Day 15 - strings

Writer: Rauli Kaksonen

There are two basic commands I ran whenever I have an unknown file and I want to learn more about it. The commands are: file and strings.

Today's topic is strings. Its basic operation is to dig out all human-readable strings from a (binary) file. I use strings for casually looking to see what is in a file, usually a mix of urls, error messages, symbol names, etc. However, I can also use strings as the first step to extract strings for further processing.

Strings is part of 'binutils' and it is usually installed already for your *nix system. In source code the utility is written by some very high profile persons:

Written by Richard Stallman <...> and David MacKenzie <...>.

Let's use strings to see which kind of URLs are inside bash executable. Below I extract all strings from the executable and then use grep to filter out only the ones containing 'http':

% strings /bin/bash | grep http
bash home page: <http://www.gnu.org/software/bash>
General help using GNU software: <http://www.gnu.org/gethelp/>
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

Now you can use strings yourself to look what kind of strings there are inside the binary files in your system. Note that strings comes with variety of options which are listed the usual way:

% strings -h

Have fun!

ps. Please note that some distribution may have different variants of the string tool.

Links:

  • https://www.howtoforge.com/linux-strings-command/