How can I grep a hex value in a string in a binary file?

I have a binary file like this (open in Emacs hex mode): How can I grep if hex values '22081b00081f091d2733170d123f3114' exists in the file?

00000000: 2b08 1b00 1418 0825 0407 3830 271d 170d  +......%..80'...
00000010: 2208 1b00 081f 091d 2733 170d 123f 3114  ".......'3...?1.
00000020: 1909 1b00 0934 1f10 2503 3803 111c 3821  .....4..%.8...8!

In my example, it should return a hit since the hex values I am looking for is in address 0x10.

Solution 1:

You can use:

xxd -p /your/file | tr -d '\n' | grep -c '22081b00081f091d2733170d123f3114'

It'll return 1 if the content matches, 0 else.

xxd -p converts the file to plain hex dump, tr -d '\n' removes the newlines added by xxd, and grep -c counts the number of lines matched.

This way, the input is matched whatever its position is in the file (if it was at position 0x18 in your example, it would have been cut in two and grep would not have matched it without the use of tr). Yet, you do not have its position in the file.

Solution 2:

With later greps, you can most definitely do hex string searches and more. You can do it with full regular expression (regexp) power, such as 'find me this hex sequence followed by 1 or more 0 and then followed by text matching this and this regexp'

grep -aPo '\x01\x00\x00\x00[0-z]+\x00\x00\x00[0-z]+' <file>

does match login/pass pairs in a file with a binary dump of a protocol stream used for control and retrieval of DHAV-formatted videos in certain IP-DVR systems. That is, the matching piece has to have bytes with hex codes 0x01 0x00 0x00 0x00 followed by ASCII login then 0x00, two more 0 bytes and then the password.