Google Summer of Code 2018 announcement for radare2 project

This year we decided to resume publishing the results of the previous one and announce a new GSoC for the open source project radare2 on the Habrahabr resource.

Current results

As already mentioned earlier , in 2015 radare2 it has not yet been adopted as a separate project, but thanks solardiz and project Openwall , one of the tasks for radare2 was taken under his wing. After that, starting in 2016, the framework is already participating as a separate company. Over the years since the last publication within the GSoC, the following important tasks have been completed:

• radeco decompiler (still in development)
• improved support for Windows
• reversible debugging
• support for remote debugging of GDB and LLDB
• defining function arguments
• WebUI improvement

Additionally, the project carried out its own analogue of GSoC - RSoC (Radare Summer of Code). One of the differences is that not only students could send applications. Within the framework of this project, the following tasks were completed:

• support for FLIRT and YARA signatures
• loading PDB debugging information
• structure support (similar to 010 Editor)
• parsing ObjC metadata from Mach-0 to define classes and character information

Perhaps this year RSoC will not be conducted, but so far the decision has not been finalized.

Project Development Methodology

All repositories are hosted on github and github issues are used as a bug tracker . Tests are allocated to a separate repository and run on Travis CI , AppVeyor and our Jenkins . We also use Coverity to find bugs, and for various demos we use asciinema server.

In addition, several documents were prepared for those who want to become one of the developers of the project:

• Contributing Guide
• Developers Intro

To begin with, in order to get acquainted with the code base of the project, we recommend those who wish to fix one of the issue marked good first issue .

Essential Skills

Most of the radare2 project is written in C, so we expect candidates to be familiar with this PL. But at the same time, some tasks will require Go to create an interoperability platform, Rust for radeco and Qt with C ++ for Cutter. If it was already said about Radeco, the Cutter (until recently called Iaito) was introduced relatively recently and is a GUI for radare2.

Participation in GSoC

What you need to do to participate:

1. View Google’s membership policies .
2. Take one of the tasks or offer your own.
3. Write a draft application using Google Docs and our template , and ask one of the mentors to check it.
4. Submit a request using the Google interface.

To participate, in addition to the application, you will need to send a small Pull Request to solve one of the micro tasks :

• Analysis
• Counts # 6967
• Disassemblers and assemblers
• RAGG2 # 6949
• Refactoring
• Improving Unicode Support (UTF-8)
• File formats
• Debugging
• Miscellaneous
• Radeco
• Rune
• Cutter

Or you can fix one of the github issues , suitable for complexity with microtask.

Recommendations for writing an application:

• The application should not be large, just a couple of pages.
• Try to break the period of participation in GSoC by tasks, and each task into sub-tasks. This will help us not only to understand how much you are interested in completing a task, but also to you - to evaluate the task more deeply before starting to perform and to prioritize.
• Write down how much time per day / week you plan to spend on the project.
• Indicate your time zone so that we can find a mentor with a similar one to simplify communication.
• Please submit your application in advance, and not at the last minute.
• You can also choose a “fallback” task, so that in case of a conflict of interest (two students have chosen one task) it would be easier for us to solve this.

Task list

Within the Radare2 project, there are several more subprojects: Radeco , Rune and Cutter . Therefore, for each, one task was allocated.

• [Radeco] Pseudo-C backend for decompilation - it is assumed that this year the ability to decompile the code in Pseudo-C will finally be completed using the analysis capabilities of Radeco
• [Rune] Integration with radeco-lib and radare2 - Rune library was created to analyze sections of binary files using symbolic execution
• [Cutter] Add debugging and emulation support - currently only static analysis is supported in Cutter, and interaction with ESIL (emulation) and debugging are possible only through the CLI interface

Tasks related directly to the framework:

• Console interface - improve the current CLI-interface capabilities (for example, add a split-mode for comparing files through radiff2, one of the sub-drags)
• Types - improve support for types and structures (struct / union)
• Parsing EXE / DLL as a FAT file - improve macho format support and PE separation (dos, win, .net)
• Support for the Windows platform - includes both fixing bugs when debugging through various protocols (native, gdb: // and windbg: //), and improving the current capabilities
• Platform for real-time interaction - by analogy with the projects collabREate , YaCo and solIDArity, add the ability to jointly reverse files, which will help both for analyzing large files and solving CTF problems in a team
• ROPchain generator using ragg2 - improve compilation of ROP gadgets and add automatic creation of ROP chains (it is recommended to use SMT solvers, for example Z3), as is done in ROPgadget

A more detailed summer plan is presented on our GSoC page: rada.re/gsoc
Official project site: rada.re

Questions about tasks or using the framework can also be asked on the #radare IRC channel on the Freenode network or on the https://t.me/radare telegram channel (transport is configured between them).