Tools / Hex Viewer
Hex Viewer
Paste text or a hex string and see it formatted as a xxd-style hex dump with byte offset, hex columns, and an ASCII sidebar. Printable characters are highlighted in the ASCII column; null bytes and control characters appear as dots.
How to read a hex dump
A hex dump displays raw bytes in three columns. The leftmost column is the byte offset from the start of the data, shown in hexadecimal. The middle section shows 16 hex bytes per row, each as a two-digit hex value. The rightmost column is the ASCII representation: printable characters appear as their literal character; all other bytes appear as a dot (.).
Reading a hex dump lets you find magic bytes (file signatures) at the start of a file, locate embedded strings, spot patterns in binary data, and understand the raw structure of network packets, file formats, or encoded payloads. In CTF forensics this is often the first step when you receive a file whose type is unclear.
On the command line the equivalent tools are xxd, hexdump -C, and od -A x -t x1z. The viewer here matches the hexdump -C layout that most CTF writeups reference.
Common file signatures you will see at offset 0x00000000: PNG files start with 89 50 4e 47 0d 0a 1a 0a (the bytes spell .PNG....); ZIP files start with 50 4b 03 04 (PK..); ELF binaries start with 7f 45 4c 46 (.ELF). Identifying the file type from its magic bytes is often the first move in a forensics challenge.
When a challenge gives you a hex string (e.g. from a xxd dump or a Python bytes.hex() call), switch to Hex input mode and paste it directly. The tool accepts space-separated pairs, continuous strings, and any mix of upper and lower case.
For deeper analysis, use the Checksum Calculator to verify file integrity, the Number Base Converter to interpret individual byte values, or the XOR Cipher to decrypt single-byte-XOR-obfuscated data.