Debugging binary with pwntools and radare2

Posted on In

Brief

When using radare2 debugger, How to deal with the user input when debugging? There are two simple method.

  • use rarun2 with stdio
  • use pwntools with debugger.

use rarun2

  1. open second terminal, enter tty, record the output
    1
    2
    $ tty
    /dev/pts/2
  2. create a file p.rr2, write stdio equal the tty value you get from second termial
    1
    2
    # p.rr2 content
    stdio=/dev/pts/1
  3. in second terminal, run sleep 9999999999 to wait for output and input
  4. run r2 -r p.rr2 -d vuln in the first terminal and start debugging!

see more: doc

use pwntools

in the pwntool template, add following code

1
2
3
4
5
6
io = start()
pid = util.proc.pidof(io)[0]
print("The pid is: "+str(pid))
util.proc.wait_for_debugger(pid)
input("press enter to continue")
io.interactive()

then, run radare2 with r2 -d pid, using the pid from scripts.