r2 Emulation Basics Emulation is a great way to find out what a function, basic block, or just a couple of instructions are doing without actually running the code. Emulation can often be used to assist with reverse engineering malware’s encryption/packing routines. Radare2 supports emulation for all platforms that support ESIL uplifting. Decrypting a XOR encrypted string with Radare2’s Emulation Follow along and download the sample here! This sample contains a XOR decryption routine in main.