I wouldn't know at first glance what radare2 does, so this title was actually slightly more informative. Still nice to hear that it builds on previous work, though.
> Still nice to hear that it builds on previous work, though.
This is the problem with the title. Cutter doesn't "[build] on previous work" with radare2, it is simply a shell around radare2, which is itself a reverse engineering framework.
As much as I enjoy using radare2, I can't help but feel that the release of GHIDRA has made it somewhat obsolete. Perhaps some components of it can be used in r2 in the future though.
Does GHIDRA actually do something that radare2 doesn't?
I'm asking seriously. To me, it seems like it deals with a subset of radare2 features only, and is slow + uses a shitload of ram, when it doesn't outright crash/100%cpu on a problem binary.
As for reusing code as r2 plugins components, I've heard about some efforts around r2's irc channel.
It's funny that you say that - I had the exact opposite experience.
I've run several binaries through Ghidra that Cutter locks up with. In fact, that's what made me look into Ghidra at all after having found Cutter a few months ago.
Just my anecdotal experience obviously.
What are specific Cutter features that Ghidra lacks?
>I've run several binaries through Ghidra that Cutter locks up with.
That's interesting. Please drop by the irc channel to report! I do suspect it's cutter-specific, and radare cli would work fine.
Pancake keeps a collection of past problematic binaries which are used for automatic regression testing. If my suspicion is right, it'd be worth auto-testing cutter too.
I feel like that would be incredibility audacious given the intended user base, but they've done worse.
I've used it in a VM with no outbound networking capabilities and on a Kali install after physically disconnecting it from the network.
Wouldn't help against persistent threats, though.
Personally, downloading a .zip file directly from a .gov website left me with a weird feeling. I would trust it more if they actually used the github repo for it.
Let's just hope my HDD firmware is still intact...
Cutter is a fantastic piece of software, and I use it for university coursework and CTFs on a regular basis. Obviously it isn’t yet as feature complete as something like IDA, but it sure does look nicer when you’re using it. The fact that it’s running radare2 under the hood is great, because it supports so many different kinds of binaries. I hope that GHIDRA gets absorbed in part into r2 (I don’t know if that’s architectural possible), because a good FOSS piece of software to compete with IDA is sorely needed in this industry.
I've never really had much luck with Cutter. It's apparently all single-thread "by design", which causes it to hang indefinitely when analyzing larger binaries. Another unfortunate side effect of that "design" is that it also has to analyze everything in the foreground while you wait - unlike IDA or Ghidra's ability to do so in the background.
Radare2 is pretty decent for what it is - especially considering that it's "free as in beer" - but I always found Cutter to be pretty frustratingly lackluster.
22 comments
[ 2.6 ms ] story [ 63.9 ms ] threadA Qt and C++ GUI for radare2 reverse engineering framework
It's not a new disassembler, it's a GUI frontend to the excellent radare2.
This is the problem with the title. Cutter doesn't "[build] on previous work" with radare2, it is simply a shell around radare2, which is itself a reverse engineering framework.
I'm asking seriously. To me, it seems like it deals with a subset of radare2 features only, and is slow + uses a shitload of ram, when it doesn't outright crash/100%cpu on a problem binary.
As for reusing code as r2 plugins components, I've heard about some efforts around r2's irc channel.
I've run several binaries through Ghidra that Cutter locks up with. In fact, that's what made me look into Ghidra at all after having found Cutter a few months ago.
Just my anecdotal experience obviously.
What are specific Cutter features that Ghidra lacks?
That's interesting. Please drop by the irc channel to report! I do suspect it's cutter-specific, and radare cli would work fine.
Pancake keeps a collection of past problematic binaries which are used for automatic regression testing. If my suspicion is right, it'd be worth auto-testing cutter too.
I feel like that would be incredibility audacious given the intended user base, but they've done worse.
I've used it in a VM with no outbound networking capabilities and on a Kali install after physically disconnecting it from the network. Wouldn't help against persistent threats, though.
Personally, downloading a .zip file directly from a .gov website left me with a weird feeling. I would trust it more if they actually used the github repo for it.
Let's just hope my HDD firmware is still intact...
A somewhat unfortunate abbreviation…
Radare2 is pretty decent for what it is - especially considering that it's "free as in beer" - but I always found Cutter to be pretty frustratingly lackluster.