Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
xvilka 3 hours ago

Cutter[1] by RizinOrg[2].

[1] https://github.com/rizinorg/cutter

[2] https://github.com/rizinorg/rizin

aktau 2 hours ago | parent [-]

+1

I once tried learning how to RE with radare2 but got very frustrated by frequent project file corruption (meaning radare2 could no longer open it). The way these project files work(ed?) in radare2 at the time was that it just saved all the commands you executed, instead of the state. This was brittle, in my experience.

I don't have a lot of free time, so I have to leave projects for long periods of time, not being able to restart from a previous checkpoints meant I never actually got further.

IIUC, one of the first things Rizin did was focus on saving the actual state, and backwards/forwards-compatibility. This fact alone made me switch to Rizin. To its credit, my 3-year old project file still works!

Now for the downside: there is apparently a gap in Windows (32-bit) PE support, causing stack variables to be poorly discovered: https://github.com/rizinorg/rizin/issues/4608. I tested this on radare2, which does not have this bug. I'm hoping this gets fixed in Rizin at some point, at which point I'll continue my RE adventure. Or maybe I should give an AI reverse engineer a try... (https://news.ycombinator.com/item?id=46846101).

xvilka 2 hours ago | parent | next [-]

Yes, we are working on rewriting analysis completely[1][2] that would fix your issue along with many others.

[1] https://github.com/rizinorg/rizin/pull/5505

[2] https://github.com/rizinorg/rizin/issues/4736

aktau an hour ago | parent [-]

Can't wait! Do you have any idea how far along this is? Is it likely to be months, quarters, years?

(Funny expression, that. I'll wait, of course. It'll be a happy day when this works again and I can slowly make progress RE'ing again.)

xvilka an hour ago | parent [-]

Months.

alberto-m an hour ago | parent | prev [-]

I tried radare2 with the official GUI Iaito. Iaito saves the project in a git repo, so whenever I got corruption (and I got it a lot, like every 4-5 saves) I was just a `git reset --hard` away from restoring a good state. Not the most efficient way of operation, but for me it was better this than tolerating Ghidra's tiny Courier New font.

aktau an hour ago | parent [-]

Thanks for the note.

Your corruption frequency anecdote matches mine. I don't have the mental werewithal to deal with that. I won't go back to radare2 until they change their project file stability somehow.