Sample Header Ad - 728x90

Unix & Linux Stack Exchange

Q&A for users of Linux, FreeBSD and other Unix-like operating systems

Latest Questions

713 votes
6 answers
247641 views
/usr/bin vs /usr/local/bin on Linux
filesystems binary
Why are there so many places to put a binary in Linux? There are at least these five: 1. `/bin/` 2. `/sbin/` 3. `/usr/bin/` 4. `/usr/local/bin/` 5. `/usr/local/sbin/` And on my office box, I do not have write permissions to some of these. What type of binary goes into which of these `bin`s?
Why are there so many places to put a binary in Linux? There are at least these five: 1. /bin/ 2. /sbin/ 3. /usr/bin/ 4. /usr/local/bin/ 5. /usr/local/sbin/ And on my office box, I do not have write permissions to some of these. What type of binary goes into which of these bins?
Lazer (36085 rep)
Mar 5, 2011, 05:57 PM • Last activity: May 28, 2025, 01:34 AM
1 votes
5 answers
3536 views
Grep, but for binaries
grep search binary
I've got a fragment of an image file produced by data-recovery software. I suspect the complete original is somewhere on my home fileserver. If this were a fragment of a text file, I could just grab a unique-looking fragment, run `grep -r -l -F `, and come back in a few hours for the answer. However...
I've got a fragment of an image file produced by data-recovery software. I suspect the complete original is somewhere on my home fileserver. If this were a fragment of a text file, I could just grab a unique-looking fragment, run grep -r -l -F , and come back in a few hours for the answer. However, since this is a binary file, it's got all sorts of things that grep doesn't like (such as null bytes), and even if I can get past that, I don't know how to give grep input that isn't valid UTF-8. How can I search for the original, preferably without writing my own search program? (This is not a duplicate of this question : despite the likely-sounding title, that one is about finding strings in binary files, where I'm looking for binary data in binary files.)
Mark (4665 rep)
Feb 28, 2023, 10:41 PM • Last activity: May 22, 2025, 04:01 PM
2 votes
1 answers
155 views
Unix or Linux command to compare binary files
shell command-line command diff binary
I'm looking for a command that compares binary files. Of course, I know about `diff`, but it is not very good at binaries. I have two files from a error-prone source (scratched dvd) which should be equal but aren't. (Well, realy more than two, and I get about 6 different md5sum out of 15 samples.) I...
I'm looking for a command that compares binary files. Of course, I know about diff, but it is not very good at binaries. I have two files from a error-prone source (scratched dvd) which should be equal but aren't. (Well, realy more than two, and I get about 6 different md5sum out of 15 samples.) I'm looking for a tool that lists the positions where the files differ. --- In addition to the accepted answer, xxd looks good as it can also be used to change back edited hex-files to binary.
Gyro Gearloose (455 rep)
May 9, 2025, 07:25 PM • Last activity: May 14, 2025, 05:02 PM
0 votes
0 answers
84 views
ldd not showing actual shared libraries address
linux gcc shared-library binary dynamic-linking
After having deactivated ASLR, with: `echo 0 | sudo tee /proc/sys/kernel/randomize_va_space` I used `ldd /path/to/binary` to get the address of the shared library that my binary (written in C) was using, and I got the next output : ``` linux-vdso.so.1 (0x00007ffff7fc4000) libc.so.6 => /usr/lib/libc....
After having deactivated ASLR, with: echo 0 | sudo tee /proc/sys/kernel/randomize_va_space I used ldd /path/to/binary to get the address of the shared library that my binary (written in C) was using, and I got the next output : 
linux-vdso.so.1 (0x00007ffff7fc4000)
	libc.so.6 => /usr/lib/libc.so.6 (0x00007ffff7da5000)
	/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fc6000)
The reason I did that is because I'm using [gdb-pwndbg](https://github.com/pwndbg/pwndbg) to understand how the binary is working in order to exploit it. And in order to exploit the binary i needed the libc address that the binary had in use. But after running the binary and breaking within execution, I wanted to check that things were working, so I printed out the contents of the /usr/lib/libc.so.6 address and got the following: 
pwndbg> x 0x00007ffff7da5000
0x7ffff7da5000:
That shouldn't haven been occurring. I was supposed to get : 0x7ffff7da5000: "\177ELF\002\001\001\003" Or something similar. And that is Crazy! So I remembered that I had I similar file which too needed the use of the /usr/lib/libc.so.6 address, so went to that file and ran ldd and got 0x00007ffff7daa000 as the address. And like before i printed the contents of that address within an execution break of the binary which i wanted to exploit : 
pwndbg> x 0x00007ffff7daa000
0x7ffff7daa000:	"\177ELF\002\001\001\003"
After that I was capable of use the address to exploit the binary. So i don't know what happens with that binary, even after having recompiled the binary a couple of times, it didn't have any effects. So I'm curious, or how can I fix this or prevent it?
rustymanito (35 rep)
Apr 25, 2025, 03:24 AM • Last activity: Apr 25, 2025, 11:04 PM
10 votes
5 answers
11978 views
ls or find option to exclude binary files
find ls binary
How can I list only files that aren't compiled code in the current directory? I'm reviewing the custom scripts and code on several HPUX and Linux servers before transferring them to a newer system. I get tired of seeing `PuTTYPuTTYPuTTYPuTTYPuTTY` when I encounter a file that is compiled. I would li...
How can I list only files that aren't compiled code in the current directory? I'm reviewing the custom scripts and code on several HPUX and Linux servers before transferring them to a newer system. I get tired of seeing PuTTYPuTTYPuTTYPuTTYPuTTY when I encounter a file that is compiled. I would like to sort them so that I can skip over the compiled software and come back to them at a later time.
Jeight (2669 rep)
Mar 26, 2015, 03:08 PM • Last activity: Mar 6, 2025, 12:42 PM
9 votes
2 answers
490 views
How to run a program over multiple sessions (machine off and on again)
power-management binary checkpoint
Is there a way to run a program (command line binary, no interface, no file handling) for a while and then suspend it and later start it again? 1. Start program and run for a while (e.g. specify "run for 1 hour clock time") 2. Program suspends (e.g. saves state to a file of some sort in local dir) 3...
Is there a way to run a program (command line binary, no interface, no file handling) for a while and then suspend it and later start it again? 1. Start program and run for a while (e.g. specify "run for 1 hour clock time") 2. Program suspends (e.g. saves state to a file of some sort in local dir) 3. Start again and repeat The idea is to run on a laptop on battery, without permanent power connection. It seems like something somebody may have thought of before, but I have never heard of any example.
Tomas By (191 rep)
Jan 10, 2025, 12:54 PM • Last activity: Jan 12, 2025, 12:58 AM
0 votes
3 answers
312 views
Append N hexadecimal numbers to a binary file with Bash
bash files binary write hex
I have a Bash script that appends bytes written as hexadecimal values. I use `echo` to write the bytes and it works hex="1F" byte="\x$hex" echo -en $byte >> "output.bin" At some point I need to pad the file with a byte that could be anything from `00` to `FF`. I want to specify the byte as a hex val...
I have a Bash script that appends bytes written as hexadecimal values. I use echo to write the bytes and it works hex="1F" byte="\x$hex" echo -en $byte >> "output.bin" At some point I need to pad the file with a byte that could be anything from 00 to FF. I want to specify the byte as a hex value and the total of repetitions. I tried doing this with a for loop but it just takes too long, especially since I need to add something like 65535 bytes sometimes. byte="00" total=65515 for (( i=1; i> "output.bin" done I am looking for a more performant way that does not use a for loop. At the moment I am stuck with something between printf and echo but instead of writing the values as binary it writes them as text result=$(eval printf "\x$byte%0.s" {1..$total}) echo -en $result >> "output.bin" The result in the output file is 78 30 30, which is the "x00" text, instead of 00. If I directly use echo -en "\x00" >> "output.bin", it does write one byte holding the 00 value and not the text "x00". This is where I don't know how to proceed in order to make it write the actual binary value
alexmro (3 rep)
Sep 4, 2024, 09:45 PM • Last activity: Sep 5, 2024, 12:48 PM
0 votes
2 answers
7712 views
Concatenate 2 binary strings in base64 form
linux shell command-line binary base64
I have two BASE64 encoded strings and I would like to get the BASE64 encoding of the binary concatenation of the two string using just the command line. Example: > $ echo -n "\x01\x02" |base64 AQI= > $ echo -n "\x03\x04" |base64 AwQ= > $ echo -n "\x01\x02\x03\x04" |base64 AQIDBA== So the input value...
I have two BASE64 encoded strings and I would like to get the BASE64 encoding of the binary concatenation of the two string using just the command line. Example: > $ echo -n "\x01\x02" |base64 AQI= > $ echo -n "\x03\x04" |base64 AwQ= > $ echo -n "\x01\x02\x03\x04" |base64 AQIDBA== So the input values to my problem would be AQI= and AwQ=, the desired output is AQIDBA==
mat (309 rep)
Jun 8, 2017, 12:17 PM • Last activity: Aug 20, 2024, 07:04 PM
-1 votes
2 answers
351 views
How to print out all printable ASCII strings contained in binary data?
command-line binary ascii
How can I print out all printable ASCII strings (e.g., longer than four chars) contained in a binary file?
How can I print out all printable ASCII strings (e.g., longer than four chars) contained in a binary file?
minto (575 rep)
Jun 16, 2024, 08:35 PM • Last activity: Aug 15, 2024, 01:50 AM
0 votes
1 answers
590 views
Shift the address in the hex file with Offset
compiling embedded binary hex hexdump
I want to update the hexfile start address with offset. For example, i have a hex file name **abc.hex** and start with address 0x0000 to 0xFFFF. But I want to shift the context in the hexfile to the address 0x1FFFF. How Can we do this in linux with tool like hexdump or xxd?
I want to update the hexfile start address with offset. For example, i have a hex file name **abc.hex** and start with address 0x0000 to 0xFFFF. But I want to shift the context in the hexfile to the address 0x1FFFF. How Can we do this in linux with tool like hexdump or xxd?
sagar (3 rep)
Sep 5, 2023, 08:27 AM • Last activity: May 29, 2024, 11:04 AM
11 votes
4 answers
12852 views
Editing binary streams containing '\x00' bytes
sed binary
Using just shell tools, how can a binary stream containing NULLs (0x00 chars) be edited keeping the 0x00 chars in the output stream ? The edit needs to replace a char in a specified position for another char (in the following example by the char '|'), like as: dd ibs=1 skip=$offset count=$reglen sta...
Using just shell tools, how can a binary stream containing NULLs (0x00 chars) be edited keeping the 0x00 chars in the output stream ? The edit needs to replace a char in a specified position for another char (in the following example by the char '|'), like as: dd ibs=1 skip=$offset count=$reglen status=none if=$ARQ | sed 's/./\|/2' | sed 's/./\|/5' #| more replacements.... But sed is removing all '\0x00' chars before the replacement. **EDIT - Demonstration of sed behavior in my environment using the @George Vasiliou test:** $ echo -e "lineA\nlineB\nlineC" | tr '\n' '\0' | od -t x1 0000000 6c 69 6e 65 41 00 6c 69 6e 65 42 00 6c 69 6e 65 0000020 43 00 0000022 $ echo -e "lineA\nlineB\nlineC" | tr '\n' '\0' | sed 's/./|/5' | od -t x1 0000000 6c 69 6e 65 7c 6c 69 6e 65 42 6c 69 6e 65 43 0000017 My environment is an AIX 7.1 and the sed that is there isn't the gnu version.
Luciano (1189 rep)
Feb 20, 2017, 12:18 PM • Last activity: May 9, 2024, 10:24 AM
1 votes
2 answers
1086 views
In Nix, how to make one derivation depend on another next to it?
packaging binary nix
I'm currently trying to package some closed-source software into Nix derivations. The app is distributed as a large pile of `.deb` files, and most of them contain libraries that the other parts of the app can use. To simplify, assume that `app.deb` contains the actual application, and `lib.deb` cont...
I'm currently trying to package some closed-source software into Nix derivations. The app is distributed as a large pile of .deb files, and most of them contain libraries that the other parts of the app can use. To simplify, assume that app.deb contains the actual application, and lib.deb contains a library that the app requires. Currently I have: 
# default.nix
let
  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.11 ";
  pkgs = import nixpkgs {
    config = { };
    overlays = [ ];
  };
in {
  lib = pkgs.callPackage ./lib.nix { };
  app = pkgs.callPackage ./app.nix { };
}
# lib.nix
{ lib, stdenv, autoPatchelfHook, dpkg, requireFile,
libcxx, libgcc, }:

stdenv.mkDerivation {
  pname = "myapp-lib";
  version = "1.0.0";
  src = requireFile {
    name = "lib.deb";
    sha256 = "313e8686118ccba397de0bdfca101f1053b758227fd9d3510ea78644f2450bfe";
    url = "https://softwarecorp.example/downloads ";
  };

  nativeBuildInputs = [
    dpkg
    autoPatchelfHook
  ];

  unpackPhase = "dpkg-deb -x $src .";

  buildInputs = [ libcxx libgcc ];

  installPhase = ''
    cp -r lib $out/
  '';
}
# app.nix
{ lib, stdenv, autoPatchelfHook, dpkg, requireFile,
libcxx, }:

stdenv.mkDerivation {
  pname = "myapp-bin";
  version = "1.0.0";
  src = requireFile {
    name = "app.deb";
    sha256 = "f4abbdb3f83d982569c5cd30ce5ad63ec4e49011d165e17a2c59d9a613f163b9";
    url = "https://softwarecorp.example/downloads ";
  };

  nativeBuildInputs = [
    dpkg
    autoPatchelfHook
  ];

  unpackPhase = "dpkg-deb -x $src .";

  buildInputs = [ libcxx ];

  installPhase = ''
    cp -r bin $out/
  '';

  runtimeDependencies = [ myapp-lib ];  # <-- how to do this?
}
The lib derivation builds on its own, and now I want to add the things it contains to the app derivation. I can't just add it to the regular list of package dependencies at the top of the file. I'd also like to avoid submitting the package to nixpkgs at this time, because I'm not sure I'll be able to package the app fully, and I don't want to become its maintainer before I know it can be done. Alternatively, are there any good patterns for packaging closed-source software like this that would avoid needing to make lots of derivations? From what I can tell, the libraries here all have the same version, and are never used anywhere else in the company's products, so building a single derivation could be acceptable here.
Danya02 (141 rep)
Mar 16, 2024, 09:12 PM • Last activity: Mar 19, 2024, 01:13 AM
0 votes
1 answers
124 views
How to view the existing files of a drive binary copy?
dd binary
**Greetings** I've been recently studying the concepts of compression and copying in Linux. When I've been introduced to the [``dd``](https://ioflood.com/blog/dd-linux-command/#:~:text=The%20'dd'%20command%20reads%20input,tasks%20such%20as%20copying%20disks.&text=In%20this%20example%2C%20'dd'%20read...
**Greetings** I've been recently studying the concepts of compression and copying in Linux. When I've been introduced to the [`dd`](https://ioflood.com/blog/dd-linux-command/#:~:text=The%20 'dd'%20command%20reads%20input,tasks%20such%20as%20copying%20disks.&text=In%20this%20example%2C%20'dd'%20reads%20from%20'input.) command, I have found it quite useful, so as an exercise, I bit-by-bit copied my fat32 thumb drive into a file. What I've been naively expecting was the ability to directly access the files inside the thumb drive, which is not possible after a bit-by-bit copy, indicating the actuality that the `dd` command might be only useful for generating [**iso**](https://en.wikipedia.org/wiki/Optical_disc_image) images for a file system. I'm currently looking for a command that makes reading the files from a bit-by-bit copy possible, does such a command exists?
KhodeNima (111 rep)
Mar 18, 2024, 07:18 AM • Last activity: Mar 18, 2024, 10:00 AM
0 votes
1 answers
149 views
Detecting used API calls for an application
security c++ binary
I need to run a proprietary C++ application under Linux and I need to understand if it contains any functions outside advertised features. Is there a way to list all the API calls that the application makes granted it doesn't use Linux syscalls and only uses standard stdc++ functions? A similar [que...
I need to run a proprietary C++ application under Linux and I need to understand if it contains any functions outside advertised features. Is there a way to list all the API calls that the application makes granted it doesn't use Linux syscalls and only uses standard stdc++ functions? A similar question was asked almost a decade ago and the answer isn't satisfactory to me at all. I need something completely automated.
Artem S. Tashkinov (32730 rep)
Feb 13, 2024, 06:03 PM • Last activity: Feb 13, 2024, 07:21 PM
3 votes
1 answers
788 views
Circular dependency issues
binary deb
Do some .deb binary files need each other to be installed and removed? If so, how do you get around this? What I observed was that I wanted to install Kodi on an offline PC, but I got stuck with installing the .deb for kodi-x11 requiring kodi-bin, and vice versa trying the other .deb. I had to take...
Do some .deb binary files need each other to be installed and removed? If so, how do you get around this? What I observed was that I wanted to install Kodi on an offline PC, but I got stuck with installing the .deb for kodi-x11 requiring kodi-bin, and vice versa trying the other .deb. I had to take the PC somewhere with internet and use the package installer, I selected Kodi-bin or kodi-x11 and I noticed the package manager installed kodi-x11 or kodi-bin at the same time. If I try to uninstall one, it will say it can’t due to dependency problems siting the other. If I wanted to could I uninstall/install both simultaneously? Thanks
1toneboy (465 rep)
Jan 16, 2024, 11:53 AM • Last activity: Jan 16, 2024, 01:17 PM
0 votes
0 answers
27 views
Directly Replacing Text in Binary File
bash sed grep binary
I have a compiled executable (binary) file - `mybin` - which `grep` indicates contains a positive match with a given text string - `Cats`. ```sh grep "Cats" mybin Binary file mybin matches ``` If I use the `-a` flag with `grep`, I can now see the actual match: ```sh grep -a "File" mybin (QString)Cat...
I have a compiled executable (binary) file - mybin - which grep indicates contains a positive match with a given text string - Cats. 
grep "Cats" mybin
Binary file mybin matches
If I use the -a flag with grep, I can now see the actual match: 
grep -a "File" mybin
 (QString)Cats
Just to be clear, this is not a plain text string within the binary file i.e. I cannot see it if I open the file with a text editor. What I want to do is replace occurrences of the string Cats within the binary file with the string Bear and keep the executable as a working executable. How do I do this without changing it in the source code and recompiling the binary? Is such an operation even possible without corrupting the executable file and its operation? If it is possible: 1. How would do I do it? 2. Are there any pitfalls I need to be aware of, for example the replacement string must be the same length as the original string (e.g. Cats -> Bear is ok but Cats -> Dragons is not). Any help would be greatly appreciated.
Mark (101 rep)
Jan 15, 2024, 12:22 PM • Last activity: Jan 15, 2024, 01:23 PM
0 votes
0 answers
119 views
Running Linux commands execute hidden command to regenerate Backdoor
linux bash monitoring editors binary
My CentOS server compromised, the backdoor uploaded in /var/www/html/, I have deleted the backdoor and browsed the backdoor - to be sure it's deleted - it's surly deleted, but when I run any command such as "ls", "ps"... in any dictionary, the backdoor file generated again. I noticed the files /usr/...
My CentOS server compromised, the backdoor uploaded in /var/www/html/, I have deleted the backdoor and browsed the backdoor - to be sure it's deleted - it's surly deleted, but when I run any command such as "ls", "ps"... in any dictionary, the backdoor file generated again. I noticed the files /usr/bin/ls , /usr/bin/ps ... has been modified in the same day of the attack. After long auditing by using ( auditctl and ausearch to be clear) for finding which process generating the backdoor after deleting it, this is the results. 
time->Sat Jan 13 17:44:37 2024
type=PROCTITLE msg=audit(1705189477.956:12083978): proctitle=726D002D69002F7661722F7777772F68746D6C2F6D61676E69746F2E706870
type=PATH msg=audit(1705189477.956:12083978): item=1 name="/var/www/html/xx.php" inode=35084690 dev=fd:00 mode=0100777 ouid=0 ogid=0 rdev=00:00 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1705189477.956:12083978): item=0 name="/var/www/html/" inode=34033743 dev=fd:00 mode=040775 ouid=995 ogid=995 rdev=00:00 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1705189477.956:12083978):  cwd="/root"
type=SYSCALL msg=audit(1705189477.956:12083978): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=1e670c0 a2=0 a3=7ffcc4acfea0 items=2 ppid=8050 pid=9434 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=193704 comm="rm" exe="/usr/bin/rm" key=(null)
----
time->Sat Jan 13 17:45:07 2024
type=PROCTITLE msg=audit(1705189507.759:12083995): proctitle=6C73002D2D636F6C6F723D6175746F002F
type=PATH msg=audit(1705189507.759:12083995): item=1 name="/var/www/html/xx.php" inode=35084690 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1705189507.759:12083995): item=0 name="/var/www/html/" inode=34033743 dev=fd:00 mode=040775 ouid=995 ogid=995 rdev=00:00 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1705189507.759:12083995):  cwd="/root"
type=SYSCALL msg=audit(1705189507.759:12083995): arch=c000003e syscall=2 success=yes exit=3 a0=7f22b8e630f9 a1=242 a2=1b6 a3=24 items=2 ppid=8050 pid=9465 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=193704 comm="ls" exe="/usr/bin/ls" key=(null)
I want to know how do correct monitor and find the execution command that used to generate the backdoor by running any Linux commands or if there is a way to modify and inject these files /usr/bin/ls, /usr/bin/ps...
Dany Burgos (1 rep)
Jan 14, 2024, 01:59 AM
0 votes
1 answers
369 views
Are FreeBSD binaries compatible with macOS?
freebsd macos binary compatibility
Since FreeBSD and macOS (OS X) are very similar to each other, can programs written for FreeBSD run on macOS? And if a program can't, then would it be possible to make it work?
Since FreeBSD and macOS (OS X) are very similar to each other, can programs written for FreeBSD run on macOS? And if a program can't, then would it be possible to make it work?
Bunabyte (111 rep)
Nov 5, 2023, 05:10 PM • Last activity: Jan 4, 2024, 07:54 PM
0 votes
2 answers
3522 views
zip/compress a .bin file
zip compression binary
I have a .bin file size of 8MB; is it possible to compress it or zip it? Tried with 7z but 8MB -> 7.90 MB so any relevant changes. Is there any other tools? Or simply is it not possible?
I have a .bin file size of 8MB; is it possible to compress it or zip it? Tried with 7z but 8MB -> 7.90 MB so any relevant changes. Is there any other tools? Or simply is it not possible?
DDBE (105 rep)
May 15, 2020, 06:57 AM • Last activity: Oct 26, 2023, 11:50 AM
6 votes
3 answers
16251 views
How to change the default line length for od and hexdump
command-line utilities binary od
Is there any way to change the default line length for the `od` and `hexdump` commands? Can't see anything apropriate in the man pages.
Is there any way to change the default line length for the od and hexdump commands? Can't see anything apropriate in the man pages.
newenglander (643 rep)
May 4, 2012, 02:51 PM • Last activity: Oct 25, 2023, 09:30 PM
Showing page 1 of 20 total questions
Footer Ad - 728x90