How To Read Binary File In Linux : Examining Hex Dump Outputs

by

Reading a binary file in Linux requires tools that translate machine code into a human-readable format like hexadecimal. Understanding how to read binary file in linux is essential for debugging, reverse engineering, or analyzing system data. This guide walks you through the most effective methods step by step.

Binary files store data as raw bytes, not plain text. Unlike text files, they can’t be viewed with a simple cat command. You need specialized utilities to interpret their structure. Linux offers several built-in tools for this task, each with unique strengths.

In this article, you’ll learn command-line techniques using xxd, od, hexdump, and hexedit. We’ll cover how to display, analyze, and even edit binary content. By the end, you’ll confidently handle any binary file on your system.

How To Read Binary File In Linux

Before diving into commands, it helps to understand what binary files are. They contain data in a format that computers process directly—sequences of bytes. Each byte can represent numbers, characters, or instructions. Tools like xxd convert these bytes into hexadecimal (base-16) for human reading.

Why use hex? Because it’s compact and maps directly to bytes. Two hex digits represent one byte (e.g., FF for 255). This makes it easier to spot patterns or anomalies in raw data.

Now let’s explore the main methods. Each tool has a slightly different output format. Choose based on your specific need—quick viewing, detailed analysis, or interactive editing.

Using Xxd For Binary File Viewing

xxd is part of the Vim editor package but works standalone. It’s one of the simplest ways to read binary files. Install it if missing: sudo apt install xxd (Debian/Ubuntu) or sudo yum install vim-common (RHEL/CentOS).

Basic usage: xxd filename. This outputs a hex dump with offset, hex values, and ASCII representation. For example, xxd myfile.bin shows:

00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000  .ELF............
00000010: 0200 3e00 0100 0000 5030 4000 0000 0000  ..>.....P0@.....

The left column is the byte offset (in hex). The middle columns show hex bytes. The right column displays printable ASCII characters, with dots for non-printable ones.

To limit output length, use -l (length): xxd -l 256 filename shows only the first 256 bytes. For plain hex without ASCII, add -p: xxd -p filename. This outputs a continuous hex string.

You can also reverse the process: convert hex back to binary with xxd -r. This is useful for patching files after editing.

Using Od (Octal Dump) For Binary Analysis

od is a classic Unix utility. It dumps files in octal, hex, decimal, or ASCII. By default, it uses octal format, but you can change it with options.

For hex output: od -A x -t x1z -v filename. Here’s what each flag does:

  • -A x: Display offset in hexadecimal
  • -t x1: Output one byte as hex
  • -z: Append ASCII representation
  • -v: Show all data (no asterisks for repeated lines)

Example output:

000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00  >.ELF............<
000010 02 00 3e 00 01 00 00 00 50 30 40 00 00 00 00 00  >..>.....P0@.....<

od is highly flexible. For decimal output: od -A x -t d1 -v filename. For octal: od -A x -t o1 -v filename. This makes it great for numerical analysis.

One tip: use od -c filename to see bytes as characters. It shows escape sequences like \0 for null bytes. This helps identify string boundaries.

Using Hexdump For Detailed Output

hexdump is another powerful tool, often used for forensic analysis. It's similar to od but with more formatting options. On some systems, it's a symlink to od; on others, it's separate.

Basic usage: hexdump -C filename. The -C flag gives canonical hex+ASCII output, like xxd. Example:

00000000  7f 45 4c 46 02 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
00000010  02 00 3e 00 01 00 00 00  50 30 40 00 00 00 00 00  |..>.....P0@.....|

You can customize the format with -e. For instance, hexdump -e '16/1 "%02x "' -e '"\n"' filename prints 16 bytes per line as hex. This is handy for scripting.

For large files, pipe output to less: hexdump -C filename | less. This lets you scroll through the dump without flooding your terminal.

Note: hexdump may not be pre-installed on minimal systems. Install it via sudo apt install bsdmainutils (Debian/Ubuntu) or sudo yum install util-linux (RHEL).

Using Hexedit For Interactive Editing

Sometimes you need to modify binary data, not just view it. hexedit is a terminal-based hex editor. It shows both hex and ASCII side by side, allowing direct editing.

Install it: sudo apt install hexedit or sudo yum install hexedit. Open a file: hexedit filename. Use arrow keys to navigate. Type hex digits to overwrite bytes. The ASCII side updates automatically.

Key shortcuts:

  • Ctrl+S: Save changes
  • Ctrl+X: Exit
  • Ctrl+U: Undo last change
  • Tab: Switch between hex and ASCII panels

For searching, press Ctrl+W and enter a hex pattern (e.g., 7f454c46 for ELF magic). This is invaluable for locating specific data structures.

Be cautious when editing binary files. A single wrong byte can corrupt the file. Always back up before making changes.

Comparing The Tools: When To Use Each

Each tool excels in different scenarios. Here's a quick comparison:

Tool Best For Output Format
xxd Quick viewing, hex-to-binary conversion Hex + ASCII, plain hex
od Flexible numeric formats (octal, decimal) Customizable
hexdump Forensic analysis, scripting Canonical hex+ASCII
hexedit Interactive editing Dual-pane hex/ASCII

For most users, xxd is the go-to choice. It's simple, widely available, and supports reverse conversion. Use od when you need decimal or octal output. hexdump shines in automated scripts. hexedit is essential for hands-on modifications.

Reading Specific Sections Of A Binary File

Often you only need part of a file. Use dd combined with hex tools to extract sections. For example, to read bytes 100-199 of a file:

  1. Extract the range: dd if=filename bs=1 skip=100 count=100 of=chunk.bin
  2. View it: xxd chunk.bin

Alternatively, use xxd -s 100 -l 100 filename. The -s flag sets the start offset (in bytes). This is faster for one-off checks.

For large files, consider using less with xxd: xxd filename | less. This avoids loading the entire dump into memory. You can search for patterns with / inside less.

Analyzing Binary File Headers

Many binary formats have identifiable headers. For example, ELF executables start with 7f 45 4c 46 (".ELF"). JPEG images begin with ff d8 ff e0. Recognizing these helps verify file types.

To check a header quickly: xxd -l 16 filename. This shows the first 16 bytes. Compare with known magic numbers. Online databases list common signatures.

For deeper analysis, use file command first: file filename. It identifies the format based on headers. Then use hex tools to inspect specific fields.

Scripting Binary File Reading

Automate repetitive tasks with shell scripts. For example, to extract all printable strings from a binary:

#!/bin/bash
xxd -c 1 filename | awk '{print $2}' | while read byte; do
  if [[ $byte =~ ^[2-7][0-9a-f]$ ]]; then
    printf "\\x$byte"
  fi
done
echo

This converts each byte to a character if it's in the ASCII printable range (0x20-0x7E). For a more robust solution, use strings command: strings filename.

Another common script: convert binary to C array for embedded programming. Use xxd -i filename. This outputs an array definition ready for C code.

Common Pitfalls And Troubleshooting

New users often make these mistakes:

  • Using cat on binary files—this garbles your terminal. Reset with reset command.
  • Forgetting to specify byte count with xxd -l, causing massive output.
  • Mixing up octal and hex. od defaults to octal; always use -t x1 for hex.
  • Editing without backup. Use cp filename filename.bak first.

If a tool isn't found, install the appropriate package. For xxd, install vim-common or xxd separately. For hexdump, install bsdmainutils.

Some binary files are protected (e.g., system files). Use sudo to read them: sudo xxd /dev/sda1. Be extremely careful—writing to raw devices can destroy data.

Advanced: Using Python For Binary Reading

For complex analysis, Python's struct module is powerful. Example script:

import struct
with open('filename', 'rb') as f:
    data = f.read(16)
    # Unpack as 4 little-endian 32-bit integers
    values = struct.unpack('<4I', data)
    print(values)

This interprets bytes as integers. Adjust format string for different types (e.g., 'h' for short, 'd' for double). Python gives you full control over parsing.

For interactive exploration, use ipython with %xxd magic command (if installed). This combines Python's power with hex viewing.

Security Considerations

Binary files can contain malware. Always scan unknown files with antivirus before analysis. Use a virtual machine for suspicious files. Avoid running untrusted binaries.

When editing system files, make backups and verify checksums. A corrupt binary can break your system. Use md5sum or sha256sum to track changes.

For sensitive data (e.g., encrypted files), hex dumps may reveal partial content. Use chmod 600 on output files to restrict access.

Frequently Asked Questions

What Is The Easiest Way To Read A Binary File In Linux?

The easiest method is using xxd filename. It shows a clear hex and ASCII dump. For a quick peek, use xxd -l 64 filename to see the first 64 bytes.

Can I Read A Binary File Without Installing Extra Tools?

Yes. od and hexdump are pre-installed on most Linux distributions. Use od -A x -t x1z filename for hex output. xxd may require installation if Vim isn't installed.

How Do I Convert A Binary File To Text?

Use xxd -p filename to get a continuous hex string. For ASCII extraction, use strings filename to extract printable character sequences. Neither fully converts binary to readable text—some data is inherently non-textual.

What Is The Difference Between Hexdump And Xxd?

Both produce similar output. xxd is simpler and supports reverse conversion (xxd -r). hexdump offers more formatting options with -e and is often preferred for scripting. Choose based on availability and personal preference.

How Can I Edit A Binary File In Linux?

Use hexedit for interactive editing. For command-line patching, use xxd to dump to hex, edit the text, then convert back with xxd -r. Always back up the original file before editing.

Now you have a complete toolkit for reading binary files in Linux. Start with xxd for quick checks, od for numeric analysis, and hexedit for modifications. Practice on sample files to build confidence. Remember to use caution with system files and unknown binaries. Happy hex dumping!