Hacker News new | past | comments | ask | show | jobs | submit login
Cutter: Open-source GUI disassembler, with Python plugins (github.com)
131 points by xvilka 32 days ago | hide | past | web | favorite | 22 comments

Took me a moment to realize what I'm looking at. GUI disassembling sounded like cutting up a GUI somehow. reaches for coffee

I was wondering the same thing. Unfortunately I will have to wait on the coffee till I get to the office heh.

People might be more interested if the title was kept the original from the Github repo:

A Qt and C++ GUI for radare2 reverse engineering framework

It's not a new disassembler, it's a GUI frontend to the excellent radare2.

I wouldn't know at first glance what radare2 does, so this title was actually slightly more informative. Still nice to hear that it builds on previous work, though.

> Still nice to hear that it builds on previous work, though.

This is the problem with the title. Cutter doesn't "[build] on previous work" with radare2, it is simply a shell around radare2, which is itself a reverse engineering framework.

I've never really had much luck with Cutter. It's apparently all single-thread "by design", which causes it to hang indefinitely when analyzing larger binaries. Another unfortunate side effect of that "design" is that it also has to analyze everything in the foreground while you wait - unlike IDA or Ghidra's ability to do so in the background.

Radare2 is pretty decent for what it is - especially considering that it's "free as in beer" - but I always found Cutter to be pretty frustratingly lackluster.

Why "free as in beer"? It's GPL2.

Honestly wasn't sure of the license - I just knew it was at least that type of free.

Ah, okay.

Cutter is a fantastic piece of software, and I use it for university coursework and CTFs on a regular basis. Obviously it isn’t yet as feature complete as something like IDA, but it sure does look nicer when you’re using it. The fact that it’s running radare2 under the hood is great, because it supports so many different kinds of binaries. I hope that GHIDRA gets absorbed in part into r2 (I don’t know if that’s architectural possible), because a good FOSS piece of software to compete with IDA is sorely needed in this industry.

As much as I enjoy using radare2, I can't help but feel that the release of GHIDRA has made it somewhat obsolete. Perhaps some components of it can be used in r2 in the future though.

..but Ghidra, as Cutter can't debug... (that's why I'll have to learn radare2 still, when staying with the free beer thing..)

Does GHIDRA actually do something that radare2 doesn't?

I'm asking seriously. To me, it seems like it deals with a subset of radare2 features only, and is slow + uses a shitload of ram, when it doesn't outright crash/100%cpu on a problem binary.

As for reusing code as r2 plugins components, I've heard about some efforts around r2's irc channel.

It's funny that you say that - I had the exact opposite experience.

I've run several binaries through Ghidra that Cutter locks up with. In fact, that's what made me look into Ghidra at all after having found Cutter a few months ago.

Just my anecdotal experience obviously.

What are specific Cutter features that Ghidra lacks?

>I've run several binaries through Ghidra that Cutter locks up with.

That's interesting. Please drop by the irc channel to report! I do suspect it's cutter-specific, and radare cli would work fine.

Pancake keeps a collection of past problematic binaries which are used for automatic regression testing. If my suspicion is right, it'd be worth auto-testing cutter too.

This is probably me being paranoid, but do we actually trust Ghidra to not contain any backdoors?

I'm torn here.

I feel like that would be incredibility audacious given the intended user base, but they've done worse.

I've used it in a VM with no outbound networking capabilities and on a Kali install after physically disconnecting it from the network. Wouldn't help against persistent threats, though.

Personally, downloading a .zip file directly from a .gov website left me with a weird feeling. I would trust it more if they actually used the github repo for it.

Let's just hope my HDD firmware is still intact...

Yeah, I feel the same. I downloaded and unzipped it, but was never brave enough to actually run it.

> Add support for listing and editing Anal Classes in ClassesWidget

A somewhat unfortunate abbreviation…

I assume 32bit binaries will still be around for a long time, this project dropped support with this version, though.

It can open 32bit binaries of course. Most of Windows installations are now 64bit.

The way it was stated is a bit unclear, but they were talking about Cutter's binaries, not which ones it can open

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact