Introduction
Ever needed to examine a file to understand its raw contents, or modify some bytes in a binary file, but were unsure how to proceed? This is where the xxd command proves invaluable. xxd is a handy utility available on most Linux systems that enables you to generate a hexadecimal representation of a file or even revert a hex dump back to its original binary format.
In other words, xxd allows you to look inside any file, displaying its contents byte by byte. This can be extremely beneficial for developers, system administrators, and anyone working with low-level data analysis or troubleshooting. Whether you’re reverse engineering software, studying malware, or just curious about what a file contains, xxd offers a simple method to investigate and modify binary data.
If you are new to using Linux systems, do check out this article: Getting Started with Linux File System
Overview
- Understanding the basics of the xxd command in Linux.
- Learn to install and set up xxd on your Linux system.
- Learn to create and revert a hex dump using the xxd command.
Installation
Before using xxd, ensure it is installed on your system. Most Linux distributions include xxd by default as part of the Vim package.
# Check if xxd is installed
xxd -v # Install xxd
if not already installed:
sudo apt-get install vim-common # Debian/Ubuntu
sudo yum install vim-common # CentOS/RHELCommand Options
The xxd command is used for making a hex dump or doing the reverse (i.e., converting a hex dump back to the original binary). Here are some of the most commonly used options and flags:
- -r / -revert:
- Revert (reverse operation) a hex dump into binary. This can be used to convert the hex dump back to its original binary form.
- Usage: xxd -r <hexdump_file>
- -p / -ps / -postscript:
- Output in plain hex dump style, i.e., continuous hex digits without whitespace, which is suitable for binary postscript files.
- Usage: xxd -p <file>
- -i / -include:
- Output in C include file style. This will generate an array declaration in C with the hex dump data.
- Usage: xxd -i <file>
- -c / -cols <number>:
- Format number bytes per output line. By default, xxd outputs 16 bytes per line.
- Usage: xxd -c 8 <file>
- -g / -groupsize <number>:
- Separate the output of number bytes per group in the hex dump. For example, xxd -g 1 will group each byte individually.
- Usage: xxd -g 1 <file>
- -s / -seek <offset>:
- Start at offset bytes from the beginning of the input file. This allows partial dumps of the file starting at a specific byte.
- Usage: xxd -s 1024 <file>
- -l / -len <length>:
- Stop after length bytes of the input file. This limits the hex dump to a specific length.
- Usage: xxd -l 256 <file>
- -a / -autoskip:
- Condense successive groups of zero-byte lines. This reduces the size of the hex dump by skipping repeated lines of zeros.
- Usage: xxd -a <file>
- -e:
- Little-endian dump. This formats the output to show bytes in little-endian order.
- Usage: xxd -e <file>
- -u:
- Use upper case hex letters. This outputs the hexadecimal digits A-F in uppercase instead of lowercase.
- Usage: xxd -u <file>
- -o / -offset <offset>:
- Add offset to the displayed file position. This option is useful when combining several hex dumps or for visualizing a specific starting offset.
- Usage: xxd -o 512 <file>
Usage
The xxd command in Linux is a versatile tool used primarily for creating hex dumps of files and converting hex dumps back into binary files. It can also be used to manipulate binary data in various ways. Below is a comprehensive overview of its usage:
Hex Dump
A hex dump displays the binary data of a file in a hexadecimal format. This makes it easier for humans to read and understand binary data. A typical hex dump shows:
- Offset: The position of the byte in the file.
- Hexadecimal Values: The actual byte values in hexadecimal.
- ASCII Representation: The corresponding ASCII characters (if printable) for each byte.
Note: You can use the dd command to create a binary file filled with zeros:
dd if=/dev/zero of=myfile.bin bs=1024 count=11. Creating a Hex Dump
xxd myfile.binThis command generates a hex dump of myfile.bin.
2. Converting Hex Dump Back to Binary
xxd -r hexfile.txt myfile.binThis command reads the hex dump from hexfile.txt and writes the binary data to myfile.bin.
3. Creating a Hex Dump with 8 Bytes Per Line
xxd -c 8 myfile.bin4. Starting the Dump at a Specific Offset
xxd -s 0x100 myfile.binThis command starts the hex dump at offset 0x100 (256 in decimal).
5. Limiting the Output Length
xxd -l 64 myfile.bin6. Outputting Binary Representation
xxd -b myfile.bin7. Generating a C-Style Include File
xxd -i myfile.bin > myfile.hConclusion
The xxd command is a robust and flexible tool for anyone needing to examine or modify binary file contents on a Linux system. Its capability to create hexadecimal representations and revert them to the original binary form makes it essential for developers, system administrators, and those engaged in low-level data analysis or reverse engineering.
With options to customize output formats, such as setting bytes per line, starting at specific offsets, and generating C-style include files, xxd allows detailed control over file data presentation and manipulation. Whether diagnosing software issues, studying file structures, or conducting security analyses, mastering xxd can significantly boost your efficiency and skills in managing binary data.
Learn More: 20 Basic Linux Commands for Data Science in 2024
Frequently Asked Questions
A. xxd is a command-line utility on Linux for creating hex dumps and converting them back to binary format. It’s used to inspect and modify binary files.
A. Most Linux distributions include xxd by default as part of the Vim package. You can check its version with `xxd -v` or install it using package managers like `apt-get` or `yum`.
A. Options like `-c` for setting bytes per line, `-s` for starting at a specific offset, and `-i` for generating C-style include files allow customization of the hex dump output.
A. xxd includes an ASCII representation alongside hexadecimal values, showing corresponding printable characters for each byte.
