According to their github page, bokken is a,"GUI for the Radare project so it offers almost all the same features that Radare has and and some of the Radare's ones. It's intended to be a basic disassembler, mainly, to analyze
malware and vulnerabilities."
Basically, its a lightweight all in one dissembler and the only one i've seen that could rival IDA in terms of features. Installing it is complicated, and tutorial on it are out of date or pure garbage.
INSTALLING DEPENDENCES
sudo apt-get install graphviz
sudo apt-get install python-gtk2sudo apt-get install python-gtksourceview2After installing those, you can find the latest version of Bokken here
https://www.bokken.re/download.htmltar -zxvf bokken-1.8.tar.gzMove it to /opt/ directory
sudo mv bokken/ /opt/and cd into it
cd /opt/bokken/Now run ./bokken, you should get something like, "Python version...
OKRadare availability.....
D'OH!You need radare2 bindings to use r2 backend. Download it from its web
-http://www.radare2.org"
That is because we need a back end, this is completely ran off radare2. In the past, it supported pyew, but as of recently, they dropped support for it.
Now you can go to radare2's website and download the packages, or you can use github, your choice, I will be showing you the commands for both of them.
Github installgit clone https://github.com/radare/radare2cd radare2sys/install.sh"Classic" installDownload the source packagestar -zxvf radare2-0.9.9.tar.gzcd radare2-0.9.9/./configuremakesudo make installNow try to run the command, "radare2 /usr/bin/yes" if it brings up information and data about the file, congrats, you successfully install radare2. If you got the same error message I did, which was, "libr_core.so:cannot open or read object file:No such file or directory", you have to locate and repair the file using ldconfig
whereis libr_core.so.0.9.9 and it will give you the path,
sudo idconfig /usr/local/lib/and now we re-run it and try analyzing /usr/bin/yes, if all works, you should get this:
-- Reverser by Birth, r2 by Choice
[0x00401654]> i
type EXEC (Executable file)
file /usr/bin/yes
fd 6
size 0x69e8
blksz 0x0
mode -r--
block 0x100
format elf64
pic false
canary true
nx true
crypto false
va true
bintype elf
class ELF64
lang c
arch x86
bits 64
machine AMD x86-64 architecture
os linux
subsys linux
endian little
stripped true
static false
linenum false
lsyms false
relocs false
rpath NONE
binsz 25588
[0x00401654]>
Sadly, we still need radare2's python bindings for it to run as a backend to bokken. Go back to radare's website and download the package called, "r2-bindings", after downloading it, we need to decompress it and install it.
tar -zxvf r2-bindings-0.9.9.tar.gzcd r2-bindings-0.9.9if you read the "README" file in this package, you can see it has only one dependency, swig
Luckily this is relatively easy to install.
sudo apt-get install swigthen run
./configure –prefix=/usr –enable=pythongo to the "python directory" then run
PYTHON_CONFIG=python2.7-config makeif that failed, you need the, "python.h" header files installed, which can be obtained through,
sudo apt-get install python2.7-dev after than, run the python_config command again, it should work.
switch to root user, go to the folder you have radare2-bindings in, and run
PYTHON_CONFIG=python2.7-config make installNow, you should be able to run ./bokken on your machine and launch it successfully. Go to the directory you have ./bokken saved to, in this case, /opt/, and run it.
And when you run a file through it, in this case, a simple "hello world" program, you get this:
http://i.imgur.com/z9ysUAm.png?1Features a hex dump, string locater, python support, and more. This is the first tutorial i've ever written, if you have any suggestions or things i missed, leave a comment.
