14

I was searching for how to do a reverse hexdump and found xxd mentioned. However, it does not seem to work with simply:

xxd -r hexdumpfile > binaryfile

I then compared the difference between outputs of xxd infile and hexdump infile, and found three differences:

  1. xxd output has a colon after the address
  2. xxd output has the positions in the data reversed (for example, 5a42 in hexdump output becomes 425a in xxd output)
  3. There are some extra characters after each line

I only have the hexdumped version of certain files on a server. How can I correctly get back the binary data using xxd?

Gareth
  • 19,080
tanon
  • 141

5 Answers5

10

There's no one command that I know of that will do the conversion, but it can easily be broken up into a few steps:

  1. Strip addresses from hexdump output using sed
  2. Convert into binary using xxd
  3. Endian conversion (for example, 5a42 becomes 425a) using dd

Here's the full command:

sed 's/^[0-9]*//' hexdump | xxd -r -p | dd conv=swab of=binaryfile
Tim
  • 1,613
2

Try to add -p.

xxd -r -p hexdumpfile > binaryfile
Toto
  • 19,304
Frank Xu
  • 21
1

This answer is a cross-post from https://stackoverflow.com/a/52834021/6770384

You can do the conversion in one sed command. It's sufficient to add the : after the address and change the endianness (switching ab12 to 12ab).

sed -E 's/ /: /;s/ (..)(..)/ \2\1/g;$d' dump | xxd -r

Known Bugs (see comment section)

  • A trailing null byte is added if the original file was of odd length (e.g. 1, 3, 5, 7, ..., byte long).
  • Repeating sections of the original file are not restored correctly if they were hexdumped using a *.
Socowi
  • 719
  • 4
  • 17
0

You can tell hexdump to dump it in a format xxd will accept, with a format string:

hexdump -ve '1/1 "%.2x"' mybinaryfile > mydump

This gives the same output as:

xxd -p mybinaryfile > mydump

Then you can copy and paste, or pipe the output, and convert back:

xxd -r -p mydump mybinaryfileagain

Or:

xxd -r -p < mydump > mybinaryfileagain

In the old days we used to use X/Y/Zmodem which is available in the package lrzsz which is even more efficient, but it's a bidirectional protocol so the binaries need to be running at the same and there needs to be bidirectional comms:

mkfifo /tmp/fifo-in
mkfifo /tmp/fifo-out
sz -b mybinaryfile > /tmp/fifo-out < /tmp/fifo-in
mkdir out; cd out
rz -b < /tmp/fifo-out > /tmp/fifo-in

Luckily, screen supports receiving Zmodem, so if you're in a screen session:

screen
telnet somehost

Then type Ctrl+A and : and then zmodem catch and Enter. Then inside the screen on the remote host, issue:

# sz -b mybinaryfile

Press Enter when you see the string starting with "!!!".

When you see "Transfer Complete", you may want to run reset if you want to continue the terminal session normally.

Dagelf
  • 1,060
0

You can simply use below things

  1. Get hexdump in required format

    hexdump -Cv <binary_file.bin> > binary_file.txt

-C will print data byte by byte

-v will not use * for repeated content

  1. Now you need to remove First & Last few char from binary_file.txt for each line. You can use sed command here.

  2. Now use xxd command

    xxd -r -p binary_file.txt > recover_binary_file.bin

  3. You can check md5sum of both files. It should match

    md5sum binary_file.bin

    md5sum recover_binary_file.bin

Jeegar Patel
  • 701