Understanding Hex “I hope you have the worst headache of your life, then you will begin to understand” ~unknown.

Slides:



Advertisements
Similar presentations
Intro to WinHex CSC 414.
Advertisements

Computer Science 101 Picture Files. Computer Representation of Pictures Common representation is as a bitmap. Common representation is as a bitmap. Two.
Information Representation
BMP Hide ‘n’ Seek What is BMP Hide ‘n’ Seek ? –It’s a tool that lets you hide text messages in BMP files without much visible change in the picture. –Change.
Computer Science Basics CS 216 Fall Operating Systems interface to the hardware for the user and programs The two operating systems that you are.
Physical, Logical, Conceptual DSA Lecture
 Method of representing or encoding numbers  Two main notation types  Sign-value  Roman numerals  Positional (place-value)  Modern decimal notation.
©Brooks/Cole, 2003 Chapter 2 Data Representation.
Chapter 2 Data Representation. Define data types. Visualize how data are stored inside a computer. Understand the differences between text, numbers, images,
Homework Reading Programming Assignments
COMT 222 Tools for a Digital World. Digital? What makes information Digital? If it helps:  When is information not analog? Answer:  A finite number.
Computer System Basics 1 Number Systems & Text Representation Computer Forensics BACS 371.
Computers Organization & Assembly Language
Topics Introduction Hardware and Software How Computers Store Data
General Computer Science for Engineers CISC 106 Lecture 02 Dr. John Cavazos Computer and Information Sciences 09/03/2010.
Copyright © 2012 Pearson Education, Inc. Publishing as Pearson Addison-Wesley C H A P T E R 1 Introduction to Computers and Programming.
Hans-Peter Plag October 9, 2014 Session 2 Storing Information File Formats Accessing Information Processing Information.
STATISTIC & INFORMATION THEORY (CSNB134) MODULE 8 INTRODUCTION TO INFORMATION THEORY.
Binary, Decimal and Hexadecimal Numbers Svetlin Nakov Telerik Corporation
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Text and Graphics September 26, Unit 3.
CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.
Linux Operations and Administration
File Systems (1). Readings r Reading: Disks, disk scheduling (3.7 of textbook; “How Stuff Works”) r Reading: File System Implementation ( of textbook)
Number System. Number Systems Important Number systems – Decimal – Binary – Hexadecimal.
CS161 Computer Programming Instructor: Maria Sabir Fall 2009 Lecture #1.
Computer System Basics 1 Number Systems & Text Representation Computer Forensics BACS 371.
Operating Systems COMP 4850/CISG 5550 File Systems Files Dr. James Money.
Guide to Computer Forensics and Investigations, Second Edition Chapter 11 Recovering Image Files.
Tools for information processes Organising IPT 2009.
File Analysis Dr. John P. Abraham Professor UTPA.
Chapter 3 The Power of HEX Finding Slivers of Data.
Files Chapter 4.
Chapter 8 Recovering Graphics Files
OPERATING SYSTEMS Frans Sanen.  Analyze a FAT file system manually  FAT12 first and simplest version  Still used on smaller disks (e.g. floppies) 
Understanding Character Encodings Basics of Character Encodings that all Programmers should Know. Pritam Barhate, Cofounder and CTO Mobisoft Infotech.
NTFS Filing System CHAPTER 9. New Technology File System (NTFS) Started with Window NT in 1993, Windows XP, 2000, Server 2003, 2008, and Window 7 also.
Characters and Strings
Implementation of Least Significant Bit Image Steganography and its Steganalaysis By: Deniz Oran.
Chapter 8 File Systems FAT 12/16/32. Defragmentation Defrag a hard drive – Control Panel  System and Security  Administration tools  Defrag hard drive.
Comp 335 – File Structures Hexadecimal Dumps Interpreting File Contents.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
Binary a. express numbers in binary, binary-coded decimal (BCD), octal and hexadecimal;
Base 16 (hexadecimal) Uses the decimal digits and the first letters of the alphabet to encode 4 binary bits (16=2 4 ) abcdef or ABCDEF.
Hex Editing using HxD Nick Fogal & Lindsay Shaffer.
Analysing Image Files Michael Jones. Overview Images and images Binary, octal, hexadecimal File headers and footers Example (image) files Looking for.
Binary Representation in Text
Binary Representation in Text
NUMBER SYSTEMS.
Topics Introduction Hardware and Software How Computers Store Data
Slide design: Dr. Mark L. Hornick
File I/O, Command Line Parameters, Endian-ness
Help! Tell me about Computer Data!
Chapter 17 Binary I/O Dr. Clincy - Lecture.
Slide design: Dr. Mark L. Hornick
Interpreting Binary Data
Topics Introduction Hardware and Software How Computers Store Data
Chapter 11 Introduction to Programming in C
Fundamentals of Data Structures
Chapter 2 Data Representation.
Lecture 9: Radix-64 Tutorial
Fundamentals of Python: First Programs
File Analysis with MicroSoft DEBUG
Real-World File Structures
"Q: How many MS programmers does it take to change a light bulb?
Exploitation Part 1.
CTF Forensics Part 0x01 MHgwNjB4MEEweDBEMHgxNjB4MTgweDIyMHgyODB4MkYweDMyMHgzNjB4MzkweDNFMHg0MTB4NDQ=
Lecture 36 – Unit 6 – Under the Hood Binary Encoding – Part 2
Presentation transcript:

Understanding Hex “I hope you have the worst headache of your life, then you will begin to understand” ~unknown

Overview Hex Basics Hex editors File Analysis basics GHex hexedit xxd Magic Numbers strings, file, xxd

Hex Basics Base 16 number system Binary 2 Hex echo "obase=16;ibase=2;11111111" | bc Python -c ‘print hex(int(‘11111111’,2)’ Hex 2 Binary echo "obase=2;ibase=16; FFFF" | bc echo "FFFF" | xxd -r -p | xxd -b python -c 'print bin(0xFF)' Hex to Decimal echo $((16#FF)) python -c 'print(int("FF", 16))' Number 1 2 3 4 5 6 7 Binary 0000 0001 0010 0011 0100 0110 0111 Hexadecimal Number 8 9 10 11 12 13 14 15 Binary 1000 1001 1010 1011 1100 1101 1110 1111 Hexadecimal A B C D E F

Hex Basics Hex can represent many things including text encodings You will need to know how to look up an encoding character from hex There are many different encodings but a lot of the time you will be dealing with ASCII (1 byte encoding 0x0-0x7f) man ascii (Table of ASCII conversions) Online ascii conversions python -c ‘print chr(0x45)’ cat binary_file | xxd

Hex Editors xxd (CLI) - creates a hex dump of a given file or standard input. It can also convert a hex dump back to its original binary form. hexedit (CLI) - shows a file both in ASCII and in hexadecimal. The file can be a device as the file is read a piece at a time. You can modify the file and search through it. ghex (GUI) - allows the user to load data from any file, view and edit it in either hex or ascii. Any Scripting language and usually text editors

File Analysis Basics Rationale - Often times you will need to find hidden information in files or you may not know about a certain file type. Additionally, a forensics tool may not support an image that you have been tasked to extract data from. This is where you will need file analysis techniques to figure out what type of file/image you are examining and develop a tool to parse the file

File Analysis Basics Files are just a huge blob of binary data. The data’s meaning comes from some abstract structure we impose over the raw bits. The file type tells us the structure to use in interpreting the binary information. File type is indicated by the magic number, a hex string(s) at a specific offset(s). See: https://en.wikipedia.org/wiki/List_of_file_signatures File type is one form of metadata: data about data. Metadata is a common source of artifacts.

File Analysis Basics Basic tools file command on Linux Searches for magic numbers in file and also basic header information strings (linux or Windows) This will give you ascii strings contained in a data blob it may be helpful in identifying what type of data you are examining. Note strings requires arguments specifying encoding (ASCII, UTF-8, etc.) and endianness.

File Analysis Basics Basic tools xxd Sometimes looking at the hexdump will give you clues as well File extensions This is more relevant on Windows but can still be used on Linux This cannot necessarily be trusted Exiftool Analyze exif metadata for image types such as jpeg File carvers Binwalk, we will go over these more in the future

File Analysis Basics More basic tools diff Compare two text files and print all the differences Audacity Open source tool for analyzing audio files Specific file metadata tools Once you know the type of image or file you are dealing with there are often existing tools that can help you interpret the metadata. Archive tools You will often receive files compressed using a variety of common to obscure formats.

File Analysis Basics Sometimes the tools mentioned previously leave you with no information or false information. This is when Google becomes helpful. You may still be able to search for strings or hex sequences on Google that will give you valuable information File analysis can be difficult and can sometimes waste your time.

Questions?

In Class Assignment 1 You have 10-15 minutes Find all three parts of the flag The flag is in the format flag{l33t_sp34k_m3554g3} *Hint: xxd

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.