NAME¶

rasign2 — radare2 signature management tool

SYNOPSIS¶

rasign2 [-afjhqrvSm] [-A [AAA]] [-i script.r2] [-o sigs.sdb] [-s signspace] [-c] [file]

DESCRIPTION¶

Generates, dumps, and manages zignature scripts for function identification and cataloging. Zignatures are Radare2 scripts that capture metadata associated with function signatures.

Supports interpretation of FLIRT '.sig' files, execution of zignature scripts, and exporting signatures in various formats.

OPTIONS¶

-a: Make signatures from all .o files in the provided .a file
-A [AAA]: Same as r2 -A, the more 'A's the more analysis is performed
-f: Interpret the file as a FLIRT .sig file and dump signatures
-h: Show help menu
-j: Show signatures in json
-i script.r2: Execute this script in the r2 instance
-o sigs.sdb: Add signatures to file, create if it does not exist
-q: Quiet mode
-r: Show output in radare commands
-S: Perform operation on sdb signature file ('-o -' to save to same file)
-s signspace: Save all signatures under this signspace
-c: Add collision signatures before writing file
-v: Show version information
-m: Merge/overwrite signatures with same name

ENVIRONMENT¶

rasign2 does not use any environment variables.

EXAMPLES¶

Generate signatures from a library file:

$ rasign2 -o libc.sdb libc.so.6

Perform deep analysis before generating signatures:

$ rasign2 -AA -o enhanced_libc.sdb libc.so.6

Output signatures in JSON format:

$ rasign2 -j input_file

Show signatures as radare2 commands:

$ rasign2 -r input_file

Merge new signatures into an existing file:

$ rasign2 -m -o existing.sdb new_binary

Extract signatures from a FLIRT .sig file:

$ rasign2 -f flirt_signatures.sig

THE Z COMMAND IN RADARE2¶

The 'z' command in radare2 is dedicated to the management of binary signatures, known as zignatures. Here are the key subcommands:

z: Show zignatures
z.: Find matching zignatures in current offset
zb: Search for best match
zd: Diff current function and signature
z*: Show zignatures in radare format
zo: Manage zignature files
zf: Manage FLIRT signatures
z/: Search zignatures
zc: Compare current zignspace zignatures
zs: Manage zignspaces
zi: Show zignatures matching information

These commands facilitate a robust workflow for binary analysis, enabling the identification of known functions and comparing binary similarities.

SUPPORTED ZIGNATURE METRICS¶

Zignatures in radare2 can be created with various metrics:

a: Bytes pattern (masked)
b: Raw bytes pattern
c: Base64 comment
n: Real function name
g: Graph metrics (complexity, edges, basic blocks)
o: Original offset
r: References
x: Cross references
h: Basic block hashes
v: Variables and arguments

AUTHORS¶

pancake <pancake@nopcode.org>

July 10, 2025

Source file:	rasign2.1.en.gz (from radare2 6.0.4+dfsg-1)
Source last updated:	2025-09-29T06:39:34Z
Converted to HTML:	2025-09-29T09:24:13Z