Radare2

r2 cheat sheet:

r2 -w libName.so > open lib file in write mode iE > print all functions afl > analyzed func list(same as iE) aaaaaa > analyze whole binary aaa > use it if lib is big instead of aaaaaa aF > analyze func (use it after seeking to a func and also only use it if you didnt type aaa or aaaaaa at the first)

s 0xaddress > seek to address

wa > seek to an address at first and run this command to edit the line (wa nop)

pdf > Print disassembled function pd N > will print first N lines of function pdg > print decompiled func by ghidra pdd > print decompiled function by r2 decompiler

izz > print all strings

axt @ sym.imp.exit > to find all exit methods

axt @@ str.XXXX > for finding data/code references to this address xref to look all strings

axt 0xaddress > find data/code references to this address(xref to)

axf 0xaddress > find data/code references from this address(xref from)

axF str.wtf > Finding references of flags matching 'str.wtf'

x > Show xrefs of current func from/to data/code

agf > print disassembled function in graph view mode

VVV > print disassembled function in graph view mode(press q to exit from graph view)

pdf @ 0xaddress > will print disassembled function of that address

wa nop @ 0xaddress > Will edit the assembly code of that address

radiff2 -x liborg.so libmod.so it will compare 2 libs and show the difference

iE > functions.txt it will save all the functions in a txt file

izz > strings.txt it will save all the Strings in a txt file

pdf > pdf.txt it will save printed disassembled function in a txt file

to search an special function name or an special string: izz ~+The String you are looking for iE ~+FuncName

to edit an string in the lib(new string length must be equal to original string length) w new string @ 0xaddress