How does the binary structure analyzer work?

When you load a file, the tool checks the first bytes against a database of 70+ magic byte signatures to identify the file type. It then runs a format-specific parser that maps every byte to a structural region — headers, metadata, compressed data, checksums, and more. Each region is color-coded in the hex view and listed in the Structure Map panel. Supported formats include PNG, JPEG, PDF, ZIP, ELF, PE/EXE, DER/ASN.1, PEM, JKS, GIF, BMP, GZIP, SQLite, Java Class, WASM, RIFF (WAV/AVI), MP3, MP4, Mach-O, PGP, PKCS#12, and TAR.

What do the color-coded regions mean in the hex view?

Pink/magenta highlights magic bytes (file signatures). Blue marks headers and chunk types. Teal indicates metadata like dimensions or timestamps. Purple shows compressed sections. Orange marks checksums and CRCs. Green highlights embedded text strings. Yellow indicates index structures like tables and directories. Grey shows padding bytes. Hover over any colored byte to see a tooltip explaining that field.

What binary file formats are supported for deep structure analysis?

Tier 1 (deep field-level parsing): PNG with IHDR dimensions and per-chunk CRCs, JPEG with SOF/EXIF/Huffman markers, PDF with xref tables and trailers, ZIP with local headers and central directory, ELF with program and section headers, PE/EXE with COFF and optional headers, DER/ASN.1 with recursive TLV decoding, PEM with Base64 body detection, and JKS keystores. Tier 2 (section-level): GIF, BMP, GZIP, SQLite, Java Class, WASM, RIFF (WAV/AVI), MP3/ID3, MP4/MOV, Mach-O, PGP, PKCS#12, and TAR.

Hex Dump Viewer • Binary Structure Analyzer Online

How to Use the Hex Dump Viewer

1. Load Your Data

Drag and drop any file onto the drop zone, or switch to Text/Hex mode to paste content directly. The tool processes everything in your browser.

2. Customize the View

Switch between hex, decimal, octal, and binary formats. Adjust bytes per line (8/16/24/32) and grouping to match your analysis needs.

3. Search & Inspect

Search for byte patterns like file signatures (50 4B for ZIP, 89 50 4E 47 for PNG). Click any byte to see all its representations in the Byte Inspector.

4. Export Results

Copy the hex dump to clipboard, download as plain text, or export as C, Python, Go, or Rust source code arrays for embedding in your projects.

What is a Hex Dump?

A hex dump (or hexadecimal dump) is a representation of binary data where each byte is displayed as a two-digit hexadecimal number. It is the standard way to inspect and analyze binary files, network packets, memory contents, and raw data at the byte level.

The traditional hex dump format shows three columns: the offset (byte position), the hex values (16 bytes per line), and the ASCII interpretation (printable characters or dots for non-printable bytes). This format is used by Unix tools like xxd, hexdump, and od.

Hex dumps are essential in reverse engineering, malware analysis, network protocol debugging, file format research, and digital forensics. Understanding hex representation is a fundamental skill for software developers, security researchers, and system administrators.

Export Formats Reference

C

C Array

Unsigned char array with length constant

unsigned char data[] = {
  0x48, 0x65, 0x6C
};

Py

Python Bytes

Python bytes literal with hex values

data = bytes([
  0x48, 0x65, 0x6C
])

Go

Go Byte Slice

Go []byte variable declaration

var Data = []byte{
  0x48, 0x65, 0x6C,
}

Rs

Rust Byte Array

Rust const &[u8] static reference

const DATA: &[u8] = &[
  0x48, 0x65, 0x6C
];

Real-World Applications

Reverse Engineering

Analyze executable file headers, identify embedded resources, inspect PE/ELF/Mach-O binary structures, and understand file format internals.

Malware Analysis

Detect packed or encrypted sections by entropy analysis, find embedded URLs/IPs in malware samples, and identify obfuscation techniques.

Protocol Debugging

Inspect network packet captures, analyze TLS handshakes, debug custom binary protocols, and verify data encoding correctness.

Digital Forensics

Recover deleted file fragments, identify file types by magic bytes, analyze disk images, and examine file system metadata.

Frequently Asked Questions

A hex dump displays file contents as hexadecimal values alongside their ASCII text representation. Each line shows an offset address (position in the file), hex byte values (typically 16 per line), and printable ASCII characters. Non-printable bytes appear as dots. This lets you inspect binary file structures, find magic bytes, and analyze data at the byte level.

Drag and drop any file onto the drop zone, or click to browse. The tool reads the file entirely in your browser using the FileReader API and displays the hex dump instantly. No data is uploaded to any server. You can also paste text or raw hex values as input.

The offset column shows the byte position in hexadecimal (e.g., 00000010 means byte 16). The hex column displays each byte as a two-digit hex value (00 to FF). The ASCII column shows the character representation where printable characters (0x20 to 0x7E) display normally and non-printable bytes show as dots.

Enter hex values separated by spaces in the search box (e.g., 50 4B 03 04 for ZIP file headers). The tool highlights all occurrences and shows the match count. It automatically scrolls to the first match. This is useful for finding file signatures, magic bytes, and specific data sequences.

Entropy measures the randomness of bytes in a file, ranging from 0 (all identical bytes) to 8 bits (maximum randomness). High entropy (above 7.5) suggests encrypted or compressed data. Low entropy indicates structured text or repeated patterns. Security analysts use entropy to detect encrypted payloads, packed executables, or steganographic content.

Yes. Click the export buttons in the toolbar to download your data as a C unsigned char array, Python bytes literal, Go byte slice, or Rust byte array. Each export generates valid, compilable source code with proper formatting and length constants.

File headers contain magic bytes that identify the file type. For example, PDF files start with 25 50 44 46 (%PDF), PNG with 89 50 4E 47, ZIP with 50 4B 03 04. Use the search feature to find these signatures. The Byte Inspector lets you click any byte to see its decimal, octal, binary, and character values.

Yes. All processing happens entirely in your browser using JavaScript. Files are read via the FileReader API and never leave your computer. No data is sent to any server. The tool works offline after loading. This makes it safe for analyzing confidential documents, proprietary binaries, or security-sensitive files.

Explore More Developer Tools

B64

Base64 Encoder/Decoder

Encode and decode Base64 strings and files

#

Hash Functions

MD5, SHA-1, SHA-256, SHA-512 hash generator

AES

Cipher Functions

AES, DES, Blowfish encryption and decryption

Menu

⭐ Popular Tools

🕒 Recently Used

📁 All Categories

Quick Links

Support

Hex Dump Viewer & Binary Analyzer