AWK - Hex to Binary

This AWK code is used to translate data that has been exported from Wireshark using
File ... Export Packet Dissections ... As Plain Text ..., checking only the Packet Bytes box
in the Packet Format section (unchecking all others). These print lines are hex characters,
which this code will translate to binary. This can be useful to create a file (e.g. PDF, JPG)
from a packet capture.



BEGIN {BINMODE = 2;}                       # BINMODE of 2 sets writing output to binary mode
{ if ($1 > "0020") {                       # Ignore the lines starting with 0000, 0010 and 0020
   x=0;                                   # There are 16 bytes on each line; Begin at offset 0
   if ($1 == "0030") {x=6;}               # Ignore the first 6 bytes of the 0030 line
   while (x < 16) {                       # We start after bypassing the network header bytes
     n=0;                               # Initialize the binary number to output
     pos = 7+(x*3);                       # Calculate the position of the first hex byte
     hex = substr($0,pos,1);              # Grab the first hex byte
     if (hex == " ") {next;}              # If a blank is found, there are no more bytes
     if (hex <= "9") {n=hex*16;}          # Use multiplication for hex digits 0-9
     if (hex == "a") {n=160;}             # Assign the other hex digits to their binary numbers
     if (hex == "b") {n=176;}
     if (hex == "c") {n=192;}
     if (hex == "d") {n=208;}
     if (hex == "e") {n=224;}
     if (hex == "f") {n=240;}
     hex = substr($0,pos+1,1);            # Grab the second hex byte
     if (hex <= "9") {n=n+hex;}           # Use addition for hex digits 0-9
     if (hex == "a") {n=n+10;}            # Add the other hex digits to their binary numbers
     if (hex == "b") {n=n+11;}
     if (hex == "c") {n=n+12;}
     if (hex == "d") {n=n+13;}
     if (hex == "e") {n=n+14;}
     if (hex == "f") {n=n+15;}
                                          # It is required to print directly to a file using the
     printf "%c", n > "output.bin";       # “>” syntax to avoid AWK inserting a CR before each LF
     x++;                               # Go to the next hex byte on this line                   
     }
   }
}

No comments:

Post a Comment

Spoofing MAC Addresses

I developed this bash script for my MacBook Air to simply the process of getting devices without a keyboard and mouse authenticated to a wir...