Binary search/replace

xxd < orig | sed 's/A/B/' | sed 's/HEXA/HEXB/' | xxd -r > new
Replaces A with B in binary file "orig" and saves the result to "new". You must have the hex representations of A & B. Try od: echo -e "A\c" | od -An -x

By: wwest4
2009-02-05 20:25:04

1 Alternatives + Submit Alt

What Others Think

By default xxd creates a formatted hex dump, which will cause this command to miss instances where the string wraps to a new line. Use the -p option instead to skip formatting: xxd -p < orig | sed 's/HEXA/HEXB/' | xxd -r -p > new $
unixmonkey6864 · 562 weeks and 1 day ago
This has a few problems still. Inefficient for large files, doesn't align on byte boundries and xxd -p still has new-lines so wrapped hex won't get matched. You can use Perl's RE to do hex matches for you by using the \x{XX} expression where "XX" is the hex byte code. For example: perl -pe 's/\x{3C}\x{21}/\x{3D}/g;s/\x{2D}/\x{3D}/g' < orig > new This replaces "
edelbrp · 546 weeks and 5 days ago
Oops, the end of my comment got truncated. Anyways, you can look up 0x3C,0x21, etc. to see what chars I'm replacing and with what in my example above.
edelbrp · 546 weeks and 5 days ago
`xxd -p < orig | sed 's/HEXA/HEXB/' | xxd -r -p > new` is more correct and simpler! Also if you want to do an in-place edit, you can use `sponge` to help you out. `xxd -p < orig | sed 's/HEXA/HEXB/' | xxd -r -p | sponge orig` This works because `sponge` doesn't open the file until all the work is done. You can find it in the moreutils package.
varenc · 40 weeks and 4 days ago
1st. I think some folks meant s/before/after/g and not s/before/after. 2nd. I don't see any of these sed solutions working because sed is line oriented by nature and arbitrarily stops scanning when a line greater than 8K shows up. (Linux Mint 18.03) For larger files, the only sed-like solution I've found was bbe ("Binary Block Editor"). It's a *very* sed-like replacement. Or you can struggle with Perl, which will likely make you a meth addict eventually.
tgm1024 · 12 weeks and 4 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: