Obfuscating human-readable text by using hexadecimal views.

How to convert to and from hex dumps using xxd

Photo by Juliana Malta on Unsplash

Motivation

In an earlier article, I explained the use of compiled binary files to hide the code run within them:

https://daniel-ellis.medium.com/compiling-a-shell-script-to-binary-8dac07b770df

However, it is not possible to set environmental variables using this method. MD5 checksums were considered, however, these are NOT reversible, so naturally, we ended up using the hexadecimal representation of our text.

XXD

Text File Conversion

Conventionally xxd is used to convert a text file — e.g.

echo "Magic Text " > text_dump

into a hex dump file. Although it is possible to convert into a binary dump using the -b flag, this includes a copy of the initial string which defeats the purpose of what we are after.

Instead, we use the postscript continuous hex dump style produced with the -p flag.

xxd -p text_dump > dump

To reverse the process we can use the -r flag

xxd -r -p dump

String to Plain HexDump format

Applying the same principle to a text string. Using echo we can redirect a string into xxd and use the same plain hex dump style as before.

xxd -p <(echo "Hi how are you?")

This produces the following output:

486920686f772061726520796f753f0a

To convert this back into the string we can use the reverse flag:

xxd -p -r <(echo "486920686f772061726520796f753f0a")

and re-obtain our original string.

Setting the ENV variables

Combining this with a pipe we can now set our environmental variables using this non-human readable code:

export MYVAR=`xxd -p -r <(echo "486920686f772061726520796f753f0a")`

And here the variable $MYVAR now returns:

echo $MYVAR;
>> Hi how are you?

And there we have it, a way to set environmental variables using non-human readable text.