honor console width in ls and fix lsj,lsq,lse
• Add 'dir' command as an alias for 'ls'
• Permit ending '%' in the env keys for % and @%
• Handle 'git' command (from system PATH)
• Better subcommand error messages for @@, @@@ and @@@@
• Add @@@R to iterate over relocs

signatures

• Add help message for zac
• Fix bugs in types validator
• Fix validation of next sigs
• Fix leak in sig serialization
• Simplify deserialization of byte
• Add more information to var
• Simplify types storage in r_sign
• Refactor r_sign
• Add return type to zj
• Auto-rename name collisions in

tests

• Enable R2_DEBUG_ASSERT=1 in r2r
• Assume tests without FILE= just open -
• Show instruction and bytes when failing asm tests

types

• Optimize 'aaft' command, still far from fully optimized
• Remove ctype.c 2yo deadcode
• Add more types and skip some parse errors in to

util

• New API to get fist hex bytes in str
• Fix signed overflow in r_buf_fread_at
• Fix UAF in new rbtree api and improve a varname
• Port https://github.com/leiless/jw_rbtree to r_util (#19252)
• Implement skip RTable filter
• Implement ternary support for numeric input
• Handle base64: prefix in the wtf command

visual

• Dont loose scroll position when selecting new panels
• Handle the .r2s extension for visual slides
• Implement RCore.visual_slides()
• Fix defining meta backwards in disasm
• Use RUtil.Str.ss in disasm when scr.demo is set
• Fix #18384 - Visual arg/var management not working sometimes
• Fix Vvv output for stackpointer based vars
• Implement ?ea and ~?ea to use the seven segment ascii art text rendering