- How to Analyze a Binary File in Linux?
- How to Analyze the Type of Binary File?
- How to Analyze the Shared Libraries of the Binary File?
- How to Analyze the Content of the Binary File?
- How to Analyze the Printable Characters of the Binary File?
- How to Analyze the File Formats of the Binary File?
- How to Analyze the Binary File Output in Assembly Language?
- How to Analyze the Binary Files By Tracing System Calls?
- How to Analyze the Binary By Tracing Shared Libraries?
- How to Analyze the Output of the Binary File in Binary Format?
- Conclusion
- Bash script that prints out contents of a binary file, one word at a time, without xxd
- 1 Answer 1
How to Analyze a Binary File in Linux?
In Linux, Binary or bin files are executable files composed of machine code in binaries that are executed on the operating system. The information in the binary files is encoded and cannot be readable by the users. This information could be like compiled files, images, metadata, or text files. Analyzing the binary file tells the user about the type, content, and dependencies of the particular file.
This post will demonstrate the multiple methods to analyze the binary files in Linux:
- Type of Binary File
- Shared Libraries of the Binary File
- Content of the Binary File
- Printable Characters of the Binary File
- File Formats of the Binary File
- Binary File Output in Assembly Language
- By Tracing System Calls
- By Tracing Shared Libraries
- Output of the Binary File in Binary Format
How to Analyze the Type of Binary File?
The binary file type is necessary to check what information is stored in the file, whether it is binary, library, ASCII, etc.
To analyze the binary file type, the “file” command is utilized, which enables the user to understand the exact file type as shown below:
The “awk” contains the information of symbolic link for the file “/etc/alternatives/awk/”.
How to Analyze the Shared Libraries of the Binary File?
Binary files require some common operations to execute, such as opening and displaying the file output stored in the libraries.
These libraries can be displayed through the “dd” utility as shown:
The above output shows the dependent libraries of the “netcat” binary file.
How to Analyze the Content of the Binary File?
The content of the binary of the file is in the “0, 1” form but can be changed to hexadecimal and ASCII characters.
To do so, the “hexdump” utility is considered; use it with the “C” flag for generating the output of the binary file:
$ hexdump -C /bin/netcat | head
The content of the “/bin/netcat” binary file is in hex and ASCII characters.
How to Analyze the Printable Characters of the Binary File?
The binary file contains printable ASCII/text messages for displaying information, errors, messages, debugging information, etc.
To dump these characters on the screen, the “strings” utility is examined as shown:
The printable strings for the “/bin/awk” has been printed.
How to Analyze the File Formats of the Binary File?
The ELF “Executable and Linkable File” is the main file format for the executable or binaries in Linux and its other variants.
The “readelf” command is considered to analyze the binary file format. It enables the user to display the information about the ELF file formats as shown in the following image:
The information about the ELF(Execute Linkable File Format) is listed.
How to Analyze the Binary File Output in Assembly Language?
When a binary file is compiled, it initiates the results in the machine code executed by the CPU. It can be interrupted by the assembly language to dump the machine code output and print it on the screen.
To do so, the “objdump” utility is carried out as executed below:
The disassembled code (assembly code information) of the”/bin/gzip” file has been printed.
How to Analyze the Binary Files By Tracing System Calls?
The user can consider the “strace” utility that traces the system calls (interface to the Kernel) for the execution of the binary files.
To do so, use the below-mentioned command:
The system calls (process execution with Kernel) are traced for the binary file “/bin/hostname”.
How to Analyze the Binary By Tracing Shared Libraries?
The “ltrace” is the utility that is quite similar to the “strace” command; the difference is it displays the dynamic calls of the shared libraries (functions) at run time.
The “ltrace” can be installed through the following command:
$ sudo apt install ltrace #For Debian/Ubuntu $ sudo yum install ltrace #For CentOS/RHEL
Let’s run the ltrace for binary files:
All the shared libraries of the “awk” binary file are printed.
How to Analyze the Output of the Binary File in Binary Format?
The “xxd” is the utility that generates the output of the files in hex, but it can be examined to generate the output in binary form using the “b” flag:
The output of the binary file is converted into binary output rather than hex.
Conclusion
The binary files in Linux are analyzed through the file, ldd, hexdump, strings, readelf, objdump, strace, ltrace, and xxd utilities. All of them are built-in tools except the “ltrace” utility which can be installed through the given command. This write-up has illustrated all possible methods to analyze binary files in Linux.
Bash script that prints out contents of a binary file, one word at a time, without xxd
I’d like to create a BASH script that reads a binary file, word (32-bits) by word and pass that word to an application called devmem. Right now, I have:
. for (( i=0; i; i++ )) do val=$(dd if=$ skip=$ count=1 bs=4 2>/dev/null) echo -e "$" # Weird output. devmem $ 32 $ done . $
If the input file is binary, I would expect $val to have a «weird» look to it if you did echo $val since $val would have the binary information directly from the file, and echo would display it as if they were ASCII codes (whether or not they are printable). So I’m not sure why piping into xxd -r -p (which does a reverse hex dump — taking ASCII hex and giving binary — the opposite of what I would have thought you’d want) gives you your desired results.
1 Answer 1
As I see you shouldn’t use ‘|’ or echo, because they are both ASCII tools. Instead I think ‘>’ could work for you.
I think devmem is a bash function or alias, so I would try something like this:
for (( i=0; i; i++ )) do dd if=$ skip=$ count=1 bs=4 2>/dev/null 1> binary_file # echo -e "$" # Weird output. devmem $ 32 $(cat binary_file) done «As cat simply catenates streams of bytes, it can be also used to concatenate binary files, where it will just concatenate sequence of bytes.» wiki
Or you can alter devmem to accept file as input. I hope this will help!