R2con 2019 Review
Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Doug Gwyn, in Introducing Regular Expressions (2012) by Michael Fitzgerald
Radare2 (r2) is a Unix-like reverse engineering framework. The creation of this framework has resulted in a large internet comunity of people who want to use r2 for both clever and stupid things.
The author and maintainer of r2, Sergi “Pancake” Alvarez, is not slow about accepting pull requests. For perspective, r2 gets around 500 commits a month. Pancake somehow manages that madness and is always available in IRC/Telegram to answer questions.
I had the pleasure of speaking at r2con this year. R2con is a community convention where people from all over the world gather in Spain to learn about and contribute to r2. In this blog post, I’m sharing highlights from my conference attendance and speaking experience.
All the talks pertained to r2, so I was a bit surprised at the diversity. Serious talks were given, such as Nacho Sanmillan talking about how Linux malware could craft ELF headers to break automated scanning. Then, there were more light-hearted talks: Pau Oliva and Synacktiv spoke about reversing a Street Fighter game emulator. Some of these talks have started to make their way to Pancake’s YouTube channel.
Note: Pancake is editing the r2con speaker videos himself, so updates are forthcoming.
I wish I had participated in the capture the flag (CTF), but I was busy stressing over my talk. Some of the challenges looked really interesting.
The CTF winners were encouraged to write up solutions for the challenges. The CTF, like other events, served as a fun excuse to improve r2 and its user base. The rewards for winning looked awesome, too.
R2 wars is the epitome of stupid things that are very clever. Radare2 has an intermediate language, called ESIL, to facilitate and simplify analysis of algorithms. It is very powerful and can quickly break many obfuscation techniques. As it turns out, it can also be used to make two pieces of shellcode battle.
All in attendance were invited to submit “bots” for the battle. Two bots would battle by being put in the same memory region and emulated with ESIL. Each bot would try to outlive the other–If you segfault the other bot, or the other bot segfaults itself, you win the battle. If your bot wins the most battles, you get some pretty sweet r2 swag.
All of this was really just an entertaining way for participants to learn CPU architectures and to improve ESIL. This year’s r2 wars led to two bugs being reported, and both were fixed before the end of the convention.
Bot battles and Chiptune music set the atmosphere between talks. You could see the strategies people were using played out in little blocks on the screen. In the picture below, you can see one of the bots asking for help.
Photo cred goes to: @foolisses.
Another bot managed to use its memory writes to spell out “BIER” (beer) on the screen, the audience broke into spontaneous applause. Pancake then awarded the author a free beer for his creativity.
Photo cred goes to: @Aissn
Of course, prizes were awarded to the finalists of the CTF and r2 wars, but the prizes awarded for contributing fixes and features to r2 were just as awesome. It was cool to see the value placed on contributions to the code base.
The r2 framework supports reversing Gameboy games. So playing Chiptune music between talks and all the breaks only made sense.
After the events, we gathered at a small venue for the r2con Chiptune afterparty–just a bunch of nerds from around the world who enjoy exploring the inner-workings of low level CPU programming, all dancing to a live Chiptune DJ. I got to talk to more people–and do a little dancing.
Overall, r2con has been my favorite of the computer conventions I’ve been to. Thank you to the team for putting it on and for the hospitality you showed to my wife and to me. We had a blast!
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.