loading...
Cover image for Strings: A Neat Hexdump Alternative

Strings: A Neat Hexdump Alternative

rpalo profile image Ryan Palo Originally published at assertnotmagic.com ・2 min read

I was working through my most recent class, Application Security, and one of the exercises required us to find a secret message hidden in an image. Now, I know you can do this manually with hexdump -C. That output looks something like this:

A screenshot of the output of hexdump, showing rows of hex data with a sidebar of ASCII text.

This is fine unless your image is huge or your secret message has a bunch of garbage bytes mixed into it for extra secrets. So I was trying to look up a way to get it to just kick out the ASCII output on its own so I could use other tools like grep to search through it, when I stumbled over a reference to the strings command. What is the strings command?

strings - find the printable strings in a object, or other binary, file

Well, OK then! Granted, when you read through the man page for it, it proclaims itself as a very simple string-finding algorithm, but good as a first easy pass.

Instead of the above hexdump output, you get something like this:

B*M)M1,
a&%5
%PJ)
XJ)FO
KL\I!D
Y}RJ

Which is way more searchable, awkable, etc.!

Take this image here:

A cute picture of a puppy.

Cute puppy, right? Yes, but it is also a puppy full of secrets.

Give it a try. Download it and then run:

strings secret_puppy.png

Find anything fun?

This method won’t find every hidden string in every secret image or binary file, but it’s a quick, easy command and much more useful than hexdump for some things!

Discussion

pic
Editor guide
Collapse
skhmt profile image
Mike S

Huh, I've never seen text just appended to an image or binary to hide it.
They usually just modify the least significant bit of each color channel in each pixel and use those to construct a new binary, so 2 pixels per byte/character (r, g, b, a).

Collapse
rpalo profile image
Ryan Palo Author

Yeah, I was looking for a quick and dirty way to do an example, but you're right. There are a lot more common and better ways to hide text in images. I knew they were out there, but I appreciate you explaining it here. Thanks!

Collapse
jessrud profile image
Jesse Rudolph

Unfortunately for future readers, cloud foundry converted it to a jpeg and destroyed your message!

I was able to download it from the original link embedded in the cloud foundry link though. Thats the kind of hacker I am, reverse engineering CDN stego clobbering.