xxd
Create a hex dump or reverse a hex dump
Syntax:
xxd [options] [infile [outfile]]
Note: xxd creates a hex dump of a given file or standard input. It can also convert a hex dump back to its original binary form (reverse operation).
Description
xxd is a versatile hex dump utility that can display the contents of files in hexadecimal format alongside their ASCII representation. It's particularly useful for examining binary files, debugging, reverse engineering, and data analysis. Unlike many hex dump tools, xxd can also reverse the process, converting hex dumps back to binary data.
Command Options
| Option | Description |
|---|---|
-a, -autoskip |
Auto skip: replace repeated lines with * |
-b, -bits |
Binary digit dump (incompatible with -p,-i,-r) |
-c cols |
Format cols octets per line (default 16) |
-g bytes |
Separate groups of bytes (default 2) |
-i |
Output in C include file style |
-l len |
Stop after len octets |
-p |
Plain hexdump style |
-r |
Reverse operation: convert hex dump to binary |
-s offset |
Start at offset |
-u |
Use uppercase hex letters |
Basic Usage
Simple hex dump:
# Create hex dump of a file xxd filename.bin # Sample output: 00000000: 4865 6c6c 6f20 576f 726c 6421 0a00 0000 Hello World!.... 00000010: 0102 0304 0506 0708 090a 0b0c 0d0e 0f10 ................ # Hex dump from standard input echo "Hello World" | xxd
Output Formats
Different output styles:
# Plain hex dump (no addresses or ASCII)
xxd -p filename.bin
# Output: 48656c6c6f20576f726c64210a
# C include file style
xxd -i filename.bin
# Output: unsigned char filename_bin[] = {
# 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21,
# 0x0a
# };
# Binary dump
xxd -b filename.bin
Customizing Output
Column and grouping options:
# 8 bytes per line xxd -c 8 filename.bin # Group every 4 bytes xxd -g 4 filename.bin # No grouping xxd -g 1 filename.bin # Uppercase hex letters xxd -u filename.bin
Partial Dumps
Offset and length control:
# Start from offset 16 (0x10) xxd -s 16 filename.bin # Start from offset and limit length xxd -s 16 -l 32 filename.bin # Skip to end minus 64 bytes xxd -s -64 filename.bin # Hex offset xxd -s 0x100 filename.bin
Reverse Operation
Convert hex dump back to binary:
# Create hex dump xxd filename.bin > filename.hex # Reverse hex dump to binary xxd -r filename.hex filename_restored.bin # Reverse from plain hex echo "48656c6c6f" | xxd -r -p # Output: Hello # Pipeline reverse operation xxd filename.bin | xxd -r > filename_copy.bin
Practical Examples
Examining file headers:
# Check file magic numbers xxd -l 16 /bin/ls # Look for ELF header: 7f 45 4c 46 # Check image file headers xxd -l 8 image.jpg # JPEG: ff d8 ff xxd -l 8 image.png # PNG: 89 50 4e 47 # Check PDF header xxd -l 8 document.pdf # PDF: 25 50 44 46
Data analysis:
# Find patterns in binary data xxd data.bin | grep "pattern" # Compare two binary files diff <(xxd file1.bin) <(xxd file2.bin) # Search for specific hex patterns xxd data.bin | grep "41 42 43" # Search for "ABC"
Creating Binary Data
Generate binary files from hex:
# Create binary file from hex string echo "48656c6c6f20576f726c64" | xxd -r -p > hello.bin # Create file with specific bytes printf "\\x48\\x65\\x6c\\x6c\\x6f" > hello2.bin # Multi-line hex input cat << EOF | xxd -r -p > data.bin 48656c6c6f20 576f726c64 EOF
Debugging and Development
Development workflows:
# Generate C array from binary data xxd -i firmware.bin > firmware.h # Create test data xxd -l 256 /dev/urandom > testdata.hex xxd -r testdata.hex > testdata.bin # Patch binary files xxd target.bin > target.hex # Edit target.hex with text editor xxd -r target.hex > target_patched.bin
Network Protocol Analysis
Analyzing network data:
# Examine packet captures xxd -l 64 packet.pcap # Create custom network packets echo "45000028000040004006..." | xxd -r -p > packet.bin # Analyze protocol headers xxd -s 14 -l 20 ethernet_frame.bin # Skip Ethernet, show IP header
File Format Analysis
Understanding file structures:
# Examine ZIP file structure xxd -l 32 archive.zip # Look for PK signature: 50 4b # Check executable format xxd -l 64 program.exe # Look for MZ header: 4d 5a # Analyze database files xxd -l 100 database.db
Data Recovery and Forensics
Forensic analysis:
# Search for deleted file signatures xxd /dev/sdb1 | grep -A5 -B5 "ff d8 ff" # JPEG signatures # Examine disk sectors xxd -s $((512*100)) -l 512 /dev/sdb # Sector 100 # Find text in binary data xxd suspicious.bin | grep -i "password"
Scripting with xxd
Shell script integration:
#!/bin/bash
# Function to check file type by magic number
check_file_type() {
local file="$1"
local magic=$(xxd -l 4 -p "$file")
case "$magic" in
"7f454c46") echo "ELF executable" ;;
"504b0304") echo "ZIP archive" ;;
"ffd8ffe0"|"ffd8ffe1") echo "JPEG image" ;;
"89504e47") echo "PNG image" ;;
*) echo "Unknown format" ;;
esac
}
# Extract strings from binary
extract_strings() {
xxd -p "$1" | tr -d '\n' | sed 's/../\\x&/g' | xargs -0 printf | strings
}
Performance and Large Files
Handling large files efficiently:
# Quick peek at large file xxd -l 1024 largefile.bin # Sample from different parts xxd -s 0 -l 256 largefile.bin # Beginning xxd -s $((1024*1024)) -l 256 largefile.bin # 1MB in xxd -s -256 largefile.bin # End # Use with head/tail for large dumps xxd largefile.bin | head -20
Common Use Cases
- File analysis: Examining file headers and structure
- Debugging: Analyzing binary data and memory dumps
- Reverse engineering: Understanding binary formats
- Data recovery: Searching for patterns in corrupted files
- Network analysis: Examining packet contents
- Firmware development: Creating and analyzing firmware images
- Security research: Analyzing malware and exploits
- Data conversion: Converting between hex and binary formats
Tips and Best Practices
Useful techniques:
# Combine with other tools xxd file.bin | grep -v "0000 0000" # Skip null bytes # Create readable dumps xxd -g 1 -c 16 file.bin | less # Quick ASCII extraction xxd -p file.bin | xxd -r -p | strings # Verify file integrity xxd file1.bin > dump1.hex xxd file2.bin > dump2.hex diff dump1.hex dump2.hex
Comparison with Other Tools
| Tool | Strengths | Use Case |
|---|---|---|
| xxd | Reversible, C output, simple | General purpose, development |
| hexdump | More format options | Advanced formatting needs |
| od | POSIX standard, octal | Portable scripts |
| hd | Simple, fast | Quick viewing |