radare2中文版
  • 介绍
  • 历史
  • 框架
  • 下载 radare2
  • 编译和可移植性
  • 在Windows上编译
  • 用户界面
  • 第一步
    • 命令行标志
    • 命令格式
    • 表达式
    • 基本调试器会话
    • 对radare2的贡献
  • 配置
    • 颜色
    • 配置变量
    • Files
  • 基本命令
    • Seeking(寻求)
    • Block Size(区块大小)
    • Sections(分节)
    • Mapping Files(映射文件)
    • Print Modes(打印模式)
    • Flags(标志)
    • Write(写)
    • Zoom(缩放)
    • Yank/Paste(拉伸/粘贴)
    • Comparing Bytes(比较字节)
    • SDB
    • Dietline
  • 视图模式
    • 反汇编
    • 汇编
    • 配置编辑器
    • 面板
  • 搜索字节
    • 基本搜索
    • 配置搜索
    • 正则搜索
    • 自动化
    • 向后搜索
    • 在程序集中搜索
    • 搜索AES密钥
  • 反汇编
    • 添加元数据
    • ESIL
  • 分析
    • 代码分析
    • 变量
    • 类型
    • 调用约定
    • 虚拟表
    • 系统调用
    • 模拟
    • 符号信息
    • 签名
    • 图形命令
  • 脚本
    • 循环
    • 宏
    • R2pipe
  • 调试器
    • 入门
    • 迁移自ida, GDB or WinDBG
    • 寄存器
    • 内存映射
    • 堆
    • Files
    • 反向调试
  • 远程访问
    • 远程GDB
    • 远程WinDbg
  • 命令行工具
    • Rax2(数值转换)
    • Rafind2(查找)
    • Rarun2
    • Rabin2(文件格式)
      • 文件标识
      • 入口
      • 导入
      • 导出
      • 符号 (导出)
      • 库
      • 字符串
      • 程序节
    • Radiff2(比较)
      • Binary Diffing
    • Rasm2(反汇编)
      • 汇编
      • 反汇编
      • 配置
    • Ragg2(C编译器)
      • Language
    • Rahash2(加密算法)
      • Rahash Tool
  • 插件
    • IO 插件
    • 汇编插件
    • 分析插件
    • 二进制插件
    • 其他插件
    • Python插件
    • 调试
    • 测试
    • Packaging
  • Crackmes
    • IOLI
      • IOLI 0x00
      • IOLI 0x01
    • Avatao R3v3rs3 4
      • .radare2
      • .first_steps
      • .main
      • .vmloop
      • .instructionset
      • .bytecode
      • .outro
  • 参考卡
  • 致谢
由 GitBook 提供支持
在本页
  • Hashing by blocks
  • Hashing with rabin2
  • Obtaining hashes within radare2 session

这有帮助吗?

  1. 命令行工具

Rahash2(加密算法)

The rahash2 tool can be used to compute checksums of files, disk devices or strings. By block or entirely using many different hash algorithms.

This tool is also capable of doing some encoding/decoding operations like base64 and xor encryption.

This is an example usage:

$ rahash2 -a md5 -s "hello world"

Note that rahash2 also permits to read from stdin in a stream, so you don't need 4GB of ram to compute the hash of a 4GB file.

Hashing by blocks

When doing forensics, it is useful to compute partial checksums. The reason for that is because you may want to split a huge file into small portions that are easier to identify by contents or regions in the disk.

This will spot the same hash for blocks containing the same contents. For example, if filled by zeros.

But also, it can be used to find which blocks have changed between more than one sample dump.

This can be useful when analyzing ram dumps from a virtual machine for example. Use this command for this:

$ rahash2 -B 1M -b -a sha256 /bin/ls

Hashing with rabin2

The rabin2 tool parses the binary headers of the files, but it also have the ability to use the rhash plugins to compute checksum of sections in the binary.

$ rabin2 -K md5 -S /bin/ls

Obtaining hashes within radare2 session

To calculate a checksum of current block when running radare2, use the ph command. Pass an algorithm name to it as a parameter. An example session:

$ radare2 /bin/ls
[0x08049790]> bf entry0
[0x08049790]> ph md5
d2994c75adaa58392f953a448de5fba7

You can use all hashing algorithms supported by rahash2:

[0x00000000]> ph?
md5
sha1
sha256
sha384
sha512
md4
xor
xorpair
parity
entropy
hamdist
pcprint
mod255
xxhash
adler32
luhn
crc8smbus
crc15can
crc16
crc16hdlc
crc16usb
crc16citt
crc24
crc32
crc32c
crc32ecma267
crc32bzip2
crc32d
crc32mpeg2
crc32posix
crc32q
crc32jamcrc
crc32xfer
crc64
crc64ecma
crc64we
crc64xz
crc64iso

The ph command accepts an optional numeric argument to specify length of byte range to be hashed, instead of default block size. For example:

[0x08049A80]> ph md5 32
9b9012b00ef7a94b5824105b7aaad83b
[0x08049A80]> ph md5 64
a71b087d8166c99869c9781e2edcf183
[0x08049A80]> ph md5 1024
a933cc94cd705f09a41ecc80c0041def
上一页Language下一页Rahash Tool

最后更新于4年前

这有帮助吗?