On most Unix-like operating systems, the xxd command helps users read a file as its hexadecimal values. The ASCII representation of the files is also shown, and users can edit them as necessary.
The command was first developed in 1990 by Juergen Weigert and has been a valuable part of Linux-based systems since.
Even programmers don’t work with their code on the bits-and-bytes level – at least not daily. However, there are easy ways to use the xxd hex dumper to explore files at that level if required.
We’ll walk you through using the hex dumper in this post.
What Are Hex Dumpers?
A hex dumper is a program that “dumps” the contents of a file in hexadecimal form. Numbers in the hexadecimal form have sixteen characters. The letters from A to F represent the numbers 10 to 15.
Using a hex dumper is much easier than reading binary. Plus, the code can represent four bits without any trouble. Writing hex is also easier than writing binary since you circumvent having to write long series of zeroes and ones.
If you’ve ever used Photoshop or any type of design software, there’s a good chance you’ve used hexadecimal numbers to pick the colors you want to use. The hex values involved start with a “#” character.
What is xxd?
xxd is a program that receives a standard input or file as the input and returns a hex dump with either EBCDIC or ASCII characters. The program also accepts a formatted hex dump as input and converts it to binary. In other words, you can edit or patch binary files with it.
The program is rarely shipped as a part of a Linux distro. However, it is available in the Vim editor for those needing it, and it is shipped with almost all Linux distros.
If your machine doesn’t have Vim, you can install it with your machine’s package manager. Using xxd is as simple as writing:
The program prints out the line numbers, human-readable strings, and binary contents (in hexadecimal form) in sets of columns. You can also use the program on text files if you have an ASCII chart.
Binary files also tend to have strings, and you can investigate these strings with a text editor. Most times, the file you examine with xxd will be binary.
These files tend to have rubbish text, but at the beginning of a file, you might find details such as the file type and how it was created.
Syntax of xxd
You can use parameters or their corresponding options to specify how you want the xxd program to work.
To check the manual of the command or check the version of xxd, you would type:
|xxd [-h | -help] [-v | -version]
Creating a hex dump is as simple as running:
|xxd [options] [infile [outfile]]
You can also transform a hex dump into binary using:
|xxd [-r | -revert] [options] [infile [outfile]]
Here’s a convenient table of all the parameters, options, and their respective functions that you can utilize:
|A single asterisk character replaces any null lines in the file.
|It changes the output from a hex dump to bits. Using this option will result in outputs in octets, eight digits of zeroes and ones. Every line is preceded by a line number in hexadecimal form and an ASCII output after the number. You cannot use the -r, -i, and -p options if you use this option.
|It formats the output octets according to the number of <cols> you define. If you use no display switches, the format defaults to 16 octets. The option allows a maximum of 256 octets. If used in conjunction with the -ps option, the maximum limit doesn’t apply, and using “0” leads to a long, single-line output.
|Capitalizes variable names in C
|Alters character encoding in the right column from ASCII to EBCDIC. The hexadecimal values are unchanged. While it can be used with -r, -i, and -p, it has no effect in these combinations.
|This option instructs Vim to treat byte groups as words in little-endian byte order. So, in effect, the option changes the output to a little-endian hex dump. You can change the default 4-byte grouping with -g. Note that the option only changes the hex dump, and any ASCII/EBCDIC values remain unchanged. The -r, -i, and -p options won’t work with this option.
|If you want to output to be grouped in sizes of <bytes>, use this option. If you specify 0 bytes, no grouping will be done. By default, the option is set to 2, but if you use bits mode, it’s 1 and 4 in little-endian mode. You cannot use grouping with postscript and include style.
|Returns a summary of available commands.
|Forces the output of the “C” option to return with file style information.
|Stops the program after writing <len> objects.
|Puts an offset of value <offset> when displaying file position.
|Returns the output in plain hex dump style, also called the postscript continuous hex dump style.
|With this option, you can patch a hex dump into binary. If xxd isn’t writing to stdout, it will write into the output file without any truncation. You can use -r and -p to get plain hex dumps without line numbers and the column layout. Note that line breaks and whitespace is allowed anywhere in the output.
|It is typically used after the -r option to add an offset to the hex dump.
|It starts the output after the number of bytes defined in <seek>. The plus sign indicates that the seek is relative to the current stdin file position, making it meaningless to use if xxd is not reading from stdin. The minus sign indicates that the seek has to be the specified number of characters from the end of the input. The two signs can be combined to indicate that the seek needs to begin before the current file position. Not using this option leads to xxd starting the output at the current file position.
|Forces the program to use uppercase hex letters.
|Outputs the version string.
xxd Exit Status
The program uses five return codes:
|Issues with input
|Issues with output
|Unreachable seek position
xxd is considered the standard program to rely on to work with different types of files on a Linux machine. With this guide, you can explore and make changes to these files without hassle.