I lately observed that grep can be used to search (try searching a function name) binaries and object files. Here is an example:
$ grep “main” a.out
Binary file a.out matches
How can grep find names in a binary file? Is a.out not completely a binary file(does it contain some symbols?) ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Consider this another way. How can you store anything in ones and zeros?
Is not every file binary?
What makes a binary file binary? That it doesn’t look like a text file,
but that’s about it. Just because something is compiled doesn’t mean
there are not strings in it. A fun security-ish example of this is when
somebody “secures” an application by requiring a password inside it when
that password is just assigned as a constant or something without any
obfuscation or hashing. Run strings against the file, find the right
string that is the super-secret password, run the file without issues.
Good luck.
On 09/29/2010 09:06 PM, soldier101 wrote:
>
> I lately observed that grep can be used to search (try searching a
> function name) binaries and object files. Here is an example:
> $ grep “main” a.out
> Binary file a.out matches
>
> How can grep find names in a binary file? Is a.out not completely a
> binary file(does it contain some symbols?) ?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMpAawAAoJEF+XTK08PnB5sYcQAMVNLr5VeTZ9nBw/hako74lo
/Wto3Om+unoW9mWpErJXBM87GfW7ThZuEVi+XYJG1gAeR9g3U9ttG1r4Lsvh+M6t
G0Fw+8jRyqOZiCSFFoXwREMy5rmNi8dH3JcNaK5UbyYhz24e4Bv1T4xc8Y+Y62TT
EQz+omBR3NNTmeZCf/YJRXP0WpPQ0fuy9vxlyzcynJ5HGnD7LmSXh1cZEv7/RShh
rBsnapzS9RTLXW+oQSA4PZlsSwlKm/xhYCy2VNHu8H0pjy4BPU72q3+pwYpfH48e
f4ohGXdW/AJf9/xfB32VQupw4QbJVqHmawWSX9RzUKs4fAw6rY+yAD+i9ZZxdr6M
zPUivTZyYl75z182TSb60/NJvlcyDu42nKqv4Ek9rDcxmUS591t35RCUP3iybzpU
TSTzNpasRlsYppqu1URDVuKAJW+Ph+esoAR5+hUz6XcWBCyKisVzK75RvnmoIDb5
V/MBLlaTtphJLfCf2nQZW4dUVT/k5WJXC1VKCZU9viO3GWSLHhDjdhwFVtOBzDLl
zOAR3B1M5LVg4lAJ2Ao5jaP2QaIHDBZFSP9Izx/yso7dz4XbXjvIZ3mVKP4jfZzV
8nHZ827Fqm6+33kH/47sl21+bHrpAymO0xiOPDESSYJWA4eCBhR5OU5sh1I2B4Sl
wIBmQj0Tz7wHRb+2C6Ab
=SJwn
-----END PGP SIGNATURE-----
Yes, it contains symbols. It also contains any character strings used in the program.
The “strip” command will remove some of the symbols.
strings a.out
will list some strings, but not all of the recorded symbols.
strings -a a.out
will also list the symbols.
I think the limitation is not in reading strings in binaries in the case of grep but in printing them to standard output (or more precisely to the terminal). You can use the quiet option of grep and take an action depending on the result :
grep -q ‘main’ /usr/bin/calendar && echo “Yep!”
In principle every file on Unix/Linux is a binary file. Text files are just a special case where by application (not kernel) convention lines are separated by NL and the content is generally human readable. grep works on line oriented files. So it’s treating your executable as a file of mostly “very long” lines, separated where there happens to be a NL by chance.