README-containers.md

radare2 docker image

Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processors and operating systems. Apart from the static analysis feature it also supports debugging and emulation. The architecture of the framework is modular and allows to use existing or create new plugins for new file formats, architectures, analysis features.

Official stable version

This registry image is for the stable version is based on Ubuntu and the radare2 snap build. The Dockerfile used to build it can be found in this dedicated repository. Any issue found in this packaging can be opened there.

The resulting build includes the following projects:

• radare2
• r2ghidra
• r2frida (only in supported platforms)
• r2dec
• r2yara
• r2ai (only decai r2plugin)
• r2pipe (for Python)
• r2book (as info page)

Run

To use this docker image you can use either:

docker run -ti radare/radare2
podman run -ti docker.io/radare/radare2
nerdctl run -ti radare/radare2

To use the docker image as one shot so it removes everything inside the container on exit just add --rm as follows:

docker run --rm -ti radare/radare2

Another example to use for debugging inside the docker:

docker run --tty --interactive --privileged --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined radare/radare2

Also there is the option to open the r2book inside the container:

info r2book

Verify

The image can be verified that has been generated by GitHub Actions by runing the following command:

cosign verify docker.io/radare/radare2 --experimental-oci11=true --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp='https://github\.com/radareorg/radare2-snap/.*@refs/heads/main'

GIT version (r2docker)

Alternatively there is a version with radare2 GIT aimed to be build locally.

This will build an image using Debian with radare2 from git with latest changes. The Dockerfile to build can be found inside the dist/docker directory in the radare2 source tree.

Build from GIT

To build this other image run the following lines:

git clone https://github.com/radareorg/radare2.git
cd radare2
make -C dist/docker

This will build an image with the following plugins:

• r2ghidra
• r2frida
• r2dec

It is possible to specify more packages using the R2PM make variable:

make -C dist/docker R2PM=radius2

Also, you can select the architecture (amd64 / arm64) to compile the image by using the ARCH make variable.

Run a container as r2web server

By default both images are intended to be used in a interactive terminal.

But both can also be launched directly to use the radare2 web UI.

The do so it can be launched using the following command:

docker run -p 9090:9090 radare/radare2 r2 -c '=h' -

Or the following docker-compose structure:

version: "3.8"
services:
  radare2:
    image: radare/radare2
    command: r2 -c '=h' -
    network_mode: bridge
    ports:
      - "9090:9090"

Or if debugging functionality is required:

version: "3.8"
services:
  radare2:
    image: radare/radare2
    command: r2 -c '=h' -
    network_mode: bridge
    ports:
      - "9090:9090"
    privileged: true
    cap_add:
      - SYS_PTRACE
    security_opt:
      - "seccomp=unconfined"
      - "apparmor=unconfined"

Links

You can read more about the project in the following links:

• https://www.radare.org
• https://github.com/radareorg/radare2