It doesn't really seem like grep to me. grep takes 2 inputs: a text and a search string. bingrep only takes one input, a binary. Without a search string it's hard to really say this is like grep.
It seems similar to objdump but with somewhat differing information and with coloring.
Ok, grep is a misnomer, but can we assume it was named binless and talk about the merits of this tool? It looks super useful.
I can see how it fills a gap. I am not very often examining binaries, so I can be wrong about it but am i wrong in assuming that objdump will simply list the parts it manages to interpret from a file and silently ignores gibberish or unsupported sections?
I have alway wanted an ability to examine a binary files in a way a bit more interpreted than an hex editor, but without missing any "gibberish" part.
I can see that tool as a nice addition to a binary forensics toolbox
> Ok, grep is a misnomer, but can we assume it was named binless and talk about the merits of this tool?
The name of the tool is part of the tool, and part of using it will be for me to share it with other people & explain, it's called bingrep by it's not like grep (despite what the project readme says). People who are busy may see that as a signal that the project values communication lower than features, or that they made a mistake and either: know they did but choose not to acknowledge/act to fix it; or don't recognize it (how many other mistakes might they have made? Any which affect its operation?)
Like this is the impression a colleague might get when spending 5 seconds listening to me mention it to them when getting a fresh coffee refill from the office kitchen.
It is hardly complete, but it does highlight section headers (and decode them into human readable format). One of the next features I want to implement is to skip to the section body, but I haven't had much time to work on it recently so it got put on the backburner.
Also, I realized while writing this that the repo doesn't have a readme, so if you want to check it out you'll have to install it. If you are interested, I might be able to make a decent readme tomorrow.
The only thing the -U does is to not strip carriage returns embedded in the file.
But if you do, for example, grep NSA_KEY suspiciousfile.exe, you're either going to get:
(a) "Binary file suspiciousfile.exe matches" (which is what I get on the particular system I tried it on, and I'd call that semi-useful because I'd like to see some context around it)
or possibly,
(b) a 50,000-character gibberish output to your shell containing somewhere within it the string "NSA_KEY" if you can possibly scroll through it to see where it appeared.
I think strings, or this bingrep, or some other binary-aware strings-like tool is better.
[+] [-] Buge|8 years ago|reply
It doesn't really seem like grep to me. grep takes 2 inputs: a text and a search string. bingrep only takes one input, a binary. Without a search string it's hard to really say this is like grep.
It seems similar to objdump but with somewhat differing information and with coloring.
[+] [-] fnj|8 years ago|reply
[+] [-] rickycook|8 years ago|reply
[+] [-] Iv|8 years ago|reply
I can see how it fills a gap. I am not very often examining binaries, so I can be wrong about it but am i wrong in assuming that objdump will simply list the parts it manages to interpret from a file and silently ignores gibberish or unsupported sections?
I have alway wanted an ability to examine a binary files in a way a bit more interpreted than an hex editor, but without missing any "gibberish" part.
I can see that tool as a nice addition to a binary forensics toolbox
[+] [-] falsedan|8 years ago|reply
The name of the tool is part of the tool, and part of using it will be for me to share it with other people & explain, it's called bingrep by it's not like grep (despite what the project readme says). People who are busy may see that as a signal that the project values communication lower than features, or that they made a mistake and either: know they did but choose not to acknowledge/act to fix it; or don't recognize it (how many other mistakes might they have made? Any which affect its operation?)
Like this is the impression a colleague might get when spending 5 seconds listening to me mention it to them when getting a fresh coffee refill from the office kitchen.
[+] [-] thethirdone|8 years ago|reply
It is hardly complete, but it does highlight section headers (and decode them into human readable format). One of the next features I want to implement is to skip to the section body, but I haven't had much time to work on it recently so it got put on the backburner.
Also, I realized while writing this that the repo doesn't have a readme, so if you want to check it out you'll have to install it. If you are interested, I might be able to make a decent readme tomorrow.
[+] [-] mfukar|8 years ago|reply
What gap is that? I can't see anything I wouldn't find in existing tools.
If all it offers is a prettifier, I'd rather it were just that.
[+] [-] haberman|8 years ago|reply
https://github.com/google/bloaty
[+] [-] HappyTypist|8 years ago|reply
[+] [-] known|8 years ago|reply
[+] [-] jpeg_hero|8 years ago|reply
grep -U
[+] [-] mysterypie|8 years ago|reply
But if you do, for example, grep NSA_KEY suspiciousfile.exe, you're either going to get:
(a) "Binary file suspiciousfile.exe matches" (which is what I get on the particular system I tried it on, and I'd call that semi-useful because I'd like to see some context around it)
or possibly,
(b) a 50,000-character gibberish output to your shell containing somewhere within it the string "NSA_KEY" if you can possibly scroll through it to see where it appeared.
I think strings, or this bingrep, or some other binary-aware strings-like tool is better.
[+] [-] liveoneggs|8 years ago|reply
[+] [-] neatmonster|8 years ago|reply
[+] [-] partycoder|8 years ago|reply
- EDB debugger (like OllyDbg, qt based) https://github.com/eteran/edb-debugger
- HT editor (opensource clone of Hiew, curses based) http://hte.sourceforge.net/screenshots.html
Both provide this functionality as well.
[+] [-] server_bot|8 years ago|reply
[+] [-] lamby|8 years ago|reply
[+] [-] bechampion|8 years ago|reply