from Hacker News

Visual Analysis of Binary Files

by h4x0rr on 1/31/24, 10:39 PM with 48 comments

  • by cortesi on 1/31/24, 11:28 PM

    Ah, this is an old side-project of mine. Something I should probably make clearer is that files are not uploaded anywhere - the app is completely local, and all analysis is done in the browser.

    This version is written in React but when time permits I plan to release an updated version written in Rust, along with a library of fast implementations of space-filling curves and related utilities.

  • by defrost on 1/31/24, 11:56 PM

    This is where I miss | still pull out the original ERMapper geospatial viewer with the .ERS ASCII file "header" for viewing.

    https://gdal.org/drivers/raster/ers.html

    does not in any way do it justice.

    What it allows you to do is create a text header description for a binary file .. pretty much any binary image (and not intended to be image) "raw" (ish) format that existed then and now.

    Band interleaved, band seperated, row interleaved, column orientated, etc. 8 bit, 12, 24, 32 bit, big or little endian, with or without header "junk" to skip at start of file and|or at the start of each "virtual row"

    The handy hack was the ability to view as image and file that had time series aquisition by sketching out how to block it, how to understand the binary, insert optional colour maps .. and then being able to rapidly visually scan 2GB or 16GB of binary blob with real time fly about zoom in zoom out capability.

    Intended for multichannel satellite | aircraft | other instrument data with a variety of metadata (timing, position, instrument orientation, etc) - useful far beyond its core target.

    Addendum: for the curious, somewhat better description of the .ERS layout from PDF page 33 onwards of https://www.aseg.org.au/sites/default/files/ER%20Mapper%20Cu...

  • by throw_pm23 on 2/1/24, 9:35 AM

    This reminds of old ZX Spectrum computers that had 48K RAM of which ~4K was the buffer containing what was actually shown on the screen. Some software was so space-constrained that when loading, it would temporarily have to write into the screen buffer, so when you loaded something it may have filled the screen with images similar to those of this tool. Then as loading completed, it would shuffle things around in memory to be able to use the screen for its intended purpose.

  • by sgtnoodle on 2/1/24, 6:34 AM

    Reminds me of a cool tool I made at a previous company. I combined a software validation ticket database with version control blame in order to paint the entire source code repo line-by-line to represent how "validated" it was. I generated a HTML listing with png thumbnails next to every source file, allowing you to quickly find areas of interest. Maybe that sounds boring, but it was flight code for a space ship.

  • by yhvh on 1/31/24, 11:04 PM

  • by kencausey on 2/1/24, 12:00 AM

  • by h4x0rr on 2/1/24, 7:05 AM

    https://codisec.com/veles/ This is also really cool, similar idea but in 3d space

  • by makmanalp on 2/1/24, 3:44 AM

    Wait this is really cool!! Reminds me of a thing I did a few years ago that I never completed (sigh) which was about visualizing access patterns in database storage engines.

    Here's the report with pics and videos if that sounds interesting!

    http://akmanalp.com/static/memory_trace.pdf

  • by torarnv on 1/31/24, 11:22 PM

    I remember seeing a similar layout used for an article or blog post about reverse engineering a binary format. I’ve tried finding it later, but couldn’t. Anyone know of such a tool that lets you describe the various headers, fields, etc of a binary format with a similar visualization?

  • by zX41ZdbW on 2/1/24, 11:39 AM

    I recently did a very similar thing, but for visualizing DNS records on IPv4: https://reversedns.space/

  • by Piraty on 2/1/24, 1:35 PM

  • by fabian2k on 2/1/24, 7:57 AM

    The default view reorders the bytes as far as I can tell. It's mentioned in the help, but I don't really get how to make use of this feature. Maybe I tried it on the wrong kinds of files, but I found the default view confusing.

    But it is a really cool tool, if you have to figure out a binary file format looking for patterns is certainly very useful.

  • by fragmede on 2/1/24, 2:39 AM

    I would love to take an binary I worked on and feed it to this and get it printed and framed and hang it up somewhere.

  • by zX41ZdbW on 2/1/24, 11:42 AM

    I also recommend checking this: https://codisec.com/binary-data-visualization/ - visualization of binaries by mapping n-grams into n-dimensional space.

  • by Cockbrand on 2/1/24, 2:47 PM

    This reminds me of the old Amiga tool where one could visualize the RAM contents. As RAM wasn't cleared after a CTRL+A+A reset, one could find the graphics of the game one played before rebooting.

    Good times, but I can't seem to remember the tool's name.

  • by neandrake on 2/1/24, 12:57 AM

    A video of someone implementing a project of a related topic, for identifying binary patterns based on visualization. Interesting stuff.

    https://www.youtube.com/watch?v=AUWxl0WdiNI

  • by doubloon on 2/1/24, 3:26 AM

    there was a time on linux when you could cat /proc/kcore > /dev/video or something like that, some kind of old framebuffer device.

  • by sad-lemon on 2/1/24, 5:07 AM

    I remember someone made scarves/blankets with certain binary visualizations. Very cool stuff.

  • by nayuki on 2/1/24, 4:40 AM

    How does the mouseover animation of that topmost image work? It seems random yet deterministic.