
Bingrep: Like grep, but for binaries - adulau
https://github.com/m4b/bingrep
======
Buge
>like grep, but for binaries

It doesn't really seem like grep to me. grep takes 2 inputs: a text and a
search string. bingrep only takes one input, a binary. Without a search string
it's hard to really say this is like grep.

It seems similar to objdump but with somewhat differing information and with
coloring.

~~~
rickycook
possibly more like "less" but for binaries?

~~~
swetland
The sample output on the github page looks a lot like the sort of information
you get from "readelf -a ...", but colorized.

------
Iv
Ok, grep is a misnomer, but can we assume it was named binless and talk about
the merits of this tool? It looks super useful.

I can see how it fills a gap. I am not very often examining binaries, so I can
be wrong about it but am i wrong in assuming that objdump will simply list the
parts it manages to interpret from a file and silently ignores gibberish or
unsupported sections?

I have alway wanted an ability to examine a binary files in a way a bit more
interpreted than an hex editor, but without missing any "gibberish" part.

I can see that tool as a nice addition to a binary forensics toolbox

~~~
thethirdone
In the case that you are interested, I made a tool for editing ELF files by
hand ([https://github.com/TheThirdOne/elf-
edit](https://github.com/TheThirdOne/elf-edit)).

It is hardly complete, but it does highlight section headers (and decode them
into human readable format). One of the next features I want to implement is
to skip to the section body, but I haven't had much time to work on it
recently so it got put on the backburner.

Also, I realized while writing this that the repo doesn't have a readme, so if
you want to check it out you'll have to install it. If you are interested, I
might be able to make a decent readme tomorrow.

~~~
mmjaa
Does it do .NOTEs?

~~~
thethirdone
.notes aren't standardized so I don't know of a good strategy to highlight and
decode them.

IIRC .note.gnu.build-id is just ascii text so it should be pretty easy to
understand anyway.

I would think many others are also just text, but I don't know much about
.notes in general because I was focusing on standardized, general ELF stuff.

~~~
mmjaa
Well, .notes are standard ELF .. the reason I'm asking is because .notes are
for vendors, and well .. this seems like a tool-of-interest to vendors, y'know
..

------
haberman
If you're into stuff like this, you might like my project Bloaty McBloatface,
which can dump size profiles of binaries:

[https://github.com/google/bloaty](https://github.com/google/bloaty)

~~~
HappyTypist
Is this in /google/ because of copyright reasons?

~~~
haberman
More or less. It's copyright Google because I am a Google employee and it's
related to my work. But it's fully open-source (Apache 2) and I'm the only one
really developing it or deciding things about it.

------
known
I use
[https://en.wikipedia.org/wiki/Strings_%28Unix%29](https://en.wikipedia.org/wiki/Strings_%28Unix%29)

------
jpeg_hero
I'm confused, grep has bianary options.

grep -U

~~~
mysterypie
The only thing the -U does is to not strip carriage returns embedded in the
file.

But if you do, for example, _grep NSA_KEY suspiciousfile.exe_ , you're either
going to get:

(a) "Binary file suspiciousfile.exe matches" (which is what I get on the
particular system I tried it on, and I'd call that semi-useful because I'd
like to see some context around it)

or possibly,

(b) a 50,000-character gibberish output to your shell containing somewhere
within it the string "NSA_KEY" if you can possibly scroll through it to see
where it appeared.

I think strings, or this bingrep, or some other binary-aware strings-like tool
is better.

~~~
an27
Unless you use -o/\--only-matching, that works fine for binaries!

------
liveoneggs
this is just the front end to the (same author's) more interesting library:
[https://github.com/m4b/goblin](https://github.com/m4b/goblin)

------
neatmonster
For indexing and searching into binary files, see also:
[https://github.com/ANSSI-FR/Binacle](https://github.com/ANSSI-FR/Binacle)

------
partycoder
I recommend:

\- EDB debugger (like OllyDbg, qt based) [https://github.com/eteran/edb-
debugger](https://github.com/eteran/edb-debugger)

\- HT editor (opensource clone of Hiew, curses based)
[http://hte.sourceforge.net/screenshots.html](http://hte.sourceforge.net/screenshots.html)

Both provide this functionality as well.

------
server_bot
While this does support multiple file formats, there already exists a far more
robust utility for ELFs, "readelf" in the the GNU binutils:
[https://sourceware.org/binutils/docs/binutils/readelf.html](https://sourceware.org/binutils/docs/binutils/readelf.html)

------
lamby
See also: [https://diffoscope.org](https://diffoscope.org)

------
bechampion
bingrep | grep

