Skip to content
Home » Want to Find Hidden Strings in Your Binary Files? Try the Strings Command in Linux

Want to Find Hidden Strings in Your Binary Files? Try the Strings Command in Linux

The Linux “strings” command extracts readable text from binary files, enabling users to search for strings in files, filter the output using regular expressions, and perform a recursive search for strings across multiple files. The command is easy to use and comes with options and flags that can be combined with other Linux commands. It has various use-cases, including forensics, debugging, reverse engineering, and security.

Basic Usage of Strings Command

The syntax of the strings command is straightforward. To use it, simply type “strings” followed by the path to the file you want to extract strings from. For example, to extract strings from a binary file called “example_binary,” you would run the following command:

strings example_binary

This command will output all printable characters from the file, including text strings, numbers, and symbols.

Advanced Usage of Strings Command

The strings command comes with several options and flags that can be used to customize its output. Here are some examples of how to use the options and flags with the strings command:

Filtering output using regular expressions

To filter the output of the strings command using regular expressions, you can use the “egrep” command. For example, to search for strings containing “itvraag.nl” or “simple”, you would run the following command:

strings example_binary | egrep "itvraag.nl|simple"

This command will output only the strings that match the regular expression.

Recursive search for strings in multiple files

To perform a recursive search for strings in multiple files, you can use the “find” command. For example, to search for strings containing “itvraag.nl” in all files in the “/path/to/directory” directory, you would run the following command:

find /path/to/directory -type f -exec strings {} \; | grep "itvraag.nl"

This command will search for strings in all files in the directory and its subdirectories and output only the ones that contain “itvraag.nl.”

Best Practices for Using Strings Command

Here are some best practices to follow when using the strings command:

Limiting the output using -n option

The “-n” option can be used to limit the number of characters that the strings command outputs. For example, to output only the first 10 characters of each string, you would run the following command:

strings -n 10 example_binary

This command will output only the first 10 characters of each string found in the file.

Ignoring non-printable characters using -a option

The “-a” option can be used to ignore non-printable characters in the output. For example, to output only printable characters and ignore non-printable characters, you would run the following command:

strings -a example_binary

This command will output only printable characters and ignore non-printable ones, such as control characters.

Combining strings command with other Linux commands

The strings command can be combined with other Linux commands, such as grep, sort, and uniq, to perform more complex operations. For example, to count the number of times the string “itvraag.nl” appears in the file and output the results sorted by frequency, you would run the following command:

strings example_binary | grep "itvraag.nl" | sort | uniq -c

This command will count the number of occurrences of the string “itvraag.nl” and output the results sorted by frequency.

Cheat Sheet

Here’s a cheat sheet for the “strings” command in Linux:

CommandDescription
strings [file_path]Extracts printable strings from a binary file
strings [file_path]egrep “[regular_expression]”
find [directory_path] -type f -exec strings {} \;grep “[search_string]”
strings -n [number_of_characters] [file_path]Limits the output of the strings command to a specified number of characters
strings -a [file_path]Ignores non-printable characters and outputs only printable characters
strings [file_path]grep “[search_string]”

Binary File For Practice

Here is an example of a binary file that you can use to practice the strings command in Linux:

00000000  50 4b 03 04 0a 00 00 00  00 00 e3 2e 91 40 11 00  |PK...........@..|
00000010  00 00 0f 00 00 00 08 00  2e 74 78 74 55 54 09 00  |..........txtUT..|
00000020  03 e5 a5 d5 b5 75 f5 94  24 e6 a7 d7 b7 77 f7 b4  |.....u..$....w..|
00000030  25 e5 a4 d4 b4 74 f4 93  23 e4 a6 d6 b6 76 f6 b7  |%....t..#....v..|
00000040  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20  |                |
*
00000060  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20  |                |
*
00000080  41 63 63 65 73 73 20 47  72 61 6e 74 65 64 2c 20  |Access Granted, |
00000090  77 65 6c 6f 6d 65 20 74  6f 20 69 74 76 72 61 61  |welcome to itvraag|
000000a0  67 2e 6e 6c 2c 20 68 6f  6d 65 20 6f 66 20 74 68  |.nl, home of th|
000000b0  65 20 62 72 61 76 65 2e  20 57 68 61 74 20 69 73  |e brave. What is|
000000c0  20 79 6f 75 72 20 70 61  73 73 77 6f 72 64 3f 0a  | your password?.|
000000ce

This example binary file contains both printable and non-printable characters, including a text string “Access Granted, welcome to itvraag.nl, home of the brave. What is your password?”. By using the strings command on this file, you can extract the text string and filter out the non-printable characters.

To save the binary file and work with it, you can use a text editor such as nano or vim and copy the binary content into a new file. Here’s an example of how to save the binary content into a new file called “example_binary”:

  1. Open a text editor and create a new file called “example_binary”.
  2. Copy the binary content from the example I provided into the text editor.
  3. Save the file as a binary file using the following command: $ sudo chmod +x example_binary This command will give execute permission to the binary file so that you can run it using the command-line.
chmod permissions on binary example

You can then use the strings command to extract text from the binary file as shown in the previous examples.

FAQs about Strings Command

Here are some frequently asked questions about the strings command:

What is the difference between strings and grep commands?

The strings command is used to extract readable text from binary files, while the grep command is used to search for text strings in files. The strings command is useful when you need to extract text from a file that contains non-textual data, such as executable files, object files, and libraries.

Can strings command be used to recover deleted data?

The strings command cannot be used to recover deleted data from a file. It only extracts the data that is still present in the file. However, it can be useful in recovering passwords and other sensitive information that may have been stored in a file.

How can I use strings command to find a specific string in a binary file?

To use the strings command to find a specific string in a binary file, you can pipe its output to the grep command. For example, to search for the string “itvraag.nl” in a binary file called “example_binary,” you would run the following command:

strings example_binary | grep "itvraag.nl"

This command will output only the strings that contain the string “itvraag.nl.”

Is there a way to exclude certain strings from the output?

To exclude certain strings from the output of the strings command, you can use the “grep -v” command. For example, to exclude strings containing “example.com” from the output of the strings command, you would run the following command:

strings example_binary | grep -v "example.com"

This command will output only the strings that do not contain the string “example.com.”

Conclusion

In this guide, we covered everything IT professionals need to know about the strings command in Linux. We explained its basic and advanced usage, best practices, and FAQs. We also provided command-line examples and use-cases that can help you become more proficient in using the strings command. By mastering the strings command, you can improve your command-line skills and become a more effective IT professional.

Leave a Reply

Your email address will not be published. Required fields are marked *

11 + ten =