Of course a simple hex editor or even xxd will easily show you a hex/ascii representation of a binary file. But is there any good software that understands many binary formats and can for example show me what header values a gzip file contains?<p>I think a terminal application that understands this for many different formats and easily allows you to add more formats would be very helpful
Hexdump, xdd, Binwalk, Binary Ninja, and Ghidra, along with a good text editor that supports hex, I use vi like this:<p>$ xxd /bin/ls | vi - /to open file
: xxd -r /to save files<p>for gzip files, extract those, that is the best representation of what’s inside IMO, then look at those binary individually.
Good luck!
There are a few hex/disk editors that support "templates" (but you need most times to create those yourself).<p>Here is a sort of "curated list" of related tools:<p><a href="https://github.com/dloss/binary-parsing" rel="nofollow">https://github.com/dloss/binary-parsing</a><p>The most complete/populated I know of is Kaitai:<p><a href="http://kaitai.io/" rel="nofollow">http://kaitai.io/</a><p><a href="http://formats.kaitai.io/" rel="nofollow">http://formats.kaitai.io/</a><p>that you can use with Hiew with Kiewtai<p><a href="https://github.com/taviso/kiewtai" rel="nofollow">https://github.com/taviso/kiewtai</a><p>If the question is slightly different, i.e. which bytes are used to identify a given file format, there is Trid:<p><a href="https://mark0.net/soft-trid-e.html" rel="nofollow">https://mark0.net/soft-trid-e.html</a><p>Which has also a database of known headers/patterns.
Lately I've been using ImHex a lot [1], it's a modular hex editor that has schema files for different file formats which comes in handy when you work a lot on reverse engineering memdumps from firmware flash files.<p>It also has fuzzy finding features of known file format headers, so it can also be used to recover things from dd images, though it can be laggy sometimes when walking through a couple GBs of data.<p>[1] <a href="https://github.com/WerWolv/ImHex" rel="nofollow">https://github.com/WerWolv/ImHex</a>
I never used it but GNU poke <a href="http://www.jemarch.net/poke" rel="nofollow">http://www.jemarch.net/poke</a> seems like what you're looking for.
hexdump -v and less.<p>I recently had some issues with objdump generated files and would love to have an utility which would make it easy to understand where the different sections from an elf file are in the binary (.bin file used for embedded system). I guess that I should write a script for this if it's not already present.