Grep binary files on Linux

hacker_compWe explored techniques to search a binary file using grep in an earlier article. However, we could only search ASCII strings using grep. In this article we will explore some powerful utilities which can perform ascii as well as hexadecimal string search on binary files. Continue reading Grep binary files on Linux

grep offset to a string in a binary file

terminalPeople using grep should be familiar with the following output in a grep result:

Binary file www_browser matches

What if you are interested in the offset to the string in the binary file because, say, you are trying to reverse engineer something? Yes, there are hex editors available to handle that but good old grep is smart enough too. Here’s how.

$ grep -baron flashplayer.so *
www_browser:87101:85138113:flashplayer.so
www_browser:87101:85138165:flashplayer.so
www_browser:95935:87170022:flashplayer.so
www_browser:95937:87170981:flashplayer.so

where,

b: show the byte offset
a: treat the binary file as a text file (otherwise grep skips)
r: recursive search
o: show only matching (less cluttered output without full "text" lines)
n: show line number

in the output,

column 1: file name
column 2: line number in decimal (as grep treats the file as text)
column 3: file offset in decimal
column 4: matching string

Probably you won’t be interested in the file name and line number if you know the file. You can refine the command as:

$ grep -bao flashplayer.so www_browser 
85138113:flashplayer.so
85138165:flashplayer.so
87170022:flashplayer.so
87170981:flashplayer.so