Provided by: radare2_3.2.1+dfsg-5build1_amd64 bug

NAME

     ragg2 — radare2 frontend for r_egg, compile programs into tiny binaries for x86-32/64 and
     arm.

SYNOPSIS

     ragg2 [-a arch] [-b bits] [-k kernel] [-f format] [-o file] [-i shellcode] [-I path]
           [-e encoder] [-B hexpairs] [-c k=v] [-C file] [-n num32] [-N num64] [-d off:dword]
           [-D off:qword] [-w off:hexpair] [-p padding] [-P pattern] [-q fragment] [-FOLsrxvhz]

DESCRIPTION

     ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.

     This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a
     library and integrated with r_asm and r_bin.

     Programs generated by r_egg are relocatable and can be injected in a running process or on-
     disk binary file.

     Since the ragg2-cc merge, ragg2 can now generate shellcodes from C code. The final code can
     be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote
     process. This feature is conceptually based on shellforge4, but only linux/osx x86-32/64
     platforms are supported.

DIRECTIVES

     The rr2 (ragg2) configuration file accepts the following directives, described as key=value
     entries and comments defined as lines starting with '#'.

     -a arch     set architecture x86, arm

     -b bits     32 or 64

     -k kernel   windows, linux or osx

     -f format   output format (raw, c, pe, elf, mach0, python, javascript)

     -o file     output file to write result of compilation

     -i shellcode
                 specify shellcode name to be used (see -L)

     -e encoder  specify encoder name to be used (see -L)

     -B hexpair  specify shellcode as hexpairs

     -c k=v      set configure option for the shellcode encoder. The argument must be key=value.

     -C file     include contents of file

     -d off:dword
                 Patch final buffer with given dword at specified offset

     -D off:qword
                 Patch final buffer with given qword at specified offset

     -w off:hexpairs
                 Patch final buffer with given hexpairs at specified offset

     -n num32    Append a 32bit number in little endian

     -N num64    Append a 64bit number in little endian

     -p padding  Specify generic paddings with a format string. Use lowercase letters to prefix,
                 and uppercase to suffix, keychars are. 'n' for nop, 't' for trap, 'a' for
                 sequence and 's' for zero.

     -P size     Prepend debruijn sequence of given length.

     -q fragment
                 Output offset of debruijn sequence fragment.

     -F          autodetect native file format (osx=mach0, linux=elf, ..)

     -O          use default output file (filename without extension or a.out)

     -I path     add include path

     -s          show assembler code

     -r          show raw bytes instead of hexpairs

     -x          execute (just-in-time)

     -z          output in C string syntax

EXAMPLE

       $ cat hi.r
       /* hello world in r_egg */
       write@syscall(4); //x64 write@syscall(1);
       exit@syscall(1); //x64 exit@syscall(60);

       main@global(128) {
         .var0 = "hi!\n";
         write(1,.var0, 4);
         exit(0);
       }
       $ ragg2 -O -F hi.r
       $ ./hi
       hi!

       # With C file :
       $ cat hi.c
       main() {
         write(1, "Hello\n", 6);
         exit(0);
       }
       $ ragg2 -O -F hi.c

       $ ./hi
       Hello

       # Linked into a tiny binary. This is 165 bytes
       $ wc -c < hi
         165

       # The compiled shellcode has zeroes
       $ ragg2 hi.c | tail -1
       eb0748656c6c6f0a00bf01000000488d35edffffffba06000000b8010
       000000f0531ffb83c0000000f0531c0c3

       # Use a xor encoder with key 64 to bypass
       $ ragg2 -e xor -c key=64 -B $(ragg2 hi.c | tail -1)
       6a2d596a405be8ffffffffc15e4883c60d301e48ffc6e2f9ab4708252
       c2c2f4a40ff4140404008cd75adbfbfbffa46404040f8414040404f45
       71bff87c4040404f45718083

SEE ALSO

     radare2(1), rahash2(1), rafind2(1), rabin2(1), rafind2(1), radiff2(1), rasm2(1),

AUTHORS

     Written by pancake <pancake@nopcode.org>.

                                           Sep 30, 2014