Author: Joe Barr
strings.
strings is part of a set of tools included in binutils. It searches files you specify and prints human-readable strings found in them, whether they are binary files or not.
I just happened to have a copy of a firmware update for D-Link’s DCS-1000W camera on my hard drive, and I was eager to see what strings could tell me about it. I entered strings dlink.bin,
and hundreds of lines of output scrolled down my console screen. With that much output, using strings wasn’t going to be much better than using a hex editor. But there are a couple of ways to deal with that.
One thing you can do is to combine the strings command with grep, and look only for specific words or phrases. I tried strings dlink.bin | grep -i linux, but that didn’t find a match.
Another thing you can do is to change the minimum acceptable string length for strings. The default length is four characters, but you can easily override that by specifying another minimum. That’s the next thing I tried, entering strings -n 10 dlink.bin. Here’s a sample of what I got back:
SourceFile xplug.java:Fail to create m_imgCamera java/lang/InterruptedException java/lang/Exception InnerClasses java/lang/Thread (Lxplug;)Z java/awt/Toolkit getDefaultToolkit ()Ljava/awt/Toolkit; (Lxplug;)[B (Lxplug;)I createImage ([BII)Ljava/awt/Image; )(Lxplug;Ljava/awt/Image;)Ljava/awt/Image; (Lxplug;)Ljava/awt/Image; (Lxplug;Z)Z java/lang/System Ljava/io/PrintStream; java/io/PrintStream (Ljava/lang/String;)V java/awt/Image !(Ljava/awt/image/ImageObserver;)I getHeight prepareImage 3(Ljava/awt/Image;IILjava/awt/image/ImageObserver;)Z currentThread ()Ljava/lang/Thread; java/awt/Component (Lxplug;)J (Lxplug;J)J CalculateFrameRate Synthetic (Lxplug;)V LineNumberTable SourceFile xplug.java java/lang/Exception InnerClasses java/lang/Thread (Lxplug;)Z PostTriggerState access$10 GetTriggerState currentThread ()Ljava/lang/Thread; D-Link CAS-200W Model Rom Data Begin 2003-06-16 D-Link DE-970 Configuration 0123456789ABCDEF 2003-06-16 Copyright (c) 2001 Cellvision System Inc. 2003-06-16 Wireless Print Server TFTP Server Reject Request Config File Error T?DND_D8DDD )!"#$%&'(*5,-./01234+678@ JQklmnopstuvwx{|}~ YaiqyRZbjrz D-Link CAS-200W Model Rom Data Begin
I didn’t find any telltale Linux sign, but the copyright notice led me to a software vendor (Cellvision System) that I could ask outright about the nature of the beast.
Programmers might find it useful to know the offset into the file at which the strings are found. strings can provide that information, too. In fact, you can tell strings to print the offset in hex, octal, or decimal by using a radix argument.
Let’s take a look at a few entries from our last strings command after adding the arguments required to print the offset in octal. Try this at the command line:
strings -t o -n 10 dlink.bin
1335142 SourceFile 1335157 xplug.java 1335300 RemotePort 1335353 PreviewFrameRate 1335410 RotateAngle 1335440 DeviceSerialNo 1335511 java/lang/String 1335533 @GET /VIDEO.CGI HTTP/1.0 1335565 User-Agent: user 1335607 Authorization: Basic 1335664 DGET /IOCONTROL.CGI HTTP/1.0 1335722 User-Agent: user 1335744 Authorization: Basic
For the same listing with the offset in hex, change the radix option in the command above to -t x instead of -t o:
5ba62 SourceFile 5ba6f xplug.java 5bac0 RemotePort 5badc Timeout 5baeb PreviewFrameRate 5bb08 RotateAngle 5bb20 DeviceSerialNo 5bb36 8859_1 5bb49 java/lang/String 5bb5b @GET /VIDEO.CGI HTTP/1.0 5bb75 User-Agent: user 5bb87 Authorization: Basic 5bbb4 DGET /IOCONTROL.CGI HTTP/1.0 5bbd2 User-Agent: user 5bbe4 Authorization: Basic
strings is a simple, easy-to-use, single-focus tool. Just the way Baud intended things to be here on the CLI frontier. Learn more about it from man strings, and give it a try yourself.
