> >

 The best free hex editors (hex). Installing Free Hex Editor Neo

After the end of the series of articles “Best pentester tools”, the editorial office received a lot of letters with a request to make a selection of hex editors. Of course, of interest is not the ability to edit binary data, but additional features like automatic recognition of data structures and code disassembly. To make an overview, we found out the opinions of people who often have to tinker with such tools - virus analysts. And here's what they told us.

Any hex editor allows you to explore and modify a file at a low level, operating with bits and bytes. The contents of the file are presented in hexadecimal form. This is the basic functionality. However, some editors offer users much more, allowing them to figure out, in fact, what is what in that incomprehensible set of characters that appears when a file is opened. To do this, ASCII and Unicode strings are automatically extracted, known patterns are searched, basic data structures are recognized, and much more. There are quite a few hex editors, but if we decide to consider them in the context of malware samples, it is easy to highlight some of them. Only a few are really useful for analyzing malicious code and examining infected documents (say, PDF).

McAfee FileInsight

FileInsight is a free hex editor for Windows from McAfee Labs. The product, of course, performs all the standard functionality associated with such software, offering a convenient interface for viewing and editing files in hexadecimal and text modes. But this is only a drop in the ocean, if you look at all its functionality. It’s worth starting with the fact that FileInsight is able to parse the structure of executable binaries for Windows (PE files), as well as OLE objects Microsoft office. Not only that, the user is offered a built-in x86 disassembler. It is enough to select the part of the file that you want to view as readable code, and FileInsight will show this fragment as a listing of assembler instructions. The disassembler is especially useful when looking for shellcode in malicious files. Other options that reversers will love is the ability to import structure declarations. To do this, the program just needs to specify a header file with declarations like:

struct ANIHeader(
DWORD cbSizeOf; // Num bytes in AniHeader
DWORD cFrames; // Number of unique Icons
DWORD cSteps; // Number of Blits
};

In this case, the program itself will parse such constructions. However, many intuitive algorithms for code processing are offered by default. First of all, we are talking about decoding many obfuscation methods (xor, add, shift, Base64, etc.) - built-in scripts click such cryptoprotection once or twice. Here it should be noted that the object of research does not have to be a binary, it can be an ordinary web page that arouses suspicion. The program allows you to automate many actions using simple JavaScript scripts or Python modules, which have already been written a lot. Alas, with all its advantages, FileInsight also has a serious drawback, which is expressed in the inability to process large files. For example, if you try to feed the utility a file of 400-500 MB, the error “Failed to open document” crashes.

Hex Editor Neo

There are two versions of this hex editor from HDD Software - a simple free version and an advanced commercial version. The freeware version is a solid, but unremarkable HEX editor that has a cool customizable interface with support for various color schemes. No more. But the professional version of Hex Editor Neo provides several useful options that can be extremely useful when analyzing binaries. For example, the user gets the ability to decode code encrypted using the most common algorithms. In addition, it becomes possible to view and edit local resources such as NTFS streams, local drives, process memory, and RAM. In the full version there is also support for a scripting language that allows you to automate many processes using scripts in VBScript and JavaScript. But the best part is that you have a built-in disassembler that works with x86, x64, and .NET binaries! Another feature - quick creation patches based on comparing two binaries. Sounds impressive, but is it better than FileInsight? Probably not. FileInsight looks more functional overall. On the other hand, even the free version of Hex Editor Neo works great even with very large files and allows you to search for ASCII and Unicode strings. The disassembler here is not limited to the x86 platform only, and the built-in resource editor is very convenient. There is something to think about.

FlexHex

FlexHex is a powerful commercial hex editor from Heaventools Software that includes many of the features available in Hex Editor Neo. The only thing that is not here is, perhaps, support for scripts. But this full-featured editor handles binaries, OLE files, physical disks, and alternative NTFS streams equally well. The latter is especially important because FlexHex allows you to edit data that other editors might not even see. In addition, you immediately feel the focus on working with large amounts of information: no matter how large the file is, navigation through it is carried out without any lags and brakes. For even more convenience, there is a system of convenient bookmarks. At the same time, FlexHex continuously keeps a history of all operations - you can undo any action by simply selecting it from the list of changes (undo-list is not limited)! FlexHex supports all the necessary operations with binary data, searching for ASCII and Unicode strings. If you need to process a structure with a previously known format, it will not be difficult to set its parameters using special tools. As a result, we get an excellent hex editor, but still much inferior to the same FileInsight. The only noteworthy option is the processing of OLE files, but there are problems here too. Several times when trying to open an infected OLE, the program crashed with the error "The docfile has been corrupted".

010 editor

010 Editor is a famous commercial product developed by SweetScape Software. If you compare it with the previous three tools, then it can do everything: it supports working with very large files, provides cool data manipulation capabilities, allows you to edit local resources, has a scripting system to automate routine actions (more than 140 different functions at your service). And 010 Editor has a zest, a unique feature. The editor makes everyone happy thanks to the ability to parse various file formats using its own template library (so-called Binary Templates). Here he has no equal. Many enthusiasts around the world work on templates, hammering various format and data structures. As a result, the process of navigating through various file formats becomes transparent and understandable. This also applies to the processing of Windows binaries (PE files), Windows shortcut files (LNK), Zip archives, Java class files, and much more. The whole charm of this feature was realized by many people when the well-known security specialist Didier Stevens created a template for parsing PDF files for 010 Editor. Together with other utilities, this greatly simplifies the analysis of infected PDF documents, which for the past six months have never ceased to amaze with the number of places where the reader can be used. We add here a cool tool for comparing binaries, a calculator with a C-like syntax, converting data between ASCII, EBCDIC, Unicode formats, and we get a very attractive tool with unique features.

Hiew

Hiew, in terms of distribution method, is not much different from its colleagues - it is also a commercial product that was developed by our compatriot Evgeny Suslikov. With a long history, the program has become a favorite among many information security. There are quite obvious reasons for this - powerful opportunities for research and editing of structure and content. executable files both Windows (PE) and binaries for Linux (ELF). Another very useful feature for reversing is the built-in x86-64 assembler and disassembler. The latter even supports ARM instructions. Needless to say, the editor perfectly digests large files and allows you to edit logical and physical drives. Many tasks are easily automated through a system of keyboard macros, scripts, and even an API for developing extensions (Hiew Extrenal Modules). But before you rush into battle, keep in mind that the Hiew interface is a DOS-like window, which is quite inconvenient to work with out of habit. But you can feel for yourself all the charm of the old school.

radar

Radare is a set free utilities for the Unix platform, which provide cool options for editing files in HEX mode. It includes the hex editor itself (radare) with the ability to open local and deleted files. The program analyzes executable files of various formats, both Linux (ELF) and Windows (PE). In addition to editing, Radare has a tool for comparing binary files (radiff) and a built-in assembler/disassembler. And personally, a tool for generating shellcodes (rasc) came in handy a couple of times. Any operations can be easily automated and customized using a scripting system. Of the minuses, again, we can note the lack of a GUI interface - all actions are carried out from command line, and it will be possible to fully work with the utilities only after reading the documentation. On the other hand, the site has visual screencasts that demonstrate both the main points and small secrets (like connecting a Python plugin).

So what to choose?

We have covered several powerful hex editors that include useful options for analyzing suspicious files. Of all the products, FileInsight stands out, which, for all its functionality (and it is really impressive), remains free. 010 Editor provides a large number of templates to process the most different files, including PDF documents. This is a mega-chip that should not be neglected. These are the two editors I use all the time; for the work of an analyst, perhaps, they are best suited. If we talk about working under the Unix platform, then, of course, we should not forget about Radare. The package offers very powerful features, although it is difficult to use due to the fact that it works from the command line. Hiew is also not very friendly, although its capabilities certainly allow you to perform a variety of operations with binaries. Besides, Hiew is a choice a large number real pros, and this is worth a lot (and means a lot). As for Hex Editor Neo, you should take it into service if you are interested in the ability to disassemble x86, x64 and .NET code.

A HEX editor is a program that can display information the way a computer "sees" it, but converting it to hexadecimal. Opening any file in such an application, the user will see a matrix consisting of columns and rows, the number of which depends on the size of the file in question. Therefore, if you change the byte values ​​in the editor, the contents of the open document will also change.

A bit of theory

Any data is stored in the PC memory in the form of machine words, otherwise - bytes. Each includes 8 bits (binary digits that take on the value of either "0" or "1"). By mathematical calculations, you can understand that a number in the range from 0 to 255 can be written in one byte. If you convert 255 to hexadecimal, it will be converted to FF. That is, to display any machine word, it is very convenient to use the hexadecimal representation. Hence the name of the group of programs - hex editor.

Main elements of programs

In addition to the matrix described above, there may be other means in the interface of the presented group of applications:

  • Line numbering. Usually located on the left side of the application. Shows the offset of the first byte of the string relative to the beginning of the file.
  • At the top there is often a similar strip of numbers showing the byte offset of the relative left value in the line. By adding the values ​​of the strings, you can get the number of each byte.
  • The right area can display the same data as in the table, but in the form of user text).

McAfee FileInsight

This HEX editor is absolutely free. Works only in operating systems Windows families. The product has all the gentleman's set, such as viewing and editing a file. At the same time, the program has a pleasant and convenient interface.

But the standard features are the minimum for which FileInsight can be used. What is the maximum? You need to start with the ability to parse the structures of executable files. Is this not enough? Any selected fragment can be disassembled on the fly. One click - and incomprehensible numbers become a readable listing.

Among other things, this HEX editor provides many code processing algorithms to bypass the built-in protection by developers. First of all, you need to pay attention to the decoding of obfuscation methods such as add, xor, Base64, shift. The scripts that the application comes with break such crypto protection with ease. Most of the actions can be automated by writing simple scripts in JS or Python. Sometimes it is not required to create anything new, because the base of these is impressive.

Although FileInsight is considered one of the best tools for reverse engineering, the program also has a huge drawback - the inability to process files larger than 400 MB.

Hex Editor Neo

This HEX editor is distributed in two versions: free and advanced. A product with a freeware license is of high quality, but unremarkable. Of the features, you can highlight the wide settings of the interface and color schemes. The professional version provides more useful features that are especially relevant during analysis

For example, the user is provided with the ability to decode programs encrypted with common algorithms. In addition to this, there are functions that allow you to edit local resources (RAM, NTFS streams, hard drives). Process automation is implemented using VBS and JS scripts.

However, most main feature The program is a disassembler that can work with x64, x86 and .NET files. Another feature not provided by competitors is the creation of a patch based on a comparison of two binary executables. Certainly impressive, but when compared to FileInsight, Neo still loses. However, NEO can handle large files.

Hiew

The Hiew HEX editor does not have free version. A team from Russia is engaged in development. The product begins its history since the days of 16-bit applications for DOS and Windows 3.1. Hiew is often used by professionals involved in computer and information security issues. The reasons are clear: the whole range of possibilities for editing and viewing executable binary Windows files, as well as compiled Linux programs(ELF).

Another notable feature to aid in reverse engineering is Hiew's built-in disassembler and assembler. Moreover, they work with both x86 and x86_64 applications, processor instructions are also supported. The editor copes with large files without any difficulties, allows you to perform low-level data changes on physical HDDs.

A large number of actions can be automated. To do this, programmers have built in the ability to create scripts, keyboard macros and API functions that are used to call internal procedures from external applications. But Hiew still did not reach the unconditional victory in the field of hexadecimal editors. Its interface is completely made in the style of DOS, and it is engaged in drawing windows (or the console, if we talk about Linux systems).

Like Windows notepad. Moreover, if you open the binary text editor and save it to disk, then, in most cases, such a file will be damaged and will not start. To make correct edits, you must use hexadecimal editors (hex), which are sometimes also called binary editors.

Most ordinary users, it is unlikely that there will be tasks or needs for using hex editors. However, for tech-savvy users, such editors can be indispensable tools.

Note: As a fact, but at one time, in order to edit the standard asp.net 1.1 installers, it was necessary to correct the binary code. For example, in order to make one of the controls a field for entering a password.

This review contains some of the best free hex editors for different needs.

Overview of Free Hex Editors

There are several excellent free hex editors available, ranging from small and simple to complex products that are comparable to commercial solutions. However, the category of hex editors is one of those categories where personal needs and preferences are so important that comparing products is not only difficult but pointless. Therefore, do not assume that the products are arranged in descending order.

HxD great hex editor

One of the best utilities for binary editing is . Firstly, the program is portable and does not need to be installed, which is especially important if you often need to edit executable files. Second, it has a nice interface. Thirdly, HxD handles large files without delays and "screen fading". In addition, add to this the possibility of unlimited revision history, fast search and replace, binary file comparison, full support for ANSI, DOS/IBM-ASCII and EBCDIC. And a dozen more possibilities, some of which will be listed below. HxD also allows you to edit not only the disk, but also the RAM. As a fact, but such a set of features makes the program a dangerous toy in the hands of novice users. In addition, security applications may also react to its actions, but experienced users understand that this is due to the specifics of accessing data and using potentially dangerous functions.

In general, HxD is great for those who often deal with various binary code.

Other features and characteristics:

  • Secure access to files used by other programs
  • Checksum Generator: Checksum, CRCs, Custom CRC, SHA-1, SHA-512, MD5, ...
  • Export data to various formats
  • Inserting Code Templates
  • Ability to securely delete files.
  • Splitting or merging files
  • Different types of groupings in columns (1,2,4,8,16 bytes)
  • Highlighting Changed Data
  • Quick jump to address
  • Support for copying clipboard data from other programs: Visual Studio/Visual C++, WinHex, HexWorkshop, ...
  • Bookmarks
  • And much more...

Hex-editor Hexplorer analogue of HxD with the ability to view images, when analyzing steganography

Another great hex editor is the open source code. The program has a number of unique features that make it a powerful binary image editor. This means that you can take a look at everything. graphic files not only in terms of their visual representation, but also in terms of their binary code. Of course, it is difficult to imagine editing pictures in hexadecimal form in Everyday life. However, it can be used for purposes such as steganography.

In general, Heexplorer is suitable not only for those who often edit binary code, but also for those who use non-standard ways to use binary code.

Main features and characteristics:

  • Six interface color schemes for various tasks.
  • Unlimited command history
  • x86 disassembler
  • Import and export to 20 different binary file formats, including Intel Hex, Motorola S-Record, Atmel standard, etc.
  • Ability to find repeating patterns in data
  • Viewing images
  • Filtering text from binary data
  • Boyer-Moore search algorithm
  • Quick navigation to addresses
  • Allows you to create structures of simple data types, such as integers or floating point numbers
  • Pseudo-random number generator
  • Allows you to record macros (scripts) to automate tasks

Other hex editors

There are other hex editors that also deserve attention and may come in handy.

XVI32 hex editor simple and convenient

XVI32 is a free hexadecimal editor whose name comes from the Roman numeral XVI (16).

  • Supports scripts to automate tasks.
  • Pattern search
  • ASCII/ANSI
  • Character conversion based on user definitions
  • Writing individual blocks to a file
  • And other possibilities...
  • Stores open file in memory, so there will be problems with large files.
  • As such, there is no command history. This means that all changes made are made "as is" and you will have to write them down or memorize them.

Supports Windows 9x/NT/2000/XP/Vista/7

Hex editor HexEdit with specialized calculator

HexEdit is another free binary editor from MiTeC.

  • No need to install (portable)
  • Editor random access memory and disk
  • Specialized Calculator
  • Can compare files
  • Can flush data from RAM to disk (create a dump)
  • And others...
  • Stores open files in memory

Supports Windows 2000 - Windows 7

Cygnus Free simple hex editor

Cygnus Free is a free hex editor which is one of the old version of the commercial editor. Therefore functionality is limited.

  • Fast and easy to use
  • Quick search and replace
  • drag & drop
  • And other possibilities...
  • Stores an open file in RAM with all the ensuing problems
  • There is no technical support for the free version.
  • Trimmed for functionality

Supports Windows

Quick Selection Guide (download links for free hex editors)

HxD

Support for many languages, including Russian. Disk and RAM editor. Quickly edits large files. Allows you to generate checksums. Able to compare files. Able to safely delete, merge and split files.
All changes are immediately saved to disk. Therefore, before editing, always create backups files.
http://mh-nexus.de/en/hxd/
http://mh-nexus.de/en/downloads.php?product=HxD
850 KB 1.7.7.0 Unrestricted freeware Windows 95 - 7

Hexplorer

RAM and disk editor. Additional features such as Fourier transform. Viewing images. Can recognize NTFS/FAT, BMP and so on headers. Supports macros to automate tasks
Holds the open file entirely in memory, making large files difficult to edit. The default font and display settings are not well chosen.
A computer
The most interesting:
How do I perform a Turbo Boost Technology Check?
We make a wifi access point on our computer without any third-party programs Creating a wifi access point on windows 7 via the command line
keyboard warranty keyboard warranty