I am looking for suggestions to be incorporated into a new hex editor I am writing - specifically I am asking whether there are any file/disk/mobile phone specific functions that could be added
I am also looking for a few initial beta testers, the first beta release likely to be later this week or next week.
Please email me paul@sandersonforensics.com if you wish to be considered.
RevEnge is a hex editor but designed with Reverse Engineering in mind – hence the name. The full feature list follows but there are some unique features included and more on the way. Including
* RevEnge will allow on the fly decoding of ZLib compressed data (also ROT13,18,47 and Base64) - i.e. as you move the cursor RevEnge will attempt to decode and display the data from the cursor using ZLib
* Date searching - search for a date in a specific date range using any or all of the imbuilt date types
* define your own structures - RevEnge will decode the data from the current cursor position according to the current structure definition - move the cursor and the displayed structure data is updated accordingly
* verify that a file/image is blank
* Jump forwards/backwards from the current offset/block start based on the value under the cursor
* jump back to the last cursor prior to the current jump
* Highlight any date that falls within a specific predefined range
* Bookmark ranges of a file (and save)
* Highlight any bytes that match a preset template - i.e. set the context to include JFIF, GIF89, BM etc. and as the display scolls any matching bytes will be displayed
• Support for
o Monolithic images (DD)
o ExpertWitness/EnCase files (compressed and uncompressed)
o Physical devices and logical volumes
o Files
• View multiple files at once
• Paste clipboard into new window
• Create new windows (views) based on the current cursor position
• Advanced search facilities - Search for
o Text
o Hex
o Dates and date ranges
• Hash calculation
o MD5
o SHA1
• Bit and Byte manipulation (little and big endian)
o XOR, OR, AND, INVERT
o Byte swap, word swap, swap endian, swap nibbles
o Shift and rotate left and right
o ROT13, ROT18 and ROT47 decoding
• Decompress ZLib data
• Decode base64 data
• Wipe or overwrite a range of bytes
• Check a file/image is blank
• Data interpreters
o Signed and unsigned 8, 16, 32 and 64 bit integers
o ZLib compressed data
o Supported dates
64 bit filetime
Filetime
HTML filetime
MSDOS,
MSDOS word swapped
Unix time
AOL time
Unix decimal 10 byte
Unix decimal 13 byte
o Highlight and bookmarks byte ranges
o Highlight specific words/bytes
o Structure viewer
Although RevEnge supports image formats it is designed mainly as a file editor and it does not support any file system formats.
This is an ongoing project and the manual such as it is has just been pasted above however I will try and put together a quick manual to help testers navigate around on the first release.
One of the suggestions I have received from a mobile phone examiner is the facility to decode and display GSM 7 bit encoded data taken from data dumps. This facility has now been added to RevEnge and a screenshot of some data (from Michael Harringtons paper – Understanding SMS Practitioners basics) is below
WOW features look impressive.