Hallelujah! HexFiend 1.1 Ends My OS X Hex Editor Grail Quest!
Thomas Ptacek | August 31st, 2006 | Filed Under: Uncategorized
OMG, PONIES! ridiculous_fish (an Apple AppKit developer) recently released HexFiend 1.1, driving a gleaming stake through the heart of HexEdit. Unlike HexEdit, HexFiend:
is fast,
is pretty,
has a floating inspector that decodes the int8/int16/int32/int64 (LE and BE) that you’ve highlighted (swoon),
often actually saves changes when you tell it to,
and can efficiently handle 100MB files —- like an uncompressed firmware image.
Despite these features, HexFiend had been my second choice hex editor. When I selected a range of bytes, it gave me the range of offsets (“104 through 107 selected out of 3,804 bytes”). This, believe it or not, is a showstopper; a few minutes of punching numbers into my rpn calculator to see how many bytes I’d actually selected was enough to throw me back into HexEdit.
Until now. Death to HexEdit! Long live HexFiend!
(Most ridiculous_feature ever: the inspector now shows you the RGB color corresponding to the bytes you have selected. I want to hear the use case for this. I am determined to find a way to use it in my work!)
I have, like, a million feature requests. I really wish he’d open it up. But HexFiend rules nonetheless, and ridiculous_fish has the thanks of grateful security company for releasing it.
Josh Daymont
August 31st, 2006 11:41 amWhat about raw file content dissassembly? Can it be scripted? Can is search file contents for regexes or hex patterns?
Thomas Ptacek
August 31st, 2006 12:04 pmHex/ASCII search. String support is something I’d like to see, and a reason I’d love to see it opened (60% of my blackbag code is just transforms from raw to structured, like Unicode strings).
No Applescript dictionary that I can find. Is it heresy to admit that I never, ever use Applescript?
No disassembly. When I need to disassemble something, I fake up an ELF header and hand it to IDA Pro. All hail GNU “objcopy”.
Matt
August 31st, 2006 1:14 pmNo. Applescript is a whirling vortex of pure suck centered on a rock-hard core of lame. For instance, take a gander at some Apple-provided string subroutines:
http://www.apple.com/applescript/guidebook/sbrt/pgs/sbrt.07.htm
In particular, note the string replacement function.
I will go to great lengths to avoid having anything to do with Applescript, and I die a little inside every time I fail at that goal.
Tom Ferris
August 31st, 2006 3:06 pm0xED is just as good:
http://www.apple.com/downloads/macosx/development_tools/0xed.html
Thomas Ptacek
August 31st, 2006 3:36 pmGet them to open it up! If ever there was a piece of code that begged for contributions, it’s that little inspector window in the hex editor.
Chris Clark
August 31st, 2006 5:52 pmIt’s not for Mac OS but 010 Editor is the best hex editor I have ever found:
http://www.sweetscape.com/010editor/
It supports binary templates in a language that looks pretty similar to C header file syntax. Pretty cool stuff and has definitely saved me a lot of time. I swear I don’t work for the company, I just really like the tool.
Jason Haley
August 31st, 2006 9:47 pmInteresting Finds: August 31, 2006
Sam Matthews
June 21st, 2007 3:04 amI requested that RGB-viewing ridiculous_feature!
I (and several people I know) use hex editors to decode old games’ data file formats. Being able to visualize graphics is pretty essential. I had asked for a full pixel stream view, but Fish got sidetracked
And… still waiting for scriptable data interpretation!
- Frisk
Sam Matthews
June 21st, 2007 3:13 amOh, and you can change how it displays ranges by clicking on the status bar. Two of the options are:
2 bytes selected at offset 289 of 50,000 bytes
0×02 bytes selected at offset 0×121 of 0xC45E bytes
And… it’s now open source!
http://ridiculousfish.com/hexfiend/
Fish was amused. :-p
Leave a reply