2

Just in theory: is it possible to replace the domain string in the compiled binary file with an IP address by editing a binary file in place with sed? (IP address belongs to a different domain, but that doesn't relevant).

For example: I want replace string abcde.domain.com with 75.4.60.8. The domain string and IP address have different length, 16 chars and 9 chars, respectively. The IP string is shorter. If I pad the IP string with null bytes to match the original length? Also, if the IP address have one or more zeros inside, may this affect too?

Improve this question
2
  • 5
    While you can replace it you cannot guarantee that the replacement has the desired affect. This depends on the program logic, it might expect to have a domain address there. But what you could try instead is to locally map the domain to the IP address by editing the /etc/hosts file. Commented 2 days ago
  • fxgreen, please remember that on the StackExchange sites it's preferred that you accept ✔ the answers that work best for you. (Not just for this question but for your other questions too. And not just here on unix.stackexchange.com.) Commented 2 days ago

1 Answer 1

Reset to default
2

Yes, you can do this. I would use something like sed to perform the gross changes and then xxd to give me an editable file that would let me replace the remaining unwanted characters with NULs.

Example

# Arbitrary preparation of a file containing NUL characters
echo 'This is a file containing abcde.domain.com#as a domain#' | tr '#' '\0' >file.dat

hex file.dat
   0000 54 68 69 73 20 69 73 20  61 20 66 69 6c 65 20 63  This is  a file c
   0010 6f 6e 74 61 69 6e 69 6e  67 20 61 62 63 64 65 2e  ontainin g abcde.
   0020 64 6f 6d 61 69 6e 2e 63  6f 6d 00 61 73 20 61 20  domain.c om.as a
   0030 64 6f 6d 61 69 6e 00                              domain.

Notice the two NUL (00) codes.

Now let's modify file.dat, replacing abcde.domain.com with the shorter but padded 75.4.60.8:

sed 's/abcde.domain.com/75.4.60.8#######/g' file.dat | xxd >file.xxd
vi file.xxd

Inside the editor, replace the relevant # characters (hex 23) with NUL (hex 00). Then convert the hex dump back into the corresponding data file:

xxd -r file.xxd >file.new

Job done.

However, if you're changing the destination for a web service, bear in mind that many web servers use the target hostname as part of the selector for choosing the appropriate website. So referencing (say) contoso.com is not necessarily the same as (say) 203.0.113.1. You might be better fixing up /etc/hosts or providing an RPZ overlay in your local DNS server.

Improve this answer
7
  • thanks for tips. Agree, fixing up /etc/hosts or local DNS server seems preferable, but core problem is device connects to the internet via a home router, not computer. And router have no such functionality to modify the DNS server records. Commented 2 days ago
  • Is your internet connection device a true router or a brick modem? i.e. if you execute ip -a in a terminal window can you visit the default gateway in a web browser or does the default gateway belong to your ISP? Commented 2 days ago
  • internet connection via router. I can't see default gateway, only local IP addresses. Commented 2 days ago
  • 1
    You could avoid the need for tr or manual editing by using perl instead of sed - perl understands \0 to be a NUL character. e.g. perl -i.bak -0777 -pe 's/abcde.domain.com/75.4.60.8\0\0\0\0\0\0\0/g' file.dat would replace all occurrences of that domain name in the file with the IP address followed by 7 NUL characters. You could even automate calculating the number of NUL characters required with something like perl -0777 -pe 'BEGIN{$d=shift; $ip=shift; $nuls ="\0" x (length($d) - length($ip))}; s/$d/$ip$nuls/g' abcde.domain.com 75.4.60.8 file.dat Commented 2 days ago
  • Actually, with GNU sed, you could do sed -i.bak -z -e 's/abcde.domain.com/75.4.60.8\o000\o000\o000\o000\o000\o000\o000/g', but that's IMO worse than doing the same thing in perl. and can't calculate the number of NULs required. Dunno if other versions of sed understand \o for octal. Commented 2 days ago

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.