Anton Lindstrom (about, @twitter, @github)

Viewing binary files in hex

Published:

When writing rules in Snort or otherwise get information about binary files it can be helful to view them in hex format. Like capturing binary data from tcpdump. For a school asignment in Intrusion detection we were asked to write rules in Snort to match defined binary files. To view binary in hex or hex in binary we can use xxd:

$ xxd binary.bin
0000000: 616e 746f 6ef2 2a7b 4180 a713 c9eb 1da2  anton.*{A.......
0000010: d236 19eb bd7a 80a7 13c9 fa07 dc80 1924  .6...z.........$
0000020: 29ba dc1f c0ea 886b 0462 56f1 7246 350a  )......k.bV.rF5.
0000030: 5980 a713 c905 d101 0a                   Y........

When editing in VIm it is possible to use the command :%!xxd and reversing :%!xxd -r.