How do you obtain 'raw binary dump' of a file?
Solution 1
My guess:
It's most likely that "raw binary dump" actually meant a hexdump – a listing that shows each byte in the file as hexadecimal numbers, instead of (or in addition to) the byte itself.
It usually looks like this:
...
00000a0: 6d65 3233 3a6d 6564 6961 7769 6b69 2d31 me23:mediawiki-1
00000b0: 2e31 352e 312e 7461 722e 677a 3132 3a70 .15.1.tar.gz12:p
00000c0: 6965 6365 206c 656e 6774 6869 3332 3736 iece lengthi3276
00000d0: 3865 363a 7069 6563 6573 3636 3230 3ae9 8e6:pieces6620:.
00000e0: b08a 7ef8 00f8 d8b4 a53e 15e3 6bd6 e2c4 ..~......>..k...
00000f0: a7e4 1aa6 c67f 7106 cd3e 1672 decc b5c7 ......q..>.r....
0000100: 455c a86d 4751 379a f59f 3665 1e8c 128a E\.mGQ7...6e....
0000110: dec4 e670 ca0f e960 353b 48fe 3dfb c455 ...p...`5;H.=..U
0000120: f940 e102 13d6 8385 1655 4642 3e83 060b [email protected]>...
0000130: 585f d353 2ef2 07ff d9e3 aeb6 7329 2192 X_.S........s)!.
0000140: e0a9 7d75 390f 3c16 def6 d806 469e af64 ..}u9.<.....F..d
...
In which each line has a start position, 16 bytes in hex, and the same 16 bytes in "safe" form (that is, bytes between 0x20 and 0x7f shown directly, the rest replaced with .'s).
On Linux, xxd, hd, hexdump -C, or various incantations of od can be used. On Windows, a number of binary editors like hiew or HxD.
Solution 2
To answer the question that the subject of your post asks (how do you obtain a 'raw binary dump' of a file?):
File a.a has the letter 'a' followed by CR LF.
C:\Program Files\Vim\vim73
>type a.a
a
xxd -b (binary) doesn't support -ps (plain), so you get some junk (the 0000000: and the a..)
C:\Program Files\Vim\vim73
>xxd -b a.a
0000000: 01100001 00001101 00001010 a..
Here is the solution:
xxd -b a.a | sed -r "s/\d32{3,}.*//g" | sed "s/.*://" | sed "s/\d32//g"
It produces
011000010000110100001010
Below is the working.
Let's look at how 0000000: 01100001 00001101 00001010 a.. is composed. OK, so the large gap is a bunch of spaces.
C:\Program Files\Vim\vim73
>xxd -b a.a | od -tx1
0000000 30 30 30 30 30 30 30 3a 20 30 31 31 30 30 30 30
0000020 31 20 30 30 30 30 31 31 30 31 20 30 30 30 30 31
0000040 30 31 30 20 20 20 20 20 20 20 20 20 20 20 20 20
0000060 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0000100 61 2e 2e 0d 0a
0000105
I removed the long sequence of spaces and all that follows them. So it's getting there:
C:\Program Files\Vim\vim73
>xxd -b a.a | sed -r "s/\d32{3,}.*//g"
0000000: 01100001 00001101 00001010
Remove the 0s up to and including the colon, and remove any other spaces:
C:\Program Files\Vim\vim73
xxd -b a.a | sed -r "s/\d32{3,}.*//g" | sed "s/.*://"
01100001 00001101 00001010
C:\Program Files\Vim\vim73
>xxd -b a.a | sed -r "s/\d32{3,}.*//g" | sed "s/.*://" | sed "s/\d32//g"
011000010000110100001010
And so there's a solution
C:\Program Files\Vim\vim73
>xxd -b a.a | sed -r "s/\d32{3,}.*//g" | sed "s/.*://" | sed "s/\d32//g"
011000010000110100001010
xxd is available in Vim 7.x and sed is available in GnuWin32.
Solution 3
The file was simply opened in a text editor. In this case in vi, which probably was a link to Vim. Regular ASCII characters were shown. Unprintable characters were replaced by the ^@ signs.
The goal of this was to see if the file had any magic numbers in it. In this case, the file did not have any, but it contained the path to the temporary directory where the recording was made. We lucked out because that contained the name of the program in the path.
A more advanced version would be to use a hex editor, or to configure vi[m] to show the data in a different format with xxd.
Solution 4
@slhck looked at the question, containing a vi dump. Quoting part of that here:
^@^@^@^@^@^@^@^@ò½^@^@;C:\eLecta\Server\TempRecordings\U734806R4970S3962792726.el8¢s³wÕs³w^@^@^@^@è(D
On Windows, get a binary dump with HxD. Or you might just try to open the file in Notepad. Similar applies to *nix systems.
Related videos on Youtube
12 : 43
01 : 54 : 59
34 : 08
21 : 28
15 : 01
Shashank Sabniveesu
Updated on September 18, 2022Comments
-
Shashank Sabniveesu almost 2 years
I came through it in a question - What in the world is a .el8 file?. I am curious how @slhck determined that the file in question was pointing to the software - eLecta
-
Daniel Andersson almost 11 years"eLecta" appears in cleartext in the last line of the file contents posted. Taking that small part of information and searching pointed towards existing software. It probably wasn't technically more elaborate than that, but being able to use the available information to one's advantage is a highly important skill in itself :-) . "Binary dump" in this case should thus only point towards the raw contents that the poster said was shown in Vim.
-
Daniel R Hicks almost 11 yearsGet any one of several "hex dump" or "hex browser" apps. I'm quite fond of (the free) "Hex Editor Neo" from hhdsoftware.com (on Windows).
-
-
slhck almost 11 yearsI admit I used the wrong vocabulary there. Binary would have been something completely different. -
barlop almost 11 yearsI guess you know but just to be clear, it looks like od doesn't display binary
