01/07/2016

In the last article we learned that the base 2, or more commonly binary, number system is as close to the hardware as we can go. But clearly that system is not practical for anyone to use. But is there another system that could be more practical and easier to understand? With the impracticality of binary, mainly do to the length of numbers, a base 16 system, or Hexadecimal number system, sometimes called machine code, can allow us to represent large numbers in a smaller form.

Most likely you have encountered the Hexadecimal system, even if it were just from viewing Windows Crash reports, errors or from advanced computer usage. Hex, for short, typically starts with prefix 0x or sometimes with postfix h. An example would be 0x10 = 10h = 10000b = 16 in base 10. From that example, it may be clear we are working with base 16.

Hexadecimal Defined

Hex is formed from the set of numbers 0-9 and the letters A-F. That is, in order 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F. So, 0x1 = 1 in base 10 and 0xF = 15 in base 10. After leaving our 1’s place we move to our 16s place with 0x10 representing 16.

Our more formal definition can now be demonstrated in the previous “base” notation. 16n + 10*16n-1 + … +161 + 160

Ex A: 2*161 + 0*160 = 0x20 = 20h = 32d

Ex B: 1* 161 + F*160 = 0x1F = 1Fh = 31d

Assembly Code with Hex equivalent.

To view base 16, or Hex on a *Nix system, use the command objdump to disassembly a small program. To run objdump, open a terminal and find a binary that is small. A utility like ping or nslookup should be fine.

Type $ objdump -d -M intel path/to/program

This concludes our basic introduction to hex. The usage within exploits will be discussed many times over in future sections.