McAfee FileInsight
FileInsight is a free hex editor for Windows from McAfee Labs. The product, of course, performs all the standard functionality that accompanies such software, offering a convenient interface for viewing and editing files in hexadecimal and text modes. But this is just a drop in the ocean if you look at all its functionality. It's worth starting with the fact that FileInsight is capable of parsing the structure of executable binaries for Windows (PE files), as well as OLE objects of Microsoft Office. Not only that, but the user is offered a built-in x86 disassembler. Just select the part of the file that you want to view as readable code, and FileInsight will show this fragment as a listing of assembly instructions. The disassembler is especially useful when looking for shellcode in malicious files. Other options that reversers will appreciate include the ability to import structure declarations. To do this, the program just needs to specify a header file with declarations like:
struct ANIHeader { DWORD cbSizeOf; // Num bytes in AniHeader DWORD cFrames; // Number of unique Icons DWORD cSteps; // Number of Blits };
In this case, the program itself will parse such structures. However, many intuitive algorithms for code processing are offered by default. We are talking, first of all, about decoding many obfuscation methods (xor, add, shift, Base64, etc.) - built-in scripts make such crypto protection a one-two punch. It should be noted here that the object of research does not necessarily have to be a binary; it can also be an ordinary web page that arouses suspicion. The program allows you to automate many actions using simple JavaScript scripts or Python modules, of which many have already been written. Alas, with all its advantages, FileInsight also has a serious drawback, which is the inability to process large files. For example, if you try to feed a file of 400-500 MB in size to the utility, the error “Failed to open document” appears.
A few examples
Derivative colors of the same hue
One of the most common tasks: to make a component that will take one single base shade, but consist of several variations of it.
In my example, this is a typical alert in which the text, background and stroke colors have the same hue and saturation but different brightness: .success { border-color: hsl(120, 50%, 40%); color: hsl(120, 50%, 20%); background-color: hsl(120, 50%, 90%); } Do you see how beautiful and clear it is? It is immediately clear that this is one “family” of colors. In other formats it would look something like this: /* rgb */ .alert { border-color: rgb(51, 153, 51); color: rgb(25, 77, 25); background-color: rgb(217, 242, 217); } /* hex */ .alert { border-color: #339933; color: #194d19; background-color: #d9f2d9; } I don’t know about you, but it’s hard for me to say, looking at code like this, whether these colors are somehow related or not. But these are minor things. The real power comes from using css custom properties.
As they say, watch your hands. If we make any component of a color, such as hue, variable, then we can easily create an infinite number of variations of our component by changing only the base hue in it. And all derivatives will be repelled from it.
.alert { border-color: hsl(var(-hue), 50%, 40%); color: hsl(var(-hue), 50%, 20%); background-color: hsl(var(-hue), 50%, 90%); }
Bleaching
In this example, the disabled button has reduced saturation.
It still has a subtle blue tint to it, but it's almost grey. And when hovered, the button maintains hue and saturation, but becomes darker. To solve this problem, it is enough to change just one of three parameters to get a derivative, but similar color. Which is not so easy to do when using rgb or hex.
As in the first example, you can easily change the hue without affecting all the other color characteristics in your component.
Color inheritance
One of the coolest techniques: creating one shade, starting from another.
This is achieved by simple addition in calc(). :root{ —hue: 120; } header { background-color: hsl(var(-hue), 30%, 20%) } header button { background-color: hsl(calc(var(-hue) + 130), 80%, 50%) } B In this example, the hue of the button depends (+130° on the color wheel) on the hue of the container. In this simple way, you can create full-fledged flexible color palettes for your sites by setting just one basic shade and building on it. And all your components will maintain saturation and brightness, as demonstrated in the previous examples.
Hex Editor Neo
There are two versions of this hex editor from HDD Software - a simple free version and an advanced commercial version. The freeware option is a solid, but unremarkable HEX editor that has a cool, customizable interface with support for different color schemes. No more. But the professional version of Hex Editor Neo provides several useful options that can be extremely useful when analyzing binaries. For example, the user gets the opportunity to decode code encrypted using the most common algorithms. In addition, it becomes possible to view and edit local resources such as NTFS streams, local disks, process memory, and RAM. The most complete version also includes support for a scripting language, which allows you to automate many processes using scripts in VBScript and JavaScript. But the best part is that you have a built-in disassembler at your disposal that works with x86, x64, and .NET binaries! Another feature is the quick creation of patches based on comparison of two binaries. Sounds impressive, but is it better than FileInsight? Probably not. FileInsight looks more functional overall. On the other hand, any, even the free version of Hex Editor Neo works great even with very large files and allows you to search for ASCII and Unicode strings. The disassembler here is not limited to just the x86 platform, and the built-in resource editor is very convenient. There's a lot to think about.
Other hex editors
There are other hex editors that are also worthy of attention and may come in handy.
Hexadecimal editor XVI32 simple and convenient
XVI32 is a free hexadecimal editor whose name comes from the Roman numeral XVI (16).
- Supports scripts to automate tasks.
- Search by pattern
- ASCII/ANSI
- Character conversion based on user definitions
- Writing individual blocks to a file
- And other possibilities...
- Stores the open file in memory, so large files will have problems.
- As such, there is no command history. This means that any changes you make are made "as is" and you will have to write them down or remember them.
Supports Windows 9x/NT/2000/XP/Vista/7
Hex editor HexEdit with a specialized calculator
HexEdit is another free binary editor from MiTeC.
- No need to install (portable)
- RAM and disk editor
- Specialized calculator
- Can compare files
- Can dump data from RAM to disk (create a dump)
- And others…
- Stores open files in memory
Supports Windows 2000 - Windows 7
Cygnus Free simple hex editor
Cygnus Free is a free hex editor that is one of the older versions of the commercial editor. Therefore functionality is limited.
- Fast and easy to use
- Quick search and replace
- Drag & drop
- And other possibilities...
- Stores an open file in RAM with all the ensuing problems
- The free version does not have technical support
- Trimmed for functionality
Supports Windows
FlexHex
FlexHex is a powerful commercial hex editor from Heaventools Software that includes many of the same features found in Hex Editor Neo. The only thing missing here is, perhaps, script support. But this full-featured editor handles binaries, OLE files, physical disks and alternative NTFS streams equally well. The latter is especially important because FlexHex allows you to edit data that other editors may not even see. In addition, you can immediately feel the focus on working with large amounts of information: no matter the size of the file, navigation through it is carried out without any lags or brakes. For even greater convenience, there is a system of convenient bookmarks. At the same time, FlexHex continuously keeps a history of all operations - you can cancel any action simply by selecting it from the list of changes (undo-list is not limited)! FlexHex supports all necessary operations with binary data, searching for ASCII and Unicode strings. If you need to process a structure with a previously known format, setting its parameters is not difficult using special tools. As a result, we get an excellent hex editor, but still much inferior to FileInsight. The only notable option is OLE file processing, but there are problems here too. Several times when trying to open an infected OLE, the program crashed with the error “The docfile has been corrupted.”
Hacker editor Hacker Viewer (Hiew).
To visually perceive hexadecimal code, we will use the wonderful simple but quite functional DOS editor Hacker Viewer (Hiew). You will find it in the D:\UTILS\HIEW\ folder (I hope that our DOS-1.rar has already been downloaded and DOSBox is installed and running).
Launch HIEW (Hacker Viewer).
Instructions for using Hiew for hackers from Chris Kaspersky can be found in the readme folder. Using the editor is simple and convenient.
Let's open our PRG.COM program using Hiew (file selection - F9). Using F4, select the HEX information display mode (as you already know, hexadecimal mode). You can use F4 or Enter to switch between display modes.
Switching display modes in Hacker Viewer.
Pay attention to the Decode position. Does this mean anything to you? Yes, yes, yes, Hiew has a built-in disassembler and even an assembler! You can make changes to the assembly code without leaving the editor and save the changes. The executable file will remain working - a brilliant program with amazing capabilities for its time!
You will see a similar display of the HEX number system in almost all debugging programs and file viewers. Move the cursor using the arrow keys on your keyboard. At the top you will notice a change in the pointer number.
Our first program in hexadecimal.
A pointer is one of the fundamental concepts in a programming system. We'll look at the basics of understanding how to work with a pointer later.
Hiew
Hiew, in terms of distribution method, is not much different from its colleagues - this is also a commercial product developed by our compatriot Evgeny Suslikov. Having a long history, the program is greatly loved by many information security specialists. There are quite obvious reasons for this - powerful capabilities for researching and editing the structure and content of executable files of both Windows (PE) and binaries for Linux (ELF). Another very useful feature for reverse engineering is the built-in x86-64 assembler and disassembler. The latter even supports ARM instructions. Needless to say, the editor perfectly digests large files and allows you to edit logical and physical drives. Many tasks are easily automated through a system of keyboard macros, scripts, and even an API for developing extensions (Hiew Extrenal Modules). But before you rush into battle, keep in mind that the Hiew interface is a DOS-like window, which is quite inconvenient to work with if you are not used to it. But you can experience all the charm of old school.
Radare
Radare is a set of free utilities for the Unix platform that provide cool file editing capabilities in HEX mode. It includes the hex editor itself (radare) with the ability to open local and remote files. The program analyzes executable files of various formats, both Linux (ELF) and Windows (PE). In addition to editing, the Radare package includes a tool for comparing binary files (radiff) and a built-in assembler/disassembler. And personally, a tool for generating shellcodes (rasc) came in handy a couple of times. Any operations can be easily automated and customized using a script system. Of the minuses, again, we can note the lack of a GUI interface - all actions are carried out from the command line, and you can fully work with the utilities only after reading the documentation. On the other hand, the site has visual screencasts demonstrating both the main points and little secrets (like connecting a Python plugin).
Features of online services for working with files
You need to remember that a “HEX editor” (“binary editor” or “byte editor”) is usually a computer program for working with binary (binary) code. The name "hex" is short for "hexadecimal", which refers to the hexadecimal number system, which positions the number 16 as the base (similar to the number 10 in the decimal system).
Display numbers from 1 to 10 in two number systems
The main purpose of “HEX editors” is parsing and editing floppy and hard drive sectors. However, these tools are actively used to analyze and edit the contents of many computer files.
Compared to desktop alternatives, an online HEX editor may have more limited capabilities. It usually runs in a browser window and does not support large files. Nevertheless, there are HEX services with quite powerful functionality that can attract the attention of professionals.
Working with HEX online is based on a standard algorithm. You go to such an online editor, load files into it for editing, make changes, and then save the result to your PC.
Let's move on to listing domestic and foreign HEX applications that allow you to edit a HEX file online.
So what should you choose?
We've reviewed several powerful hex editors that include useful options for analyzing suspicious files. Of all the products, FileInsight stands out, which, despite all its functionality (and it is truly impressive), remains free. 010 Editor provides a large number of templates for processing a wide variety of files, including PDF documents. This is a mega feature that should not be neglected. I use these two editors all the time; for the work of an analyst, perhaps, they are best suited. If we talk about working under the Unix platform, then, of course, we cannot forget about Radare. The package offers very powerful features, although it is difficult to use due to the fact that it runs from the command line. Hiew is also not very friendly, although its capabilities certainly allow you to perform a variety of operations with binaries. In addition, Hiew is the choice of a large number of real pros, and this is worth a lot (and means a lot). As for Hex Editor Neo, it is worth taking into account if you are interested in the ability to disassemble x86, x64 and .NET code.
Hex-works.com – performing HEX editing
The online HEX editor hex-works.com is presented in a beta version of the product, available online. Its capabilities are designed for analyzing and editing small binary files (for example, microcontroller flash memory, EEPROM dumps and other handy alternatives). The service has the ability to open, edit, compare and save files in various tabs.
A special feature of the application is the presence of color coding in the files. Work with the service is carried out according to a standard algorithm for such tasks; there is a Russian-language interface.
Hex-works.com editor allows you to use color schemes
INFO
Tell me, in which offline HEX editor is it possible for several people to work together? I do not know this. But it provides a completely free online service hexpaste. It is enough to share a link to the project (for example, hexpaste.com/WvwX04eV) so that someone else can connect to it. A simple version control system is in place - every significant change must be saved. The interface is very well implemented using AJAX, so you get the feeling that you are working in the most ordinary, but very simple program.
