Skip to content

Latest commit

 

History

History
306 lines (234 loc) · 4.46 KB

hexdump.md

File metadata and controls

306 lines (234 loc) · 4.46 KB
Raw

Hexdump Comprehensive Cheatsheet

Installation Instructions

Windows

# Using Chocolatey
choco install hexdump

# Using MSYS2
pacman -S util-linux

Linux (Ubuntu/Debian)

sudo apt-get update
sudo apt-get install bsdmainutils

macOS

# Using Homebrew
brew install hexdump

# Already installed by default on macOS

Basic Commands

Standard Output Formats

  1. Basic Hexdump
hexdump file
  1. Canonical Hex+ASCII Display
hexdump -C file
  1. Two-byte Hex Display
hexdump -x file
  1. One-byte Octal Display
hexdump -b file

Format Specifiers

  1. Custom Format
hexdump -e '16/1 "%02X " "\n"' file
  1. Format with ASCII
hexdump -e '16/1 "%02X " "  |" 16/1 "%_p" "|\n"' file
  1. Four-byte Words
hexdump -e '4/4 "%08X " "\n"' file

Offset Control

  1. Skip Bytes
hexdump -s offset file
  1. Limit Length
hexdump -n length file
  1. Custom Offset Format
hexdump -e '"0x%08.8_ax  " 16/1 "%02X " "\n"' file

Data Analysis

  1. Search for Pattern
hexdump -C file | grep "pattern"
  1. Compare Files
cmp <(hexdump file1) <(hexdump file2)
  1. Extract Specific Bytes
hexdump -s offset -n length -C file

Advanced Format Strings

  1. Custom Byte Grouping
hexdump -e '8/1 "%02X " "  " 8/1 "%02X " "\n"' file
  1. Include Decimal Values
hexdump -e '4/1 "%3d " "\n"' file
  1. Mixed Hex and ASCII
hexdump -e '"%08.8_ax  " 8/1 "%02X " "  " 8/1 "%02X "' -e '"  |" 16/1 "%_p" "|\n"' file

File Analysis Techniques

  1. Find String Patterns
hexdump -C file | grep -A1 -B1 "text"
  1. Analyze File Headers
hexdump -n 16 -C file
  1. Check File Type
hexdump -n 4 -C file

Binary Analysis

  1. Analyze Executable Headers
hexdump -n 64 -C executable
  1. Extract Sections
hexdump -s section_offset -n section_size -C file
  1. Find Null Sequences
hexdump -C file | grep "00 00 00 00"

Special Uses

  1. Memory Dump Analysis
hexdump -C memory.dump
  1. Network Packet Analysis
hexdump -C packet.cap
  1. Firmware Analysis
hexdump -C firmware.bin

Advanced Usage

Custom Scripts

  1. Pattern Matching Script
#!/bin/bash
hexdump -C "$1" | grep -A2 -B2 "$2"
  1. Binary Diff Script
#!/bin/bash
diff <(hexdump -C "$1") <(hexdump -C "$2")

Format String Examples

  1. 32-bit Integer Format
hexdump -e '4/4 "0x%08x " "\n"' file
  1. Float Format
hexdump -e '4/4 "%f " "\n"' file
  1. Mixed Format
hexdump -e '"%-8_ad  " 8/1 " %02x" "  " 8/1 " %02x" "  |" 16/1 "%_p" "|\n"' file

Practical Applications

File Format Analysis

  1. PDF Header Analysis
hexdump -n 32 -C file.pdf
  1. ZIP File Analysis
hexdump -C file.zip | grep "PK"
  1. Image File Analysis
hexdump -n 8 -C image.jpg

Malware Analysis

  1. String Extraction
hexdump -C malware.bin | grep -i "http"
  1. Signature Detection
hexdump -C file | grep -A4 "MZ"

Data Recovery

  1. Find File Headers
hexdump -C disk.img | grep -A16 -B16 "PDF"
  1. Carve File Boundaries
hexdump -C disk.img | grep -A32 "FFD8"

Best Practices

Performance Tips

  1. Large File Handling
# Use dd to split large files
dd if=large_file bs=1M count=1 | hexdump -C
  1. Efficient Searching
hexdump -C file | grep --color=auto pattern

Analysis Workflow

  1. Initial Assessment
# Quick file overview
head -c 512 file | hexdump -C
  1. Detailed Analysis
# Full file with custom format
hexdump -e '"%08.8_ax  " 16/1 "%02X " "  |" 16/1 "%_p" "|\n"' file

Common Issues and Solutions

  1. File Encoding
# Handle different encodings
iconv -f utf-16 -t utf-8 file | hexdump -C
  1. Large Files
# Split analysis
split -b 1M file chunk_
for f in chunk_*; do hexdump -C "$f"; done

Scripting Examples

  1. Automated Analysis
#!/bin/bash
for file in *.bin; do
    echo "Analyzing $file..."
    hexdump -C "$file" | grep -A4 -B4 "pattern"
done
  1. Format Conversion
#!/bin/bash
hexdump -e '16/1 "%02X" "\n"' file > file.hex