Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Hex “I hope you have the worst headache of your life, then you will begin to understand” ~unknown.

Published byEdith Vincent Modified over 5 years ago

Similar presentations

Presentation on theme: "Understanding Hex “I hope you have the worst headache of your life, then you will begin to understand” ~unknown."— Presentation transcript:

1 Understanding Hex “I hope you have the worst headache of your life, then you will begin to understand” ~unknown

2 Overview Hex Basics Hex editors File Analysis basics GHex hexedit xxd
Magic Numbers strings, file, xxd

3 Hex Basics Base 16 number system Binary 2 Hex
echo "obase=16;ibase=2; " | bc Python -c ‘print hex(int(‘ ’,2)’ Hex 2 Binary echo "obase=2;ibase=16; FFFF" | bc echo "FFFF" | xxd -r -p | xxd -b python -c 'print bin(0xFF)' Hex to Decimal echo $((16#FF)) python -c 'print(int("FF", 16))' Number 1 2 3 4 5 6 7 Binary 0000 0001 0010 0011 0100 0110 0111 Hexadecimal Number 8 9 10 11 12 13 14 15 Binary 1000 1001 1010 1011 1100 1101 1110 1111 Hexadecimal A B C D E F

4 Hex Basics Hex can represent many things including text encodings
You will need to know how to look up an encoding character from hex There are many different encodings but a lot of the time you will be dealing with ASCII (1 byte encoding 0x0-0x7f) man ascii (Table of ASCII conversions) Online ascii conversions python -c ‘print chr(0x45)’ cat binary_file | xxd

5 Hex Editors xxd (CLI) - creates a hex dump of a given file or standard input. It can also convert a hex dump back to its original binary form. hexedit (CLI) - shows a file both in ASCII and in hexadecimal. The file can be a device as the file is read a piece at a time. You can modify the file and search through it. ghex (GUI) - allows the user to load data from any file, view and edit it in either hex or ascii. Any Scripting language and usually text editors

6 File Analysis Basics Rationale - Often times you will need to find hidden information in files or you may not know about a certain file type. Additionally, a forensics tool may not support an image that you have been tasked to extract data from. This is where you will need file analysis techniques to figure out what type of file/image you are examining and develop a tool to parse the file

7 File Analysis Basics Files are just a huge blob of binary data. The data’s meaning comes from some abstract structure we impose over the raw bits. The file type tells us the structure to use in interpreting the binary information. File type is indicated by the magic number, a hex string(s) at a specific offset(s). See: File type is one form of metadata: data about data. Metadata is a common source of artifacts.

8 File Analysis Basics Basic tools file command on Linux
Searches for magic numbers in file and also basic header information strings (linux or Windows) This will give you ascii strings contained in a data blob it may be helpful in identifying what type of data you are examining. Note strings requires arguments specifying encoding (ASCII, UTF-8, etc.) and endianness.

9 File Analysis Basics Basic tools xxd
Sometimes looking at the hexdump will give you clues as well File extensions This is more relevant on Windows but can still be used on Linux This cannot necessarily be trusted Exiftool Analyze exif metadata for image types such as jpeg File carvers Binwalk, we will go over these more in the future

10 File Analysis Basics More basic tools diff
Compare two text files and print all the differences Audacity Open source tool for analyzing audio files Specific file metadata tools Once you know the type of image or file you are dealing with there are often existing tools that can help you interpret the metadata. Archive tools You will often receive files compressed using a variety of common to obscure formats.

11 File Analysis Basics Sometimes the tools mentioned previously leave you with no information or false information. This is when Google becomes helpful. You may still be able to search for strings or hex sequences on Google that will give you valuable information File analysis can be difficult and can sometimes waste your time.

12 Questions?

13 In Class Assignment 1 You have 10-15 minutes
Find all three parts of the flag The flag is in the format flag{l33t_sp34k_m3554g3} *Hint: xxd

Download ppt "Understanding Hex “I hope you have the worst headache of your life, then you will begin to understand” ~unknown."

Similar presentations

Intro to WinHex CSC 414.

Intro to WinHex CSC 414.
Computer Science 101 Picture Files. Computer Representation of Pictures Common representation is as a bitmap. Common representation is as a bitmap. Two.

Computer Science 101 Picture Files. Computer Representation of Pictures Common representation is as a bitmap. Common representation is as a bitmap. Two.
Information Representation

Information Representation
BMP Hide ‘n’ Seek What is BMP Hide ‘n’ Seek ? –It’s a tool that lets you hide text messages in BMP files without much visible change in the picture. –Change.

BMP Hide ‘n’ Seek What is BMP Hide ‘n’ Seek ? –It’s a tool that lets you hide text messages in BMP files without much visible change in the picture. –Change.
Computer Science Basics CS 216 Fall 2012. Operating Systems interface to the hardware for the user and programs The two operating systems that you are.

Computer Science Basics CS 216 Fall Operating Systems interface to the hardware for the user and programs The two operating systems that you are.
Physical, Logical, Conceptual DSA Lecture 2 2006-7.

Physical, Logical, Conceptual DSA Lecture
 Method of representing or encoding numbers  Two main notation types  Sign-value  Roman numerals  Positional (place-value)  Modern decimal notation.

 Method of representing or encoding numbers  Two main notation types  Sign-value  Roman numerals  Positional (place-value)  Modern decimal notation.
©Brooks/Cole, 2003 Chapter 2 Data Representation.

©Brooks/Cole, 2003 Chapter 2 Data Representation.
Chapter 2 Data Representation. Define data types. Visualize how data are stored inside a computer. Understand the differences between text, numbers, images,

Chapter 2 Data Representation. Define data types. Visualize how data are stored inside a computer. Understand the differences between text, numbers, images,
Homework Reading Programming Assignments

Homework Reading Programming Assignments
COMT 222 Tools for a Digital World. Digital? What makes information Digital? If it helps:  When is information not analog? Answer:  A finite number.

COMT 222 Tools for a Digital World. Digital? What makes information Digital? If it helps:  When is information not analog? Answer:  A finite number.
Computer System Basics 1 Number Systems & Text Representation Computer Forensics BACS 371.

Computer System Basics 1 Number Systems & Text Representation Computer Forensics BACS 371.
Computers Organization & Assembly Language

Computers Organization & Assembly Language
Topics Introduction Hardware and Software How Computers Store Data

Topics Introduction Hardware and Software How Computers Store Data
General Computer Science for Engineers CISC 106 Lecture 02 Dr. John Cavazos Computer and Information Sciences 09/03/2010.

General Computer Science for Engineers CISC 106 Lecture 02 Dr. John Cavazos Computer and Information Sciences 09/03/2010.
Copyright © 2012 Pearson Education, Inc. Publishing as Pearson Addison-Wesley C H A P T E R 1 Introduction to Computers and Programming.

Copyright © 2012 Pearson Education, Inc. Publishing as Pearson Addison-Wesley C H A P T E R 1 Introduction to Computers and Programming.
Hans-Peter Plag October 9, 2014 Session 2 Storing Information File Formats Accessing Information Processing Information.

Hans-Peter Plag October 9, 2014 Session 2 Storing Information File Formats Accessing Information Processing Information.
STATISTIC & INFORMATION THEORY (CSNB134) MODULE 8 INTRODUCTION TO INFORMATION THEORY.

STATISTIC & INFORMATION THEORY (CSNB134) MODULE 8 INTRODUCTION TO INFORMATION THEORY.
Binary, Decimal and Hexadecimal Numbers Svetlin Nakov Telerik Corporation www.telerik.com.

Binary, Decimal and Hexadecimal Numbers Svetlin Nakov Telerik Corporation
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Similar presentations

Ads by Google