DEV Community

Cover image for Strings: A Neat Hexdump Alternative
Ryan Palo
Ryan Palo

Posted on • Originally published at assertnotmagic.com

Strings: A Neat Hexdump Alternative

I was working through my most recent class, Application Security, and one of the exercises required us to find a secret message hidden in an image. Now, I know you can do this manually with hexdump -C. That output looks something like this:

A screenshot of the output of hexdump, showing rows of hex data with a sidebar of ASCII text.

This is fine unless your image is huge or your secret message has a bunch of garbage bytes mixed into it for extra secrets. So I was trying to look up a way to get it to just kick out the ASCII output on its own so I could use other tools like grep to search through it, when I stumbled over a reference to the strings command. What is the strings command?

strings - find the printable strings in a object, or other binary, file

Well, OK then! Granted, when you read through the man page for it, it proclaims itself as a very simple string-finding algorithm, but good as a first easy pass.

Instead of the above hexdump output, you get something like this:



B*M)M1,
a&%5
%PJ)
XJ)FO
KL\I!D
Y}RJ


Enter fullscreen mode Exit fullscreen mode

Which is way more searchable, awkable, etc.!

Take this image here:

A cute picture of a puppy.

Cute puppy, right? Yes, but it is also a puppy full of secrets.

Give it a try. Download it and then run:



strings secret_puppy.png


Enter fullscreen mode Exit fullscreen mode

Find anything fun?

This method won’t find every hidden string in every secret image or binary file, but it’s a quick, easy command and much more useful than hexdump for some things!

Top comments (3)

Collapse
 
skhmt profile image
Mike

Huh, I've never seen text just appended to an image or binary to hide it.
They usually just modify the least significant bit of each color channel in each pixel and use those to construct a new binary, so 2 pixels per byte/character (r, g, b, a).

Collapse
 
rpalo profile image
Ryan Palo

Yeah, I was looking for a quick and dirty way to do an example, but you're right. There are a lot more common and better ways to hide text in images. I knew they were out there, but I appreciate you explaining it here. Thanks!

Collapse
 
jessrud profile image
Jesse Rudolph

Unfortunately for future readers, cloud foundry converted it to a jpeg and destroyed your message!

I was able to download it from the original link embedded in the cloud foundry link though. Thats the kind of hacker I am, reverse engineering CDN stego clobbering.