Hiew Hex Editor
lock.cmpxchg8b.comIf you like scripting, you can use my HEM extension to write more stuff in Python:
- https://github.com/0xeb/pyhiew/tree/main/bin/pyhiew - https://github.com/0xeb/pyhiew/tree/main/bin/pyhiew - https://0xeb.wordpress.com/2010/08/21/introducing-pyhiew/
In the end of the 90s I was 11-12 years old and used this to crack a copy of the video game SiN. I didn't really know what I was doing, but followed random tutorials for generic game cracking. They guided me through the w32dasm disassember, finding code referencing the "input your cd key" string, finding related jmps jumping to this part of the code, noting the address, opening up the executable in hiew and mulling them out.
It worked! I thought I was a genius. Now I'm amazed how I almost randomly got it right.
There's a clone of Hiew called HT
It's packaged for many Linux distros, and is on Homebrew
brew install ht
The official repo moved to Github in 2014: https://github.com/sebastianbiallas/ht
And last commit was December 2016.
Hiew is peak ergonomics, kinda like good orthodox file managers (FAR Manager/Total Commander). Hiew's color scheme is, obviously, Norton Commander's as well :-) One of the few Windows applications that make me keep a Windows VM.
Hiew is not free. Biew is a similar-looking cross platform hex editor which got renamed to beye (Binary Eye).
Nothin' wrong with paying for software that is worth it.
Nothin' wrong with recreating one's favorite feature of paid software as well.
Your work is valueless, mine is priceless.
I had been using Hiew in early 90th on MS-DOS and OS/2. Unfortunately it's still MS-DOS/Windows only thing.
I now use ImHex after looking for years for a good one. It has a pattern language to provide highlighting.
For macOS users, there's also native app Hex Fiend (open source) which also has a pattern language.
HN discussion: https://news.ycombinator.com/item?id=2072899
And if you don't mind paying, there's also "Synalyze It", which allows you to build the pattern language via the GUI:
I just found out about ImHex yesterday when I was trying to work out a save game format for an hold retro game. For my very basic needs it was great, and the diffing took came in very handy. Would be keen to see if I could make a pattern for the save game format somehow. Will be something I have to look into.
I may take a look at it again.
I tried it a few years ago as a free alternative to 010editor and it was a bit unstable. But I see it is under active development, so maybe the issues have been fixed.
ImHex has so many features. Very useful for ROM hacking, as it can display custom text table mappings. I haven't even looked into patterns and other features yet.
One small related thread:
Hiew (Hacker's view) - https://news.ycombinator.com/item?id=18898214 - Jan 2019 (1 comment)
I have done several binary analyses as a hobby and never heard of Hiew and clones, how can I?!
(I tend to start with a standalone Python script which gets gradually customized over time. I don't even use a hex editor myself, and I just used xxd if I did really need hexdump for initial explorations. Of course I would comment that xxd output heavily in my editor, and that seems the best moment to use Hiew and clones.)
Is there an easy way to use that DOS style font on Linux in something like Midnight Commander viewer or neovim?
I like that font for binary files, it's more distinct than having a bunch of ? symbols for bytes 0-31.
For displaying 0-31 in programs and scripts of my own, I add 64 and display that in inverse video.
The resulting glyph is the letter from the matching CTRL or ^ notation for that byte, but in a single character cell, and still distinct from a byte containing that letter.
So for instance, a NUL is value 0, which is CTRL+@ or ^@
But displaying ^@ screws up formatting, and displaying @ collides with byte value 64. Inverse video @ solves both, and doesn't need any special font. I do the same for DEL which is 127 displayed as inverse ?, but the ? is meaningful and adheres to the same rule because it's literally ^? not a placeholder for "no glyph" or "non-printing control byte"
Doesn't help you with configuring an editor but just describing a way to display those undisplayable bytes in a way that is actually meaningful & unambiguous and without caring what the font or even terminal type is. (ei: works the same in BASIC on a TRS-80 Model 100 or in bash on a xterm, or in c on windows, etc).
Unicode control pictures [1] are yet another alternative if you have a reasonable Unicode font and care more about reproducibility (e.g. formats can't be copied and pasted easily). In fact, monospace fonts with control pictures represented by those inverted glyphs would be the best of both worlds! There is no reason that their reference glyphs should be exactly replicated, after all.
I'd prefer that font, since it's succinct and expressive. Each byte from 0-31 just has a unique symbol.
Here is an example of the font: https://int10h.org/oldschool-pc-fonts/fontlist/font?ibm_vga_...
But simply switching to that font in something like Konsole doesn't seem to be enough.
I know what the font looks like, and I already said this doesn't help with configuring an editor. I wasn't trying to tell you to do anything or not do anything.
Another approach on many terminals would be to add 96 and use the DEC special charset. https://en.wikipedia.org/wiki/DEC_Special_Graphics
So is there a way to use the IMB style font, or it's impossible?
It's a font. Lots of programs can use fonts.
If you want to change your terminal so that it prints a character instead of moving the cursor when it sees \r, good luck.
LOL, shout out to SEN - I used his tool, Hiew back in 1994 for the first time. Good times.
P.S. I still use it from time to time - it has a nice built-in assembler for x86/x86-x64.
I love Dexter! <3
Everything Hiew can do, Rizin[1] can do too, and is completely free and open source[2] under LGPL3 license. Moreover, it supports more architectures, platforms, and file formats, as well as GUI in Qt - Cutter[3][4]. If something is missing in Rizin but presented in Hiew, please let us know by opening the issue with details.
[1] https://rizin.re
Other stuff you might be interested in
- Ghidra SRE (https://ghidra-sre.org/) from NSA
- https://x64dbg.com/ (spiritual successor of OllyDbg for Windows)
- https://github.com/eteran/edb-debugger (spiritual successor of OllyDbg for Linux)
- https://github.com/ReFirmLabs/binwalk
- https://github.com/kentavv/binary_viewer (spiritual successor of Cantor Dust)
- https://dogbolt.org/ (decompiler explorer)
Not free, but from a small family-owned business - the classical hex editor used for reverse engineering by your favorite three letter agency:
010 Editor
Thank you for mentioning this. I’ve had the most success with 010 Editor for find-and-replace across very large binaries and text files (100MB - 4GB). It seems much more performant than other text editors, much more than even favorite ones close to my heart like Sublime.
I've been looking for something like this.
Says not a three letter agency ;)
thanks for the links! especially the spiritual successor of Cantor Dust ;p
Does Rizin have a straight-up console hex editor? It looks great for reversing executables, but sometimes I just want to edit some binary data.
Yes, for example, `p` commands for printing and `w` commands for writing, visual hex editor (`VP`), and bit-level editor modes. There is room for improvement, but I already used it to reverse unknown firmware formats, so it's usable in that regard.
You can even explore various histograms with `p=?` and `p==?` commands (they will print help for these).
That sounds very promising, thanks!
I didn't realize radare2 had been forked to rizin. Haven't played around with it for a while.
I must say I am impressed with how far Cutter had come. I will need to try it out again. I am partial to BinaryNinja because it is written by folks I was colleagues with.
Is there x86-x64 assembler? If so, I would have put that on the front page...
Sorry for the late answer. Yes, there is. We hoped a Keystone-based[1] plugin would be a better alternative since it's based on the LLVM code, but the project looks abandoned now[2].
This is my found of the day!
Thank you!
Very excited to give this a try!
Except demanding political allegiance to its ‘license’.