By following common basic UNIX principles, it is easy to write a small utility in a scripting language which uses , otool or any other existing utility to obtain information from a binary and to import it into radare. For example, take a look at idc2r.py shipped with . To use it, invoke it as idc2r.py file.idc > file.r2. It reads an IDC file exported from an IDA Pro database and produces an r2 script containing the same comments, names of functions and other data. You can import the resulting ‘file.r2’ by using the dot . command of radare:

    The . command is used to interpret Radare commands from external sources, including files and program output. For example, to omit generation of an intermediate file and import the script directly you can use this combination:

    1. [0x00000000]> .!idc2r.py < file.idc

    Please keep in mind that importing IDA Pro metadata from IDC dump is deprecated mechanism and might not work in the future. The recommended way to do it - use python-idb-based ida2r2.py which opens IDB files directly without IDA Pro installed.

    There are many different metadata manipulation commands, here is the glimpse of all of them:

    Simply to add the comment to a particular line/address you can use Ca command:

    1. [0x00000000]> CCa 0x0000002 this guy seems legit
    2. [0x00000000]> pd 2
    3. 0x00000000    0000         add [rax], al
    4. ;      this guy seems legit
    5. 0x00000002    0000         add [rax], al

    The C? family of commands lets you mark a range as one of several kinds of types. Three basic types are: code (disassembly is done using asm.arch), data (an array of data elements) or string. Use the Cs comand to define a string, use the command for defining an array of data elements, and use the Cf command to define more complex data structures like structs.

    The Cf command is used to define a memory format string (the same syntax used by the pf command). Here’s an example:

    1. [0x7fd9f13ae630]> pd
    2. ;-- rip:
    3. 0x7fd9f13ae630 format 2xi foo bar {
    4. 0x7fd9f13ae630 [0] {
    5.  foo : 0x7fd9f13ae630 = 0xe8e78948
    6.  bar : 0x7fd9f13ae634 = 14696
    7. 0x7fd9f13ae638 [1] {
    8.  foo : 0x7fd9f13ae638 = 0x8bc48949
    9.  bar : 0x7fd9f13ae63c = 571928325
    11. } 16
    12. 0x7fd9f13ae633    e868390000   call 0x7fd9f13b1fa0

    The [sz] argument to Cf is used to define how many bytes the struct should take up in the disassembly, and is completely independent from the size of the data structure defined by the format string. This may seem confusing, but has several uses. For example, you may want to see the formatted structure displayed in the disassembly, but still have those locations be visible as offsets and with raw bytes. Sometimes, you find large structures, but only identified a few fields, or only interested in specific fields. Then, you can tell r2 to display only those fields, using the format string and using ‘skip’ fields, and also have the disassembly continue after the entire structure, by giving it full size using the sz argument.

    Using Cf, it’s easy to define complex structures with simple oneliners. See pf? for more information. Remember that all these C commands can also be accessed from the visual mode by pressing the d (data conversion) key. Note that unlike commands Cf doesn’t change analysis results. It is only a visual boon.

    Note ,(locale-help.txt) appeared in the comments, if we press , again in the visual mode, it will open the file. Using this mechanism we can create a long descriptions of some particular places in disassembly, link datasheets or related articles.