Skip to content
HexDumpColoringBook - binary file analysis helper
Branch: master
Clone or download
v3l0c1r4pt0r Add basic support for v4 bmp header
At least same fields as in normal header are marked
Latest commit 40e398b Jan 30, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
doc Add example output pictures Feb 10, 2016
examples Add basic support for v4 bmp header Jan 30, 2019
scripts Remake automake scripts Feb 10, 2016
src
LICENSE Create LICENSE Feb 9, 2016
Makefile.am Create autoconf build system Feb 8, 2016
Makefile.in Create autoconf build system Feb 8, 2016
README.md Update README.md Nov 16, 2016
aclocal.m4 Create autoconf build system Feb 8, 2016
compile Automake-required files are copied Feb 8, 2016
configure Use interpreter independently of its location Feb 9, 2016
configure.ac Use interpreter independently of its location Feb 9, 2016
depcomp Automake-required files are copied Feb 8, 2016
install-sh Automake-required files are copied Feb 8, 2016
missing Automake-required files are copied Feb 8, 2016

README.md

hdcb

HexDumpColoringBook - binary file analysis helper

Overview

HDCB is a program that is meant to ease analysis of unknown binary files on Linux (or any other) platform. It provides custom markup language based on bash (and built on top of bash interpreter, so it is possible to use standard bash syntax) to describe the format of a file. It allows to define variable of any length that could be used later more than one time. There is a possibility to use defined variable in array. HDCB allows to get value of any used variable and use it later in example as length of an array.

HDCB outputs processed file in hexdump format (hexdump's -C flag). It is then coloured according to input description script to make file analysis easier. Colors are picked automatically - one background-foreground pair for every defined variable. There is also a possibility to define custom color pair when defining a variable.

sdc-output

Installation

Program can be built by issuing standard

./configure
make
sudo make install

sequence. It is necessary to install the program into system as main hdcb script shall be placed in directory added to $PATH variable to work properly and library scripts need to have valid paths hardcoded. Default install path is /usr/local/, but it can be changed to anything else like in example $HOME/bin as long as $HOME/bin/bin/ can be found within $PATH.

Prerequisites

Program requires bash in version at least 4.0.

Command description

  • define - defines variable

    Usage: define "varname" length [background] [foreground];

    Where:

    • varname is a name by which variable would be referenced later
    • length defines length of the single variable element
    • background is optional number of background color used to highlight the variable (available colors are presented here)
    • foreground is optional number of foreground color used to highlight the variable (available colors are presented here)
  • use - uses defined variable

    Usage: use "varname" [dup] [shellvar];

    Where:

    • varname is a varname defined with define command

    • dup creates array of this number of variable items

    • shellvar allows getting value of the variable used and saving it into given shell variable

      shellvar naming has special naming rules

      • Variables ending with _l will be read as little-endian
      • Variables ending with _b will be read as big-endian
  • squeeze - squeezes repeating lines

    Usage: squeeze;

    This command instructs hdcb to let hexdump sqeeze lines with repeating bytes. It is useful when analyzing huge files since it will in some cases havily reduce output size.

Control shell variables

  • cursor can be used to advance next variable beginning, in example to mark next 4 bytes as reserved, you could type let cursor+=4;.

Example script

#!/usr/bin/env hdcb
define "length" 4;
define "string" 1;

use "length" len_l;
use "string" $len_l;

This script defines two variables. First is a length field stored on four bytes. Second is a one byte character. At the beginning of the file being analysed there are four bytes of length. When using this variable its value is stored in len_l shell variable. Its value is treated as little-endian. Then string is defined and len_l variable is used as array size. Result of such script would be as below.

basic_example

You can’t perform that action at this time.