Contents |
Seaching with searchbin
Search through binary files.
Once in a while you might find the need to search inside of a binary file. For example, I once permanently deleted a text file on my system and needed to recover it. To do this I needed to search /dev/sda1 as root.
This can be done using the fast program- SearchBin.
Download Link: https://bitbucket.org/Sepero/searchbin/get/tip.zip
Using SearchBin you can search any binary data. You can search for a text string, hexidecimal bytes, or even another binary/text file.
To find my deleted file on the harddrive, I have to remember some of the text that was in the file, and search for that text.
$ sudo ./searchbin.py -t "Hello there" /dev/sda1 Match at offset: 1881 759 in /dev/sda1 Match at offset: 7284 1C74 in /dev/sda1 Match at offset: 7420 1CFC in /dev/sda1
It will print out all the locations where "Hello there" is found. (Search is case sensitive) After you find the matching offset, you can open /dev/sda1 with a program like hexedit and copy out all the information you need. (Press Enter in hexedit to go directly to any offset)
This method can also be used for hacking game save files. If your character has 89 gold coins, then you will want to search for the hexidecimal of that number- 59 (be sure to make a backup of your game save) Hexedit the file to edit in whatever amount of gold/health/lives you want.
$ ./searchbin.py -p "59" gamesave.file
I once accidentally deleted an encrypted harddrive partition, and no rescue program can identify an encrypted partition. Luckily I had a copy of the first 512 bytes of the encrypted partition. Using SearchBin, I was able to find the location of my encrypted partition again and restore it fully!
$ sudo ./searchbin.py -f 512.head /dev/sda
For a skilled individual, there are a ton of potential uses with SearchBin. It's all up to your imagination.
Note: Searching for raw files on your harddrive is not always fullproof, because files can become fragmented.
To find offset matches in binary files using searchbin, run it like this:
$ ./searchbin.py -p "0xFF14DE" gamefile.db Match at offset: 907 38B in gamefile.db Match at offset: 1881 759 in gamefile.db Match at offset: 7284 1C74 in gamefile.db Match at offset: 7420 1CFC in gamefile.db Match at offset: 8096 1FA0 in gamefile.db
It also allows for limited wildcard searching ("FF??DE"), and searching using an intermediate binary file. Find out more here: http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html
Can you think of more good uses for searchbin?
Originally posted The Ubuntu Forums (ubuntuforums.org)
Originally posted The Ubuntu Forums (ubuntuforums.org)