Fhex is born with the aim to develop a lightweight, but useful tool. The reason is that the existing hex editors have some different limitations (e.g. too many dependencies, missing hex coloring features, etc.).
This project is based on qhexedit2, capstone and keystone engines. New features could be added in the future, PRs are welcomed.
CTRL + F
]CTRL + B
]CTRL + C
and CTRL + V
]CTRL + Space
]Delete
or CTRL + D
]CTRL + Z
and CTRL + Y
]CTRL + S
]CTRL + G
]INS
]CTRL + N
]CTRL + T
]F5
]F1
]F2
]F3
]F4
]F4
]CTRL + Up/Down
or CTRL + -/+
)Fhex can load at startup a configuration file (from ~/fhex/config.json
) in JSON format with a list of strings or bytes to highlight and a comment/label to add close to the matches.
Examples:
{
“PatternMatching”:
[
{
“string” : “://www.”,
“color” : “rgba(250,200,200,50)”,
“message” : “Found url”
},
{
“bytes” : “414243”,
“color” : “rgba(250,200,200,50)”,
“message” : “Found ABC”
}
]
}
To activate pattern matching press CTRL + P
At the end, Fhex will show also an offset list with all the result references. Note: Labels with comments are added only if the window is maximized, if labels are not displayed correctly please try to run pattern matching again.
Fhex has the feature to chart the loaded binary file (Note: In order to compile the project, now you need also qt5-charts
installed on the system). The y-axis range is between 0 and 255 (in hex 0x0 and 0xff, i.e. the byte values). The x-axis range is between 0 and the filesize.
The chart plots the byte values of the binary file and let you focus only on the relevant sections. For example, if in a binary file there is an area full of null bytes, you can easily detect it from the chart.
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…