Using The Strings Command To Extract String Data From Binary Files On Linux

10th June 2025

If you have a binary file that contains some text information then it might be possible to extract that information using the strings command.

For example, MySQL will store INNODB files in a binary format, but you can see the data by using the strings command to extract the textual information from the file.

strings some_table.ibd

This will by no means by a pretty representation of the data, but it should show you what is in there. If you are looking for data recovery then this probably not the best choice.

The command can also be used to display the EXIF information in images.

$ strings 20240416_180145.jpg
Exif
samsung
SM-G976F
G056FFFSGHWC2
2024:04:16 18:00:45
0220
2024:04:16 18:00:45
2024:04:16 18:00:45
+01:00
+01:00
L12XLLD00SM
...

You can use the "-n" flag to tell strings what the minimum length of a string should be. This can help to cut down some of the noise that the tool can create in some files.

strings -n 10 binaryfile.bin

It's usually a good idea to pass the output through more (or less) as it can be a lot of data all at once.

strings binaryfile.bin | more

You can now paginate through the results.

This is a good way of searching in a binary file using grep. Since grep doesn't understand binary files you can convert the output to text using strings and then search for it using grep.

strings binaryfile.bin | grep somestring

Using the -o flag allows you to see the offset of that string from the start of the file.

$ strings -o 20240416_180145.jpg | more   
      5 jExif
    266 samsung
    276 SM-G976F
    310 G056FFFSGHWC2
    326 2024:04:16 18:00:45
    464 0220
   1070 2024:04:16 18:00:45
   1114 2024:04:16 18:00:45
   1140 +01:00
   1150 +01:00
   1270 L12XLLD00SM
   1776 	
....

The offset here is in octal, so if you want to print the value in other formats you need to use the "-t" (radix) flag, followed by d (decimal), x (hexadecimal), or o (octal). Using the flag "-t o" is the same as using -o.

For example, to print the offset in decimal use the flag "-t d"

strings -t d binaryfile.bin

By default, whitespace at the stard and end of text blocks is ignored by strings, to include this as well use the "-w" flag.

strings -w binaryfile.bin
linux

Add new comment

The content of this field is kept private and will not be shown publicly.