ASCII character space (0x20) is displayed in different ways

[patatetom]

Environment

# copypaste this script into your shell and replace it with the output
date
r2 -v
uname -ms
Wed Jan  8 16:32:31 CET 2025
radare2 5.9.8 0 @ linux-x86-64
birth: git.5.9.8 2024-12-25__11:50:37
options: gpl release -O1 cs:5 cl:2 meson
Linux x86_64

Description

hi,

playing with an ELF that tests the validity of a password, I notice that the space character is not correctly displayed/interpreted/returned by r2.

here's what I see :

[0x00001080]> aaaa
…
[0x00001080]> iM
[Main]
vaddr=0x00001200 paddr=0x00001200
[0x00001080]> s 0x00001200
[0x00001200]> pdf
…
; string "Ar7hUr_c._Cl4rk3" string "Ar7hUr_c._Cl4rk3"
│      │└─> 0x00001259      c645d041       mov byte [s2], 0x41         ; 'A'
│      │    0x0000125d      c645d172       mov byte [var_2fh], 0x72    ; 'r'
│      │    0x00001261      c645d237       mov byte [var_2eh], 0x37    ; '7'
│      │    0x00001265      c645d368       mov byte [var_2dh], 0x68    ; 'h'
│      │    0x00001269      c645d455       mov byte [var_2ch], 0x55    ; 'U'
│      │    0x0000126d      c645d572       mov byte [var_2bh], 0x72    ; 'r'
│      │    0x00001271      c645d620       mov byte [var_2ah], 0x20    ; "@"
│      │    0x00001275      c645d763       mov byte [var_29h], 0x63    ; 'c'
│      │    0x00001279      c645d82e       mov byte [var_28h], 0x2e    ; '.'
│      │    0x0000127d      c645d920       mov byte [var_27h], 0x20    ; "@"
│      │    0x00001281      c645da43       mov byte [var_26h], 0x43    ; 'C'
│      │    0x00001285      c645db6c       mov byte [var_25h], 0x6c    ; 'l'
│      │    0x00001289      c645dc34       mov byte [var_24h], 0x34    ; '4'
│      │    0x0000128d      c645dd72       mov byte [var_23h], 0x72    ; 'r'
│      │    0x00001291      c645de6b       mov byte [var_22h], 0x6b    ; 'k'
│      │    0x00001295      c645df33       mov byte [var_21h], 0x33    ; '3'
│      │    0x00001299      488b45f0       mov rax, qword [var_10h]
│      │    0x0000129d      488b7808       mov rdi, qword [rax + 8]    ; const char *s1
│      │    0x000012a1      488d75d0       lea rsi, [s2]               ; const char *s2
│      │    0x000012a5      e896fdffff     call sym.imp.strcmp         ; int strcmp(const char *s1, const char *s2)
…

the password is Ar7hUr c. Cl4rk3, with the space character (2 x 0x20).
on the first line of code copied above, the space character is represented by the underscore character _, and on the eighth and eleventh lines, the space character is represented by the at sign @.

it's not strictly speaking a bug, but I haven't found anything about it.

regards, lacsaP.

[trufae]

the reason for that is because flags cant contain spaces. and spaces are translated to lowerdashes when filtering the name. my assumption here is that the disasm is using the wrong source or filter function to perform that conversion to avoid injecting non-desired characters in the terminal (read it as newlines, tabs, other non-printable chars).. so i guess this is a bug and must be addressed, can you provide a reproducer?. aka the binary and commands to make it happen? thank you

[patatetom]

yes : here are the commands and the binary.

~> r2 ./nostring
[0x00001080]> aaaa
[0x00001080]> s main
[0x00001200]> pdf