strings
Find printable strings in binary files
TLDR
Print all strings in a binary
Limit results to strings at least n characters long
Prefix each result with its offset within the file
Prefix each result with its offset within the file in hexadecimal
SYNOPSIS
strings [options] file(s)
PARAMETERS
-a or --all
Scan the entire file, regardless of section headers.
-f or --print-file-name
Print the name of the file before each string.
-n length or -min-len=length
Specify the minimum string length (default is usually 4).
-t radix or --radix=radix
Show the offset within the file before each string. radix can be 'o' (octal), 'x' (hexadecimal), or 'd' (decimal).
-e encoding or --encoding=encoding
Select a character encoding ('s' for single-7-bit-byte, 'S' for single-8-bit-byte, 'b' for 16-bit big-endian, 'l' for 16-bit little-endian, 'B' for 32-bit big-endian, 'L' for 32-bit little-endian).
-o
Equivalent to -t o (octal).
-T bfdname or --target=bfdname
Specify a binary file format (instead of the default ELF).
Useful when processing raw or unknown file formats.
--help
Display help information.
--version
Display version information.
@file
Read options from file.
DESCRIPTION
The strings command in Linux is a utility used to extract and display printable character sequences embedded within binary files or other non-text files. This is useful for identifying potentially human-readable text within executables, object files, libraries, core dumps, and other data files. By default, it searches for ASCII strings of at least a certain length (usually 4 characters). The command can be customized to search for different character encodings and minimum string lengths, aiding in tasks such as reverse engineering, malware analysis, and simply understanding the contents of unfamiliar files. It ignores non-printable characters and often reveals important information like error messages, version strings, or configuration settings hidden within the file.
CAVEATS
The strings command relies on heuristics to identify printable strings. It may produce false positives (sequences of bytes that appear to be strings but are not meaningful). The results are only as good as the minimum length and encoding settings used.
USE CASES
Malware Analysis: Analyzing malware samples for embedded URLs, function names, or configuration settings.
Reverse Engineering: Examining compiled programs to understand their functionality.
Data Recovery: Extracting potentially recoverable text from corrupted files or disk images.
Configuration File Analysis: Inspecting configuration files to see unencrypted data or hidden settings.
Software Version Identification: Finding the version information compiled into executables.
HISTORY
The strings command has been a part of Unix-like operating systems for a long time, dating back to early versions of Unix. It has evolved over time, with improvements in encoding support and option handling to handle a wider variety of file formats and character sets. Its basic functionality, however, has remained consistent: to extract human-readable text from binary files.