I started to use radare2 in the beginning on 2012, and my first contribution to it was in August 2013. I gave numerous workshops and talks about it at various security conferences, served as a GSoC mentor, wrote a couple of articles about it both on this very blog and other places, attended all the r2con to give workshops there, …
I've used IDA Pro for a similar amount of time, and recently attended a binary ninja training. No clue about Ghidra though.
People are often asking me why they should use radare2 instead of something else, so I decided to write this down. I think that a nice way to (partially) answer this question is to use a handy metaphor: text editors.
The metaphor
Radare2 is like vim
Radare2 is all about command line and cryptic shortcuts/commands, and just like vim,
at the beginning, one is completely lost, spending all your time in insertion
mode, trying to remember what gg=G"
is supposed to do, or how to undo the
folding of the function you're looking at. But once you're used to it, once you
saw the light, you're fast and efficient, everything seems logical, pleasant and
well designed.
Like vim, radare2 has a terrible scripting language, due to legacy issues, that looks like this:
/x 7...7...
(patch2,?E patch2,wx eb,s+2,wx 9090,)
(,f foo=$j,s+2,f bar=$j,s-2,?v foo-bar,?! .(patch2))() @@ hit*
(,s+2,?v $j-$$+2,?! wx 9090)() @@ hit*
f-hit*
Because vimscript and r2script may be brittle to use, they both have a lot of binding: lua, ruby, python, vimscript, mzscheme, Perl, Tcl, … for vim, and a large subset of those for radare2.
The community around those two software are a bit alike: they are fans of their
tool, and will be vocal about this, which is sometimes often annoying to
others: Why can't those people not shut up, why do they have to be so vocal and
insist that we give a try at their cryptic tool from the past?
There are some GUI for vim, like GVim, or all the neovim
ones,
but most of the people are simply using vim in a terminal, because
it's more convenient.
Radare2 had gradare2,
bokken,
Ronin,
radare2gui_dotnet, various
web interfaces, and now
Iaito
Cutter, but most of its power users are
using radare2
.
Both of them are also running on almost every single platform: AmigaOS, Atari MiNT, BeOS, DOS, MacOS, NextStep, OS/2, OSF, RiscOS, SGI, UNIX, VMS, Win16 + Win32 (Windows95/98/00/NT), BSD*, Linux, …
Moreover, even while they're packed with features, they do have a lot of
hackish clever integrations with other programs: vim plays nice with
make
,
ctags
,
LSP
,
crazy autocompletion engines,
fuzzy finders,
git…
while radare2 integrates with
yara,
snowman,
retdec,
ghidra,
kaitai, …
I like vim, it's great to write text, C, Haskell, … but I wouldn't recommend to use it for things like Java or C++. For those, an IDE is more suited. Of course, there will always be people using vim for Java, but the majority doesn't.
For radare2, it's similar: it's great for reversing small programs, like in CTF, things written in C, … but for C++ or massive packed binaries, I wouldn't recommend it.
Binary Ninja is like Emacs
Binary ninja feels a bit clunky: there is this omnipresent feeling that things are missing or aren't completely dry yet. But if you take the time to write your plugins, or to use the ones from other, then you'll understand why its users are loving it so much.
For example, its Opaque predicate patcher plugin is amazing, and would be awful to write in pure r2script. Even by using Python, for example via r2pipe, or IDAPython, doing the backward propagation to find if a given condition is constant would be horrible.
Actually, some people are recommending org-mode or magit, with emacs only being a byproduct of it. Like Binary Ninja being a byproduct of its multi-level IL or Python API.
There is also this tendency of emacs users to never use any other tool, because they wrote eww to browse the web, ERC for irc, reading emails with GNUS, using org-mode as a notebook/calendar, serving http with elnode, ordering food, … Binary Ninja users have a similar behaviour: scripting everything via the Python API.
IDA Pro is like IntelliJ IDEA
IDA is massive, and costs more money than its competitors, but this is what the industry is using, and you can reverse massive binaries with ease.
You can of course write C++ or Java in vim, or in emacs, but you either have a massive amount of plugins, or you're a hardcore user, which is entirely fine. But for normal people™, it's usually easier, faster and more effective to use an IDE.
IntelliJ IDEA comes with a lot of features, like deep integration with the Java ecosystem (Gradle, Maven, JBoss, Spring, Android, …), intelligent autocompletion, code analysis, refactoring, framework integrations, profiting…
Likewise, IDA Pro comes with FLIRT, remote debugging (including compatibility with Corellium), advanced analysis, tracing, advanced typing system with automatic inference, an advanced interactive decompiler, support for a myriad of architectures, PDB support, Lumina, Android and iPhone weird format support, …
There is more…
At the beginning of this blogpost, I used the term "partially answered", because a metaphor is rarely enough to provide a comprehensive answer, and there is an elephant in the room that needs to be mentioned: money
Radare2 has a vibrant community, that does things mostly because they are fun, while IDA Pro and Binary Ninja have to make money: if you want a feature in radare2, you'll need to either convince someone to implement it for you, or to implement it yourself, while for the others, you can likely just throw a bunch of money at the developers to get it done. Worse case, the license is coming with technical support anyway.
Not having to care about paying the rent by selling radare2 also means that
some useless stupid entertaining features are added from time to
time: some potache easter eggs, the game 2048, emoji
support, Malbolge and brainfuck disassembly, … this also means that from time
to time, things are broken, and nobody cares because nobody is using them but
you.
It also means that while Binary Ninja and IDA Pro a giving expensive trainings, radare2 has the r2con for less than 100EUR, with 2 days of workshops,and two day of people presenting the crazy things they did with radare2: fiddling with proprietary Street Fighter emulators, writing a GUI, integrate with decompilers, Fuzzing, writing music, reversing wireless SD cards, … and even a chiptune party!