2

Just in theory: is it possible to replace the domain string in the compiled binary file with an IP address by editing a binary file in place with sed? (IP address belongs to a different domain, but that doesn't relevant).

For example: I want replace string abcde.domain.com with 75.4.60.8. The domain string and IP address have different length, 16 chars and 9 chars, respectively. The IP string is shorter. If I pad the IP string with null bytes to match the original length? Also, if the IP address have one or more zeros inside, may this affect too?

Improve this question
2
  • 5
    While you can replace it you cannot guarantee that the replacement has the desired affect. This depends on the program logic, it might expect to have a domain address there. But what you could try instead is to locally map the domain to the IP address by editing the /etc/hosts file. Commented Nov 17 at 19:05
  • fxgreen, please remember that on the StackExchange sites it's preferred that you accept ✔ the answers that work best for you. (Not just for this question but for your other questions too. And not just here on unix.stackexchange.com.) Commented Nov 18 at 9:18

1 Answer 1

Reset to default
2

Yes, you can do this. I would use something like sed to perform the gross changes and then xxd to give me an editable file that would let me replace the remaining unwanted characters with NULs.

Example

# Arbitrary preparation of a file containing NUL characters echo 'This is a file containing abcde.domain.com#as a domain#' | tr '#' '\0' >file.dat hex file.dat 0000 54 68 69 73 20 69 73 20 61 20 66 69 6c 65 20 63 This is a file c 0010 6f 6e 74 61 69 6e 69 6e 67 20 61 62 63 64 65 2e ontainin g abcde. 0020 64 6f 6d 61 69 6e 2e 63 6f 6d 00 61 73 20 61 20 domain.c om.as a 0030 64 6f 6d 61 69 6e 00 domain.

Notice the two NUL (00) codes.

Now let's modify file.dat, replacing abcde.domain.com with the shorter but padded 75.4.60.8:

sed 's/abcde.domain.com/75.4.60.8#######/g' file.dat | xxd >file.xxd vi file.xxd

Inside the editor, replace the relevant # characters (hex 23) with NUL (hex 00). Then convert the hex dump back into the corresponding data file:

xxd -r file.xxd >file.new

Job done.

However, if you're changing the destination for a web service, bear in mind that many web servers use the target hostname as part of the selector for choosing the appropriate website. So referencing (say) contoso.com is not necessarily the same as (say) 203.0.113.1. You might be better fixing up /etc/hosts or providing an RPZ overlay in your local DNS server.

Improve this answer
7
  • thanks for tips. Agree, fixing up /etc/hosts or local DNS server seems preferable, but core problem is device connects to the internet via a home router, not computer. And router have no such functionality to modify the DNS server records. Commented Nov 17 at 22:35
  • Is your internet connection device a true router or a brick modem? i.e. if you execute ip -a in a terminal window can you visit the default gateway in a web browser or does the default gateway belong to your ISP? Commented Nov 17 at 23:26
  • internet connection via router. I can't see default gateway, only local IP addresses. Commented Nov 18 at 0:05
  • 1
    You could avoid the need for tr or manual editing by using perl instead of sed - perl understands \0 to be a NUL character. e.g. perl -i.bak -0777 -pe 's/abcde.domain.com/75.4.60.8\0\0\0\0\0\0\0/g' file.dat would replace all occurrences of that domain name in the file with the IP address followed by 7 NUL characters. You could even automate calculating the number of NUL characters required with something like perl -0777 -pe 'BEGIN{$d=shift; $ip=shift; $nuls ="\0" x (length($d) - length($ip))}; s/$d/$ip$nuls/g' abcde.domain.com 75.4.60.8 file.dat Commented Nov 18 at 1:47
  • Actually, with GNU sed, you could do sed -i.bak -z -e 's/abcde.domain.com/75.4.60.8\o000\o000\o000\o000\o000\o000\o000/g', but that's IMO worse than doing the same thing in perl. and can't calculate the number of NULs required. Dunno if other versions of sed understand \o for octal. Commented Nov 18 at 1:48

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.