Agent skill

binary-re:tool-setup

Use when reverse engineering tools are missing, not working, or need configuration. Installation guides for radare2 (r2), Ghidra, GDB, QEMU, Frida, binutils, and cross-compilation toolchains. Keywords - "install radare2", "setup ghidra", "r2 not found", "qemu missing", "tool not installed", "configure gdb", "cross-compiler"

View SKILL.md on GitHub Repository
Stars 36
Forks 1

Install this agent skill to your Project

npx add-skill https://github.com/2389-research/claude-plugins/tree/main/binary-re/skills/tool-setup

SKILL.md

Tool Setup

Purpose

Ensure required reverse engineering tools are available and properly configured for cross-architecture analysis.

When to Use

  • Before first analysis session
  • When tool commands fail
  • Setting up new analysis environment
  • Updating to newer tool versions

Required Tools

Tool Purpose Priority
radare2 Static analysis, disassembly Required
rabin2 Fast binary triage Required (part of r2)
qemu-user Cross-arch emulation Required
gdb-multiarch Cross-arch debugging Required
Ghidra Decompilation Recommended
GEF GDB enhancements Recommended
Frida Dynamic instrumentation Optional
Unicorn Snippet emulation Optional
Angr Symbolic execution Optional

Installation by Platform

Ubuntu/Debian

bash
# Core tools
sudo apt update
sudo apt install -y \
  radare2 \
  qemu-user \
  qemu-user-static \
  gdb-multiarch \
  binutils-multiarch \
  jq                    # Required for JSON parsing in skill commands

# ARM sysroots (for QEMU)
sudo apt install -y \
  libc6-armhf-cross \
  libc6-arm64-cross \
  libc6-dev-armhf-cross \
  libc6-dev-arm64-cross

# Additional utilities
sudo apt install -y \
  file \
  binutils \
  elfutils \
  patchelf

Windows (WSL2)

Windows users should use WSL2 with Ubuntu for full compatibility:

powershell
# PowerShell (Administrator) - Install WSL2 with Ubuntu
wsl --install -d Ubuntu

# Restart computer when prompted, then open Ubuntu terminal

Inside WSL2 Ubuntu:

bash
# Install all required tools
sudo apt update && sudo apt install -y \
  radare2 \
  qemu-user \
  qemu-user-static \
  gdb-multiarch \
  binutils-multiarch \
  jq \
  file \
  patchelf

# Fix file permissions for Windows-mounted drives
sudo tee -a /etc/wsl.conf > /dev/null << 'EOF'
[automount]
options = "metadata,umask=22,fmask=11"
EOF

# Restart WSL to apply changes
# (In PowerShell: wsl --shutdown)

WSL2 Tips:

  • Copy binaries into ~ rather than using /mnt/c/... paths (fewer permission issues)
  • Use wsl --shutdown in PowerShell to restart WSL after config changes
  • Docker Desktop integrates with WSL2 for container-based analysis

macOS (Homebrew)

bash
# Core tools
brew install radare2 jq

# NOTE: Homebrew QEMU may lack qemu-user targets
# Verify: qemu-arm --version || echo "qemu-user missing"
# If missing, use Docker for cross-arch execution (see below)

# GDB requires special handling on macOS
brew install gdb
# Note: Code signing required for debugging

# ARM cross tools (optional, for static analysis only)
brew install arm-linux-gnueabihf-binutils

macOS Docker Setup for Dynamic Analysis

Since Homebrew doesn't provide qemu-user, use Docker for cross-architecture execution:

bash
# Install Docker runtime (Colima is lightweight alternative to Docker Desktop)
brew install colima docker

# Start Colima
colima start

# Register multi-architecture emulation handlers
docker run --rm --privileged --platform linux/arm64 \
  tonistiigi/binfmt --install arm

# Verify ARM32 emulation works
docker run --rm --platform linux/arm/v7 arm32v7/debian:bullseye-slim uname -m
# Should output: armv7l

# Verify ARM64 emulation works
docker run --rm --platform linux/arm64 arm64v8/debian:bullseye-slim uname -m
# Should output: aarch64

# Verify x86-32 emulation works
docker run --rm --platform linux/i386 i386/debian:bullseye-slim uname -m
# Should output: i686

IMPORTANT: On Colima, always mount from ~/ not /tmp/:

bash
# ✅ Works
docker run -v ~/samples:/work ...

# ❌ May fail silently
docker run -v /tmp/samples:/work ...

Arch Linux

bash
sudo pacman -S radare2 qemu-user gdb
yay -S arm-linux-gnueabihf-glibc  # From AUR

Tool-Specific Setup

radare2

bash
# Verify installation
r2 -v
rabin2 -v

# Install r2ghidra plugin (decompilation)
r2pm init
r2pm update
r2pm -ci r2ghidra  # -ci = clean install

# Verify r2ghidra is working (CRITICAL CHECK)
r2 -qc 'pdg?' - 2>/dev/null | grep -q Usage && echo "r2ghidra OK" || echo "r2ghidra MISSING"

# Alternative verification
r2 -c 'Ld' /bin/ls | grep -i ghidra

Common r2ghidra issues:

Symptom Cause Fix
pdg unknown command Plugin not loaded r2pm -ci r2ghidra
Plugin loads but crashes Version mismatch Update both r2 and plugin
Decompilation hangs Large function Use pdf instead, or Ghidra headless

Configuration (~/.radare2rc):

# Disable colors for scripting
e scr.color=false

# Increase analysis limits
e anal.timeout=120
e anal.maxsize=67108864

# JSON output by default for scripts
e cfg.json.num=true

Ghidra (Headless)

bash
# Download from https://ghidra-sre.org/
# Extract to /opt/ghidra

# Verify headless script
/opt/ghidra/support/analyzeHeadless --help

# Add to PATH
echo 'export PATH=$PATH:/opt/ghidra/support' >> ~/.bashrc

Memory configuration (for large binaries): Edit /opt/ghidra/support/analyzeHeadless:

bash
MAXMEM=4G  # Increase from default

GEF (GDB Enhanced Features)

bash
# Install GEF
bash -c "$(curl -fsSL https://gef.blah.cat/sh)"

# Verify
gdb -q -ex "gef help" -ex "quit"

# For ARM Cortex-M support, also install gef-extras
git clone https://github.com/hugsy/gef-extras.git ~/.gef-extras
echo 'source ~/.gef-extras/scripts/checksec.py' >> ~/.gdbinit

Frida

bash
# Install Frida tools
pip install frida-tools

# Verify
frida --version

# Install frida-server for device debugging (optional)
# Download from https://github.com/frida/frida/releases

Unicorn (Python bindings)

bash
pip install unicorn

# Verify
python -c "from unicorn import *; print('OK')"

Angr

bash
# Create virtual environment (recommended)
python -m venv ~/angr-venv
source ~/angr-venv/bin/activate

# Install angr
pip install angr

# Verify
python -c "import angr; print('OK')"

YARA

bash
# Ubuntu/Debian
sudo apt install yara

# Or from source for latest
git clone https://github.com/VirusTotal/yara.git
cd yara
./bootstrap.sh
./configure
make && sudo make install

# Python bindings
pip install yara-python

Sysroot Setup

Standard Debian/Ubuntu Sysroots

Already installed via libc6-*-cross packages:

bash
# Verify paths
ls /usr/arm-linux-gnueabihf/lib/
ls /usr/aarch64-linux-gnu/lib/

Custom Sysroot from Device

bash
# Pull from device via SSH
mkdir -p ~/sysroots/device
ssh user@device "tar czf - /lib /usr/lib" | tar xzf - -C ~/sysroots/device

# Or minimal extraction
ssh user@device "tar czf - /lib/ld-* /lib/libc.* /lib/libpthread.* /lib/libdl.*" \
  | tar xzf - -C ~/sysroots/device

Musl Sysroot

bash
# From Alpine Linux
docker run -it --rm -v ~/sysroots:/out alpine:latest sh -c \
  "apk add musl musl-dev && cp -a /lib /usr /out/alpine-musl"

Verification Script

Run this to verify all tools are working:

bash
#!/bin/bash
set -e

echo "=== Binary RE Tool Verification ==="

# radare2
echo -n "radare2: "
r2 -v | head -1

# rabin2
echo -n "rabin2: "
rabin2 -v | head -1

# QEMU
echo -n "qemu-arm: "
qemu-arm --version | head -1

echo -n "qemu-aarch64: "
qemu-aarch64 --version | head -1

# GDB
echo -n "gdb-multiarch: "
gdb-multiarch --version | head -1

# Ghidra (optional)
if command -v analyzeHeadless &> /dev/null; then
  echo -n "Ghidra: "
  analyzeHeadless 2>&1 | head -1 || echo "available"
else
  echo "Ghidra: not installed (optional)"
fi

# Frida (optional)
if command -v frida &> /dev/null; then
  echo -n "Frida: "
  frida --version
else
  echo "Frida: not installed (optional)"
fi

# Sysroots
echo ""
echo "=== Sysroots ==="
[ -d /usr/arm-linux-gnueabihf ] && echo "ARM hard-float: OK" || echo "ARM hard-float: MISSING"
[ -d /usr/aarch64-linux-gnu ] && echo "ARM64: OK" || echo "ARM64: MISSING"

echo ""
echo "=== Verification Complete ==="

Troubleshooting

Common Issues Quick Reference

Symptom Cause Fix
exec format error in Docker binfmt not registered docker run --privileged tonistiigi/binfmt --install arm
ld-linux.so.3 not found Linker path mismatch ln -sf /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3
libXXX.so not found Missing dependency apt install in container (check rabin2 -l)
r2 pdg unknown command r2ghidra not installed r2pm -ci r2ghidra
Empty xrefs from axtj Shallow analysis Use aa; aac or manual af @addr
Empty Docker mount Colima /tmp issue Use ~/path instead of /tmp/path
strace fails in container ptrace not implemented Use LD_DEBUG=files,libs

r2 "Cannot open file"

bash
# Check permissions
ls -la binary

# Try with explicit format
r2 -b 32 binary

QEMU "Invalid ELF image"

bash
# Verify architecture matches
file binary

# Check QEMU variant
qemu-arm --help | grep -i "target"

Docker "exec format error"

bash
# Register binfmt handlers (one-time setup)
docker run --rm --privileged --platform linux/arm64 \
  tonistiigi/binfmt --install arm

# Verify registration
cat /proc/sys/fs/binfmt_misc/qemu-arm

GDB "Cannot execute binary"

bash
# Use QEMU as gdbserver
qemu-arm -g 1234 ./binary &
gdb-multiarch -ex "target remote :1234" ./binary

Ghidra "Out of memory"

bash
# Increase heap in analyzeHeadless script
# Or pass explicitly:
analyzeHeadless ... -max-cpu 4 -analysisTimeoutPerFile 600

Missing ARM libraries in QEMU

bash
# Set LD_LIBRARY_PATH in QEMU environment
qemu-arm -E LD_LIBRARY_PATH=/lib:/usr/lib -L /sysroot ./binary

# Or use patchelf to modify binary's rpath
patchelf --set-rpath /lib:/usr/lib ./binary

Docker container can't find libraries

bash
# Inside container, install common dependencies
apt-get update && apt-get install -y libcap2 libacl1

# Check what the binary needs
# (Run rabin2 -l on host before entering container)

Version Recommendations

Tool Minimum Recommended
radare2 5.8.0 Latest
QEMU 7.0 8.0+
GDB 12.0 14.0+
Ghidra 10.3 11.0+
Frida 16.0 Latest

Environment Variables

Add to ~/.bashrc or ~/.zshrc:

bash
# Ghidra
export GHIDRA_HOME=/opt/ghidra
export PATH=$PATH:$GHIDRA_HOME/support

# Default sysroot for QEMU
export QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf

# Angr virtual environment
alias angr-activate='source ~/angr-venv/bin/activate'

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

2389-research/claude-plugins

css-development

This skill should be used when working with CSS, creating components, styling elements, refactoring styles, or reviewing CSS code. Triggers on "CSS", "styles", "Tailwind", "dark mode", "component styling", "semantic class", "@apply", "stylesheet". Routes to specialized sub-skills for creation, validation, or refactoring.

36 1
Explore
2389-research/claude-plugins

css-development:create-component

This skill should be used when creating new styled components or adding new CSS classes. Triggers on "create component", "new button", "new card", "add styles", "style component", "build UI element". Guides semantic naming, Tailwind composition, dark mode support, and test coverage.

36 1
Explore
2389-research/claude-plugins

css-development:refactor

This skill should be used when refactoring existing CSS from inline styles or utility classes to semantic patterns. Triggers on "refactor CSS", "extract styles", "consolidate CSS", "convert inline", "clean up styles", "migrate to semantic". Transforms to semantic classes with dark mode and tests.

36 1
Explore
2389-research/claude-plugins

css-development:validate

This skill should be used when reviewing or auditing existing CSS code for consistency with established patterns. Triggers on "review CSS", "audit styles", "check CSS", "validate stylesheet", "CSS review". Checks semantic naming, dark mode coverage, Tailwind usage, and test coverage.

36 1
Explore
2389-research/claude-plugins

ceo-personal-os

This skill should be used when building a personal productivity or operating system for a CEO, founder, or executive. Triggers on "personal OS", "annual review", "life planning", "goal setting system", "Bill Campbell", "Trillion Dollar Coach", "startup failure patterns", "Good to Great", "Level 5 Leadership", "Buy Back Your Time", "E-Myth", "Customer Development", "Steve Blank", "Small Is Beautiful", "Schumacher", "human-scale", "subsidiarity", "Buddhist economics", "permanence".

36 1
Explore
2389-research/claude-plugins

gtm-partner

Strategic go-to-market partner that recommends channels, validates strategy with the user, and generates only the assets that matter. Use when a user has a validated business idea and needs tailored GTM strategy, not generic marketing assets.

36 1
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results