Viewing and Interpreting Binary Data
Peter
Bubestinger-Steindlpb @ ArkThis.com)
Hexadecimal
Decimal: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 ...
Hex: 0 1 2 3 4 5 6 7 8 9 A B C D E F 10 11 12 13 ...
Hexadecimal
Why is it useful to use the base 16?
0-15 = 16 possibilities.
8 Bit = 1 Byte
4 Bit = 1/2 Byte
4 Bit = 2^4 = 16 possibilities
Short: It makes (bit-)patterns in a Byte easier to visually
read/understand/see.
Sounds complicated, but it’s easier than you think and a matter of
practice.
What’s important for you is that you’ve heard about this way of
viewing/editing data.
Character encoding
ASCII Table
A nicer ASCII table, but this time only with hex values.
Text as Data?
Hex View
Data as Text?
PNG in a text editor
Hex editing!
Hex View of a PNG
“Magic bytes”
.PNG
RIFF
PK..
JFIF
AIFF
.Eߣ
%PDF-
8BPS
…
See: List of
File Signatures (Wikipedia)
File formats are often defined so, that the first few characters
contain a distinguishable sequence. This is called a “file signature”,
“magic numbers” or “magic bytes”.
They can be used to quickly identify the filetype, regardless of the
filename(-ending). Very useful for recovering deleted files or
identifying wrongly renamed files.
Exercise / Puzzle
The file “whatami”:
Try to identify what it is.
Try to find out what is wrong with it.
MIME Type
“Multipurpose Internet Mail Extensions (MIME) is an
Internet standard that extends the format of email messages to support
text in character sets other than ASCII, as well attachments of audio,
video, images, and application programs.”
– Wikipedia:
Media Type
MIME Type Examples
application/zip
application/pdf
text/html
text/xml
text/csv
text/plain
image/png
image/jpeg
image/gif
audio/aac
audio/mpeg
video/DV
video/H264
video/mp4
Complete
List (IANA), 2019-10-16
Remember our “no suffix” file set?
“UNIX file” can show the MIME
type
Binary Data?
Hex view of WAV file
Data Structure
Hex view of WAV header
(annotated)
This structural information is called “header”, because it’s usually
found on top of a binary file, since it’s the very first thing that
needs to be read in order to make sense of the bytes that are coming.
BMP Image
GIF Image
JPEG Image
PNG Image
WAV Audio
WAV Header
Comments?
Questions?