Radare2 allows manual search for assembly code looking like a syscall operation. For example on ARM platform usually they are represented by the svc instruction, on the others can be a different instructions, e.g. syscall on x86 PC.
Syscalls detection is driven by asm.os, asm.bits, and asm.arch. Be sure to setup those configuration options accordingly. You can use asl command to check if syscalls' support is set up properly and as you expect. The command lists syscalls supported for your platform.
[0x0001ece0]> e asm.emu=true
[0x0001ece0]> s 0x000187c2
[0x000187c2]> pdf~svc
0x000187c2 svc 0x76 ; 118 = sd_ble_gap_disconnect
[0x000187c2]>
In case of executing aae (or aaaa which calls aae) command radare2 will push found syscalls to a special syscall. flagspace, which can be useful for automation purpose:
To reduce searching time it is possible to range for only executable segments or sections with /as @e:search.in=io.maps.x
Using the radare2 can print syscall arguments in the disassembly output. To enable the linear (but very rough) emulation use asm.emu configuration variable:
