Affichage et édition du contenu de fichiers binaires - hexdump - hd - strings - hexcurse - ghex

Mise à jour : Debian 10.3 / Buster

On s'intéresse ici aux fichiers dans leur représentation binaire

Sommaire

$ mv debian-10.0.0-amd64-netinst.iso demo.raw

1 - Affichage du contenu - hexdump , hd

$ hexdump demo.raw |head -3
0000000 5245 0008 0000 9090 0000 0000 0000 0000
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 ed33 8efa bcd5 7c00 fcfb 3166 66db c931
$ calc 0x10
16
$ calc 0x100
256
$ calc 0x200
512
$ hexdump -C demo.raw |head -3
00000000 45 52 08 00 00 00 90 90 00 00 00 00 00 00 00 00 |ER..............|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 33 ed fa 8e d5 bc 00 7c fb fc 66 31 db 66 31 c9 |3......|..f1.f1.|

ou bien
$ hd demo.raw |head -3
00000000 45 52 08 00 00 00 90 90 00 00 00 00 00 00 00 00 |ER..............|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 33 ed fa 8e d5 bc 00 7c fb fc 66 31 db 66 31 c9 |3......|..f1.f1.|
$ hd demo.raw -n512
00000000 45 52 08 00 00 00 90 90 00 00 00 00 00 00 00 00 |ER..............|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 33 ed fa 8e d5 bc 00 7c fb fc 66 31 db 66 31 c9 |3......|..f1.f1.|
00000030 66 53 66 51 06 57 8e dd 8e c5 52 be 00 7c bf 00 |fSfQ.W....R..|..|
00000040 06 b9 00 01 f3 a5 ea 4b 06 00 00 52 b4 41 bb aa |.......K...R.A..|
00000050 55 31 c9 30 f6 f9 cd 13 72 16 81 fb 55 aa 75 10 |U1.0....r...U.u.|
00000060 83 e1 01 74 0b 66 c7 06 f3 06 b4 42 eb 15 eb 02 |...t.f.....B....|
00000070 31 c9 5a 51 b4 08 cd 13 5b 0f b6 c6 40 50 83 e1 |1.ZQ....[...@P..|
00000080 3f 51 f7 e1 53 52 50 bb 00 7c b9 04 00 66 a1 b0 |?Q..SRP..|...f..|
00000090 07 e8 44 00 0f 82 80 00 66 40 80 c7 02 e2 f2 66 |..D.....f@.....f|
000000a0 81 3e 40 7c fb c0 78 70 75 09 fa bc ec 7b ea 44 |.>@|..xpu....{.D|
000000b0 7c 00 00 e8 83 00 69 73 6f 6c 69 6e 75 78 2e 62 ||.....isolinux.b|
000000c0 69 6e 20 6d 69 73 73 69 6e 67 20 6f 72 20 63 6f |in missing or co|
000000d0 72 72 75 70 74 2e 0d 0a 66 60 66 31 d2 66 03 06 |rrupt...f`f1.f..|
000000e0 f8 7b 66 13 16 fc 7b 66 52 66 50 06 53 6a 01 6a |.{f...{fRfP.Sj.j|
000000f0 10 89 e6 66 f7 36 e8 7b c0 e4 06 88 e1 88 c5 92 |...f.6.{........|
00000100 f6 36 ee 7b 88 c6 08 e1 41 b8 01 02 8a 16 f2 7b |.6.{....A......{|
00000110 cd 13 8d 64 10 66 61 c3 e8 1e 00 4f 70 65 72 61 |...d.fa....Opera|
00000120 74 69 6e 67 20 73 79 73 74 65 6d 20 6c 6f 61 64 |ting system load|
00000130 20 65 72 72 6f 72 2e 0d 0a 5e ac b4 0e 8a 3e 62 | error...^....>b|
00000140 04 b3 07 cd 10 3c 0a 75 f1 cd 18 f4 eb fd 00 00 |.....<.u........|
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001b0 00 25 00 00 00 00 00 00 1d 37 ab 65 00 00 80 00 |.%.......7.e....|
000001c0 01 00 00 3f 60 4d 00 00 00 00 00 70 0a 00 00 fe |...?`M.....p....|
000001d0 ff ff ef fe ff ff e0 0e 00 00 20 16 00 00 00 00 |.......... .....|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200

On note la présence aux adresses 510 et 511 (0x1FE et 0x1FF) de la signature d'une MBR : 0x55 et 0xAA,

$ hd demo.raw -s 510 -n 2
000001fe 55 aa |U.|
00000200

ou bien (Notation héxadécimale)
$ hd demo.raw -s 0x1FE -n2
000001fe 55 aa |U.|
00000200
$ hd demo.raw -s 1m -n2
00100000 22 00 |".|
00100002

$ hd demo.raw -s 1024k -n2
00100000 22 00 |".|
00100002

$ hd demo.raw -s 2048b -n2
00100000 22 00 |".|
00100002
$ tail -c512  demo.raw |hd
00000000 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI PART....\...|
00000010 1a 87 31 0c 00 00 00 00 ff 6f 0a 00 00 00 00 00 |..1......o......|
00000020 01 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 |........@.......|
00000030 ca 6f 0a 00 00 00 00 00 a8 3b be cc 25 71 45 40 |.o.......;..%qE@|
00000040 8f db b0 fd ce 24 71 95 cb 6f 0a 00 00 00 00 00 |.....$q..o......|
00000050 d0 00 00 00 80 00 00 00 a1 af df 1c 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000200
$ tail -c512 demo.raw |hd -s 0x180
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000200

$ tail -c512 demo.raw |hd -v -s 0x180
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000200

2 - Affichage des chaînes imprimables - strings

$ head -c 512 demo.raw|strings
fSfQ
xpu
isolinux.bin missing or corrupt.
f`f1
{fRfP
Operating system load error.

3 - Édition du contenu - hexcurse, ghex

$ sudo aptitude install hexcurse
$ hexcurse mbr.raw
00000000─────────────────────────────────────────────────┐^┌────────────────┐
│00000000 45 52 08 00 00 00 90 90 00 00 00 00 00 00 00 00 │◆│ER..............│
│00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │▒│................│
│00000020 33 ED FA 8E D5 BC 00 7C FB FC 66 31 DB 66 31 C9 │▒│3......|..f1.f1.│
│00000030 66 53 66 51 06 57 8E DD 8E C5 52 BE 00 7C BF 00 │▒│fSfQ.W....R..|..│
│00000040 06 B9 00 01 F3 A5 EA 4B 06 00 00 52 B4 41 BB AA │▒│.......K...R.A..│
│00000050 55 31 C9 30 F6 F9 CD 13 72 16 81 FB 55 AA 75 10 │▒│U1.0....r...U.u.│
│00000060 83 E1 01 74 0B 66 C7 06 F3 06 B4 42 EB 15 EB 02 │▒│...t.f.....B....│
│00000070 31 C9 5A 51 B4 08 CD 13 5B 0F B6 C6 40 50 83 E1 │▒│1.ZQ....[...@P..│
│00000080 3F 51 F7 E1 53 52 50 BB 00 7C B9 04 00 66 A1 B0 │▒│?Q..SRP..|...f..│
│00000090 07 E8 44 00 0F 82 80 00 66 40 80 C7 02 E2 F2 66 │▒│..D.....f@.....f│
│000000A0 81 3E 40 7C FB C0 78 70 75 09 FA BC EC 7B EA 44 │▒│.>@|..xpu....{.D│
│000000B0 7C 00 00 E8 83 00 69 73 6F 6C 69 6E 75 78 2E 62 │▒│|.....isolinux.b│
│000000C0 69 6E 20 6D 69 73 73 69 6E 67 20 6F 72 20 63 6F │▒│in missing or co│
│000000D0 72 72 75 70 74 2E 0D 0A 66 60 66 31 D2 66 03 06 │▒│rrupt...f`f1.f..│
│000000E0 F8 7B 66 13 16 FC 7B 66 52 66 50 06 53 6A 01 6A │▒│.{f...{fRfP.Sj.j│
│000000F0 10 89 E6 66 F7 36 E8 7B C0 E4 06 88 E1 88 C5 92 │▒│...f.6.{........│
│00000100 F6 36 EE 7B 88 C6 08 E1 41 B8 01 02 8A 16 F2 7B │▒│.6.{....A......{│
│00000110 CD 13 8D 64 10 66 61 C3 E8 1E 00 4F 70 65 72 61 │▒│...d.fa....Opera│
│00000120 74 69 6E 67 20 73 79 73 74 65 6D 20 6C 6F 61 64 │▒│ting system load│
│00000130 20 65 72 72 6F 72 2E 0D 0A 5E AC B4 0E 8A 3E 62 │▒│ error...^....>b│
│00000140 04 B3 07 CD 10 3C 0A 75 F1 CD 18 F4 EB FD 00 00 │▒│.....<.u........│
└─────────────────────────────────────────────────────────┘v└────────────────┘
Help Save Open Goto Find Hex Addr Hex Edit Quit

Taper Ctrl H pour l'aide, Ctrl G pour aller à une adresse mémoire, etc ....

$ sudo aptitude install ghex