Suggestions for Hex...
 
Notifications
Clear all

Suggestions for Hex editor and Beta testers

3 Posts
2 Users
0 Reactions
344 Views
PaulSanderson
(@paulsanderson)
Honorable Member
Joined: 19 years ago
Posts: 651
Topic starter  

I am looking for suggestions to be incorporated into a new hex editor I am writing - specifically I am asking whether there are any file/disk/mobile phone specific functions that could be added

I am also looking for a few initial beta testers, the first beta release likely to be later this week or next week.

Please email me paul@sandersonforensics.com if you wish to be considered.

RevEnge is a hex editor but designed with Reverse Engineering in mind – hence the name. The full feature list follows but there are some unique features included and more on the way. Including

* RevEnge will allow on the fly decoding of ZLib compressed data (also ROT13,18,47 and Base64) - i.e. as you move the cursor RevEnge will attempt to decode and display the data from the cursor using ZLib
* Date searching - search for a date in a specific date range using any or all of the imbuilt date types
* define your own structures - RevEnge will decode the data from the current cursor position according to the current structure definition - move the cursor and the displayed structure data is updated accordingly
* verify that a file/image is blank
* Jump forwards/backwards from the current offset/block start based on the value under the cursor
* jump back to the last cursor prior to the current jump
* Highlight any date that falls within a specific predefined range
* Bookmark ranges of a file (and save)
* Highlight any bytes that match a preset template - i.e. set the context to include JFIF, GIF89, BM etc. and as the display scolls any matching bytes will be displayed

• Support for
o Monolithic images (DD)
o ExpertWitness/EnCase files (compressed and uncompressed)
o Physical devices and logical volumes
o Files
• View multiple files at once
• Paste clipboard into new window
• Create new windows (views) based on the current cursor position
• Advanced search facilities - Search for
o Text
o Hex
o Dates and date ranges
• Hash calculation
o MD5
o SHA1
• Bit and Byte manipulation (little and big endian)
o XOR, OR, AND, INVERT
o Byte swap, word swap, swap endian, swap nibbles
o Shift and rotate left and right
o ROT13, ROT18 and ROT47 decoding
• Decompress ZLib data
• Decode base64 data
• Wipe or overwrite a range of bytes
• Check a file/image is blank
• Data interpreters
o Signed and unsigned 8, 16, 32 and 64 bit integers
o ZLib compressed data
o Supported dates
 64 bit filetime
 Filetime
 HTML filetime
 MSDOS,
 MSDOS word swapped
 Unix time
 AOL time
 Unix decimal 10 byte
 Unix decimal 13 byte
o Highlight and bookmarks byte ranges
o Highlight specific words/bytes
o Structure viewer

Although RevEnge supports image formats it is designed mainly as a file editor and it does not support any file system formats.

This is an ongoing project and the manual such as it is has just been pasted above however I will try and put together a quick manual to help testers navigate around on the first release.


   
Quote
PaulSanderson
(@paulsanderson)
Honorable Member
Joined: 19 years ago
Posts: 651
Topic starter  

One of the suggestions I have received from a mobile phone examiner is the facility to decode and display GSM 7 bit encoded data taken from data dumps. This facility has now been added to RevEnge and a screenshot of some data (from Michael Harringtons paper – Understanding SMS Practitioners basics) is below


   
ReplyQuote
E5Pro
(@e5pro)
Trusted Member
Joined: 18 years ago
Posts: 69
 

WOW features look impressive.


   
ReplyQuote
Share: