Finding Hidden Things in Binaries with the Linux Tool strings

DotNetRussell

2022-12-24

The Linux command strings is an incredibly useful tool for finding hidden things in binaries. In this article, we’ll discuss how to use it to uncover hardcoded passwords, API endpoints, and more.

What is the Linux Command Strings?

The Linux command strings is a program used to extract strings of printable characters from binary files.

The strings tool has been a part of the Unix operating system since the mid-1970s and is still widely used today. It is a great tool for digging into the internals of programs and uncovering hidden information.

How to Use Strings to Find Hidden Things

The basic syntax of the Linux command strings is as follows:

strings [options] filename

The most commonly used options are -a for searching the entire binary and not just the data section of the file, -n for specifying the minimum length of the string.

For example, to search the entire binary for strings that are at least 10 characters long, you would use the following command:

strings -a -n 10 *

Finding credit card numbers:

strings | grep -E '[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{4}'

Finding email addresses:

strings | grep -E '[A-Z0-9._%+-]+@[A-Z0-9.-]+.[A-Z]{2,4}'

Hardcoded Passwords & API Endpoints

One of the most common uses of the Linux command strings is to search for hardcoded passwords and API endpoints.

Sometimes developers store these in plaintext, either in the source code or in configuration files.

With the strings command, you can easily find any hardcoded items that may be hidden in your binary files.

Conclusion

The Linux command strings is an incredibly powerful tool for digging into the internals of programs and uncovering hidden information. It can be used to search for hardcoded passwords, API endpoints, and much more.

If you’re looking for a way to get a detailed view of what’s going on inside your programs, the strings command is a great place to start.

You can view the official Linux man page for strings here

Some of this article was automatically generated by the Open AI platform and then modified by the author to include headers, editing, formatting and personal experience. The human author takes responsibility for everything said here as well as its accuracy

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.