 Okay, I'm working on a series that's manipulating and looking at binary data. And one main type of binary data is executables. So today, we're gonna be looking at hex editors because you can't really talk about working with binary files without talking about hex editing. And I'm by no means a professional or expert or anything with hex editors. But I know how to do some basic things that I'm gonna show you today that will hopefully help you get a basic grasp of them. We're gonna be doing all our editing in Linux, but we're gonna be manipulating both Linux and Windows binary files. Just show you this pretty much the same process either way. So go ahead and we'll list this out. And you can see we got some files. If you watched last week's tutorial, we compiled some stuff ourselves and we cross-copiled some stuff for Windows. We got main and main.exe, both of the same program. They're hello world, one is for Linux, the other one is for Windows. And we also have hello, winhello.exe, which is a, there's a very basic dialogue box for Windows that says hello world. So right now I'm gonna use, there's a bunch of hex editors out there. I'm just gonna use basic one called hex edit. So I'm gonna type hex edit and type main. But I guess before we do that, we should look at what main does. So I'm gonna do dot slash main and you can see it just says hello world. So now I'm gonna say hex edit main. And when you bring it up, you got three columns. You got your positioning over here. And then you got your hex code in the middle. And then off to the right here, you have your column of your ASCII characters. So right now we're over here. Let's hit tab and that brings us over here. And at this point we can hit forward slash to do a search. And as we know it was hello world with a capital H. So we're just gonna type hello hit enter. And as you can see, it brought us down here and we have the string hello world. Now in this hex editor, we can modify this string, but we have to keep the length the same, at least doing it this way. So if we wanted to change the output of that program, we can easily do it here by modifying that. But again, it has to be that length or shorter, really the same length, but we'll fill in the extra with spaces. So we're gonna change hello world just to say middle X, one, two, three. And as you can see, we still have the D there. So I'm just gonna put a space to overwrite that D, but it's still the same length string. I'm gonna hit F2 to save it and control C to get out of that. So now running the same exact program, forward slash main, instead of hello world, we get hello, or metal X 1000. Again, I can go in there and same thing, tab to get over forward slash to search and I'll type in metal this time and I'll override it with Chris to affirm my name. And again, this is two characters, shorter so it's gonna hit space again to clear out that empty space and I'll hit F2, control C, forward slash main, and this time it says Christopher. So we're modifying the output. And this is a very, very basic program, but you can do this with any program that contains strings, anything that's like using a basic print F like that, which is what we use in that, you can go and modify it. And there's lots of other strings you can modify as you'll see here as we get further into this tutorial. Gonna show you what not to do going back into the same binary inside this hex editor, tab forward slash Chris. And same thing, let's say I just went, so we have two more spaces. I can go like that and we're good. It will print out Christopher 11, but if I go like that, we're one character too much now. So what's gonna happen is, it doesn't realize where the string ends. So it's gonna continue printing out until it hits another area. That's not a very good explanation, but you'll see as I hit F2 to save, control C to get out and I go dot slash main. And you can see we got Christopher 11 and then some binary garbally cook and that's the technical name, by the way. And then the colon or semi colon four. It's not good. Sometimes you'll completely corrupt a program and run it all. That's usually what will happen. Again, this is a very basic program. You could also end up combining, running into another string and that can be bad and running into other allocated areas can cause security issues if your program is that important. So keep the strings the same using this technique. So now let's flip over to Windows. So here we are on the Windows machine. We've got, I got my web browser open which is looking at the machine, my Linux machine. So I'm gonna go like this and download main.exe. So here I'm inside my terminal, CMD in that folder and I can say main.exe hello world, right? So we got hello world. Let's go back over to the Linux size. I'm gonna do, this time I'm going to edit main.exe with the hex editor. Again, the same thing you can tell it's not the same program. It's got different headers. You can see right away that this is a Windows program because they almost always say this program cannot be run in DOS mode. You know, so tab to hit over. Again, hello world, I'll just type hello. Same exact thing, metal X, one, two, three. There was space to get away from that D. F2, control C, come back over here and I am going to download that again. It is going to, if I dur out that directory now, you can see the download or the Chrome or Firefox that I'm using. It depended on one to that. So now I can say main one.exe and if I hit enter, still says hello world. This happened to me earlier. I think for some reason it's caching the file. So let me actually take the same main file. I'm gonna copy it to main two.exe. So not modifying the file. Let me do this properly, main.exe. You'll say maybe using a web server isn't always the best option for transferring files, but it's one of the easiest in this particular case. So same file, I just renamed it. And let's download it again. Main two.exe. So you can see metal X, 1,000 there. Just to show you again, what I'm gonna do is I'm gonna just delete everything in this directory. Yes, so if I dur out, there's nothing in there. And we'll actually go back and again we'll do hex edit main.exe. And just to show you I'm not messing with you that this actually does work. I'm gonna try it again. I'll go chris, man, just show I'm doing something different here. F2 to save, control C to get out. And let's look, okay. Let's download this. Hopefully it will download it properly this time. Main.exe, chris, man, there we go. Maybe the name of the file with the parentheses is throwing it off. So you can see the same process, whether it's Linux or Windows. We're going to now download our GUI. We'll save that, go here. There we are, we gave it an icon last week so I'll double click that and click run. And you can see hello world. Okay, great. Let's delete both those files. Come back over here and I'm going to go hex edit. Win hello, same thing. Again, you can tell this is a Windows program right away just by looking at this. That says as cannot be run in DOS mode. We'll hit tab, we'll hit forward slash and search for hello. And there is our string hello world. And I will again say middle X, one, two, three. I'll just put a few exclamation marks there. F2, control C, come back over here. And download that file, save, come here and this time if we run it, you can see it says middle X 1000. So now we looked at some very, very basic programs. Let's look at something a little more advanced. Okay, so now we're going to look at something a little more advanced. Instead of just a little tiny basic hello world programs, we're going to be looking at some not huge programs but larger programs. I have copied over here two executables from the Windows system. At least on the Windows XP system, if you go into the Windows system 32 folder, you should be able to find sol.exe, which is a solitaire program and Dr. Watson 32, which is a little debugging troubleshooting program that's been around for a long time. So what we're going to do here is, well, let's go over to our Windows machine and download the Watson 32. Click save and click here and run it. And as you can see, it's a basic little gooey with some output here. Let's see if we can modify some of these labels like this one that says crash dump. It says crash dump here as well. Crash dump type, crash dump, browse. So we can modify pretty much all these strings, whether it's on a label here or a button label. So let's go ahead and hit cancel on that and delete that file and head back over to Linux here. And right away I'm going to go into hex edit and we'll edit our Dr. Watson executable tab over. As you can see right away, as I said, you can tell this is a Windows program because it says it cannot be run in DOS mode. It's usually a clear sign that in a list of DLLs here, you're not going to see that too often in a Linux program. But let's say it is Ford slash dump. Okay, we found something that says dump there but I ran it again, nothing. Okay, how about we do Ford slash and we say crash? Nothing, key not found, but we know it's in there, right? Well, let's go back in there and let's just start scrolling down here. Again, this is the sort of thing you need to, you learn these little things just playing around with this sort of stuff. So we're gonna go down and as we get further down, we're gonna start seeing some strings like those there but those aren't what we're looking for. Okay, right here, right away I can see crash dump. So you can just go through and look for it this way but you notice there's a little dot in between each one so you might think, oh, okay, I'll do Ford slash C dot R dot A and hit enter. Still says string not found. It's cause those aren't really periods. They're not dots there. It's just other information. They're actually zeros in the hex code here. So we could manually go through here and actually let's do that. Let's go ahead and modify this. As we can see here, it says crash dump type. If we head back over here and we download that program. So it said there was two spots that said crash dump and if we run it, we can see that one of them right here says crash dump type and it gives you a few little, it's a which call it a radio button there. So it's labeled for the radio button. So we know it's not this one and most likely it's this one. That's not saying that there might be some place in the code that we're seeing a string that says that but we can go ahead and modify that. And again, whenever you're doing stuff like this, work on a backup of the program because if you screw something up, you just ruin the executable. But let's go ahead and say M and we gotta leave those dots in there. E, T, so I'm hitting just over each time after each letter. L, X, one, zero, zero, zero. So it's gonna say Melix 1000 type. Now you might notice right here in the type there's the little ampersand symbol and if you've ever done any, I don't know if other program languages do it but back in the day I was a visual basic programmer and that's the character that underlines like if you ever see like a string in a program on a button or something one of the letters underlined that's the symbol that tells the program to underline that character. Hope that made sense. So anyway, our string right now, our label is gonna say Melix 1000 if that is the proper spot right there. I'm going to hit F2, control C. I guess I didn't have to control C to get out of that since I just had to save it. Let's go ahead and download it again and save that and go here. And if we run it again right there we got Metal X type. Okay, let's modify something else. Let's try to find the browse button here. So there's three browse buttons here and hit cancel on that and delete that just so I don't get confused with what version I'm working with. We'll go back into the hex editor here and again you can just scroll through here and a lot of the stuff's gonna be near each other so once you start seeing stuff that looks familiar. So here we are, I can right away here see a pen to existing log file. These are obviously strings. We got dump all thread contacts. We can see our Metal X 1000 right there. And there's a browse. Okay, so we got one browse. But we don't know which one that is. We got another browse here and a third one right here. Again with ampersands in different spots. We can assume that they're going in the order that they were in the other one. So let's go ahead and change this label button. This button's label. I'm gonna say win knocks and just leave that last characters empty. Again, doing it this way. It can't be any larger than the string that's right there because that's the space allocated for it in the program. I'll hit F2, which will save it. I'll come back over here, download it, save it, run it and as you can see we still have Metal X type for that label. And we have Linux for that button there. Still does the same thing. All we did was change the label. We haven't changed how it works at all. So again, I'm gonna delete that so I don't get confused on what version I'm working with. But real quick, that's another way we can search through there. Well, I'm gonna show you two techniques that I use. Both have their pluses and minuses. Thing is Vim and Vi both can be hex editors. So what I'm gonna do is I'm going to tell it to edit this file. And actually, I don't really know if it makes a difference and we're actually not gonna edit it in here. We're just gonna be looking at it in here. But really, if you're working with binary files, just say dash B there. But I really don't know if it makes a difference. Anyway, at this point I'm gonna hit colon and I'm going to type in, I hit up because I've already typed before, but colon, percent symbol, exclamation mark, XXD. And that brings us into hex editing mode. Okay, so at this point, just like before, if I try typing in dump, or actually let's do, since we know there's only one of them in there, Linux doesn't come up. But in this case, unlike in the hex editor, I can say L.I.N.U, that should be enough. And there we go, we found it. Theoretically, we should be able to edit in here and then go back into regular mode by typing the same command as before, but with a dash R, and save it. For some reason, whenever I do that, it doesn't take. It's like the file is not modified, even though I save it. If anyone knows the answer to what I'm doing wrong, I'll actually show you, since it's not gonna make a difference, but what we wanna look at here is this position here, 8450. Just remember 8450, because now we can use that number to go back into the hex editor and edit it, if for some reason this doesn't work. But see, I should be able to go, like, let's just say, oops, first off, instead of insert, shift R for replace, I'll say B-O-B, and then I'll just do space there. So what I should be able to do is run the same command dash R, should bring me back, because if I save it in here, it corrupts the file. That I know. Reverting back like this, I should be able to write that file, and come over here, theoretically, and download, save, and that button that said Linux should say Bob now, but it doesn't, and I really have no clue why. So if someone knows, please let me know. But what do we say, 8450? Now we can go into our hex editor, Dr. Watson, tab, and I can, let's get out of the string search here. Okay, so again, this first column tells us we're positioning, so all we have to do is look for 8450. And you'll have some letters in there, because it is hex, which goes from zero through nine, then A through H, yes. Anyway, we're going to go through here, and till we see 00008450-ish, again, the columns are different lengths, so it's not going to be exact, but we should be able to find that close. So right around here, right there, there it is. So 8458, again, just because the columns are spaced differently, but that's one way you can help find that line. So now I can come in here and say Bob, I'll say Bobby, just to show you that it's different than when I typed in the other editor, F2, come over here, download it again, run it, and you can see now it says Bobby on that button. So that's one way to search using Vim, and then coming back in here again, you should be able to edit in Vim. I'm not sure why that's not working. But another little trick you can do is you can use hex dump, which is a program that just dumps the hex code to the screen, but you can use the dash capital C, and it'll give you the ask key column as well, as well as the other column for the positioning. And what we can do here is we can use a little bit of set action. Again, there's a lot of things you can play around with. These are the sort of things I teach in tutorials all the time. If you've been wondering why I teach you this sort of stuff, this is why. So what I'm doing here is I'm piping all this information into set, and then I'm taking backslash dot, so take all the dots and replace them with empty spaces. So now that we do that, we removed all those dots. Now I can use grep and search for, what did we type last, bobby? I'm gonna type bob. So there we go. Now if your search doesn't find anything at first, it might be because things are split on different lines. So that says bob right there. I'm gonna assume that's our line. What we can do now is say dash capital A1, and dash capital B1, and that'll show us the line before and after the search as well. And right there we can see, yeah, that's our bobby. And we can look at the number right here, 4850 or 4860, get into general positioning. Now I was gonna go into looking at Solitaire, but it's the same exact process, and this story's getting kind of long. So I'm gonna cut it off here, because basically we're gonna go into the about and change the author of Solitaire. So this little thing is fun to play around. You learn a little bit doing this. You can take a program and change what it says, maybe mess with a friend. And lots of times, lots of strings, labels, buttons, and other strings in a program are edible in a hex editor this way. Hex editors can do a whole lot more, a lot of it beyond my skills, but this is really fun to do. The first experience I really had of this was back in Windows, back in the late 90s, I played Doom a lot, and I found that if I saved a game, I can go into the saved game file in an hex editor. And I actually, don't quote me on this, I believe in Windows you have your editor called Edit, which is a little command line editor, text editor. I think that that can be a hex editor for small programs. Don't quote me on that. I think that's what I used. And I can go in there and like, I changed the name of the same saved game, but that was my first experience doing this sort of thing. And you know, you learn a lot of little tricks. There's a lot of tools to help you out. And again, I said VIM can be used as a hex editor. Supposedly again, if someone knows what I'm doing wrong, why it's not saving my changes, let me know. So VIM, actually obviously, hex edit. And there's another one called HTE. I think the package is called HTE. And if you just do aptitude or apt-get, and you do search, hex edit, you'll find. There's another one, WX hex edit, which is for massive hex files. And if we were to just do another one like this, hex edit, there we go, HT. Once you install the programs called HTE, another one called hex box, which is for dot net developers. I don't really know why it would make a difference, but I guess so. So there's a lot of them out there. You can Google it, but hex edit is a very common one. Should be in repositories for most distributions. Hope this wasn't too long. Hope you found it interesting. And I hope you visit my website, filmsbychrist.com. That's Chris of the K. There should be a link in the description. And also, if you enjoy these type of tutorials, be sure to become one of my patrons on patreon.com. That's patreon.com. Ford slash middle X 1000. You can help support my videos and tutorials. And also gives you a little more say on what type of videos I do. So lots of different topics I go over. And I like to hear from my patrons what they wanna see. So as always, thanks for watching. And I hope that you have a great day. And also, what did you guys do for this back? I want to do that every second. I'm gonna do that in the summer. We'll do that in the summer. We'll do a little bit of detail on that. And as we were talking before we started this interview, he's gonna touch on this lightly in this interview, but in the future, he's probably gonna go into more detail and more technical aspect of it in future talks. Sure. So, you know, what we did at this company is we used a versioning software called Subversion. If you enjoy my tutorials and would like to see more, please think about contributing to my Patreon account at patreon.com forward slash metal X 1000.