Title: Radare2, IDA Pro, and Binary ninja, a metaphoric comparison
Date: 2019-09-07 16:15

I started to use [radare2](https://rada.re) in the beginning on 2012, and my
first contribution to it was in August 2013. I gave numerous workshops and
talks about it at various security conferences, served as a
[GSoC](https://summerofcode.withgoogle.com/) mentor, wrote a couple of articles
about it both on this very blog and other places, attended all the
[r2con](https://rada.re/con/) to give workshops there, …

I've used [IDA Pro](https://www.hex-rays.com/products/ida/index.shtml) for a
similar amount of time, and recently attended a [binary
ninja](https://binary.ninja/)
[training](https://binary.ninja/support/#training). No clue about
[Ghidra](https://ghidra-sre.org/) though.

People are often asking me why they should use radare2 instead of something
else, so I decided to write this down. I think that a nice way to (partially) answer this
question is to use a handy metaphor: text editors.

# The metaphor

## Radare2 is like [vim](https://www.vim.org/)

Radare2 is all about command line and cryptic shortcuts/commands, and just like vim,
at the beginning, one is completely lost, spending all your time in insertion
mode, trying to remember what `gg=G"` is supposed to do, or how to undo the
folding of the function you're looking at. But once you're used to it, once you
saw the light, you're fast and efficient, everything seems logical, pleasant and
well designed.

Like [vim](https://devhints.io/vimscript), radare2 has a [terrible scripting
language](https://radare.gitbooks.io/radare2book/scripting/intro.html), due to
legacy issues, that looks like this:

```
/x 7...7...
(patch2,?E patch2,wx eb,s+2,wx 9090,)
(,f foo=$j,s+2,f bar=$j,s-2,?v foo-bar,?! .(patch2))() @@ hit*
(,s+2,?v $j-$$+2,?! wx 9090)() @@ hit*
f-hit*
```

Because vimscript and r2script may be brittle to use, they both have a lot
of binding: lua, ruby, python, vimscript, mzscheme, Perl, Tcl, … for vim, and
a large subset of those for radare2.

The community around those two software are a bit alike: they are fans of their
tool, and will be vocal about this, which is <s>sometimes</s> often annoying to
others: Why can't those people not shut up, why do they have to be so vocal and
insist that we give a try at their cryptic tool from the past?

There are some GUI for vim, like GVim, or [all the neovim
ones](https://github.com/neovim/neovim/wiki/Related-projects),
but most of the people are simply using vim in a terminal, because
it's more convenient.
Radare2 had [gradare2](https://github.com/radare/gradare2),
[bokken](https://github.com/thestr4ng3r/bokken),
[Ronin](https://github.com/jubal-R/Ronin), 
[radare2gui_dotnet](https://github.com/m4ndingo/radare2gui_dotnet), [various
web interfaces](https://github.com/radare/radare2-webui), and now
<s>[Iaito](https://github.com/hteso/iaito)</s>
[Cutter](https://github.com/radareorg/cutter), but most of its power users are
using `radare2`.

Both of them are also running on almost every single platform: AmigaOS, Atari
MiNT, BeOS, DOS, MacOS, NextStep, OS/2, OSF, RiscOS, SGI, UNIX, VMS, Win16 + Win32
(Windows95/98/00/NT), BSD\*, Linux, …

Moreover, even while they're packed with features, they do have a lot of
<s>hackish</s> clever integrations with other programs: vim plays nice with
[`make`](http://vimdoc.sourceforge.net/htmldoc/quickfix.html#:make),
[`ctags`](http://vimdoc.sourceforge.net/htmldoc/tagsrch.html#ctags),
[`LSP`](https://www.reddit.com/r/vim/comments/7lnhrt/which_lsp_plugin_should_i_use/),
crazy [autocompletion engines](https://github.com/ycm-core/YouCompleteMe),
[fuzzy finders](https://github.com/junegunn/fzf.vim),
[git](https://github.com/tpope/vim-fugitive)…
while radare2 integrates with
[yara](https://github.com/radare/radare2/blob/master/doc/yara.md), 
[snowman](https://github.com/d4em0n/r2snow),
[retdec](https://github.com/securisec/r2retdec),
[ghidra](https://github.com/radareorg/r2ghidra-dec), 
[kaitai](https://github.com/radare/radare2-extras/tree/master/kaitai), …

I like vim, it's great to write text, C, Haskell, … but I wouldn't recommend to
use it for things like Java or C++. For those, an IDE is more suited. Of
course, there will always be people using vim for Java, but the majority
doesn't.

For radare2, it's similar: it's great for reversing small programs, like in
CTF, things written in C, … but for C++ or massive packed binaries, I wouldn't
recommend it.


## Binary Ninja is like [Emacs](https://www.gnu.org/software/emacs/)

Binary ninja feels a bit clunky: there is this omnipresent feeling that things
are missing or aren't completely dry yet. But if you take the
time to write your plugins, or to use the ones from other, then you'll
understand why its users are loving it so much.

For example, its [Opaque predicate
patcher](https://github.com/Vector35/OpaquePredicatePatcher) plugin is amazing,
and would be awful to write in pure r2script. Even by using Python, for
example via [r2pipe](https://github.com/radare/radare2-r2pipe), or
[IDAPython](https://github.com/idapython/src), doing the backward propagation
to find if a given condition is constant would be horrible.

Actually, some people are recommending [org-mode](https://orgmode.org) or
[magit](https://magit.vc/), with emacs only being a byproduct of it. Like
Binary Ninja being a byproduct of its [multi-level
IL](https://en.wikipedia.org/wiki/Intermediate_representation) or Python API.

There is also this tendency of emacs users to never use any other tool, because
they wrote [eww](https://lars.ingebrigtsen.no/2013/06/16/eww/) to browse the
web, [ERC](https://www.emacswiki.org/emacs/ERC) for irc, reading emails with
[GNUS](http://www.gnus.org/about.html), using [org-mode](https://orgmode.org/) as a
notebook/calendar, serving http with [elnode](https://www.emacswiki.org/emacs/Elnode),
[ordering food](https://github.com/Cestdiego/sweetgreen.el), …
Binary Ninja users have a similar behaviour: scripting
everything via the Python API.

## IDA Pro is like [IntelliJ IDEA](https://www.jetbrains.com/idea/)

IDA is massive, and costs [more
money](https://hex-rays.com/products/ida/order.shtml) than its competitors, but
this is what the industry is using, and you can reverse massive binaries with
ease.

You can of course write C++ or Java in vim, or in emacs, but you either have a
massive amount of plugins, or you're a hardcore user, which is entirely fine.
But for normal people™, it's usually easier, faster and more effective to use
an IDE.

IntelliJ IDEA comes with a lot of features, like deep integration with the Java
ecosystem (Gradle, Maven, JBoss, Spring, Android, …), intelligent
autocompletion, code analysis, refactoring, framework integrations, profiting…

Likewise, IDA Pro comes with
[FLIRT](https://hex-rays.com/products/ida/tech/flirt/in_depth.shtml), remote
debugging (including compatibility with
[Corellium](https://www.corellium.com/)), advanced analysis, tracing, advanced
typing system with [automatic
inference](https://hex-rays.com/products/ida/tech/index.shtml), an [advanced
interactive decompiler](https://hex-rays.com/products/decompiler/index.shtml),
support for a myriad of architectures, PDB support,
[Lumina](https://www.hex-rays.com/products/ida/lumina/index.shtml), Android and
iPhone weird format support, …


# There is more…

At the beginning of this blogpost, I used the term "partially answered",
because a metaphor is rarely enough to provide a comprehensive answer,
and there is an elephant in the room that needs to be mentioned: *money*

Radare2 has a vibrant community, that does things mostly because they are fun,
while IDA Pro and Binary Ninja have to make money: if you want a feature in
radare2, you'll need to either convince someone to implement it for you, or
to implement it yourself, while for the others, you can likely just throw a
bunch of money at the developers to get it done. Worse case,
the license is coming with technical support anyway.

<!-- https://www.hex-rays.com/products/ida/order.shtml or pay 10kUSD for one
year of Sdk support -->

Not having to care about paying the rent by selling radare2 also means that
some <s>useless</s> <s>stupid</s> entertaining features are added from time to
time: some potache easter eggs, the game [2048](https://play2048.co/), emoji
support, Malbolge and brainfuck disassembly, … this also means that from time
to time, things are broken, and nobody cares because nobody is using them but
you. 

It also means that while Binary Ninja and IDA Pro a giving
[expensive](https://recon.cx/2019/montreal/training/trainingninja.html)
[trainings](https://www.hex-rays.com/products/ida/training/index.shtml),
radare2 has the [r2con](https://rada.re/con) for less than 100EUR, with 2 days
of workshops,and two day of people presenting the crazy things they did with
radare2: [fiddling](https://github.com/angelkillah/MooHijack) with proprietary Street Fighter emulators, 
[writing a GUI](http://cutter.re), [integrate with
decompilers](https://retdec.com/),
[Fuzzing](https://www.youtube.com/watch?v=obZ7bhUwrtQ), [writing
music](https://www.youtube.com/watch?v=eqgorXbiPr0), [reversing wireless SD
cards](https://www.youtube.com/watch?v=-Jm3gRX3EAQ), … and even a [chiptune
party](https://www.radare.org/con/2019/agenda.html#sep7)!