HowTo :: Patching binary files in Linux

Date: 2019-01-14

Last Modified: 2026-02-01

Reading Time: 7 mins

Section: HowTo

Categories: howto

Tags: assembly nasm dev glibc linux userland exploitation

Introduction

Learn to patch binary files directly without source code using hex editing and binary diff tools; essential for fixing bugs, applying security patches, or modifying executables.

What is Binary Patching?

Binary patching is the process of modifying compiled executable files without access to their source code. This technique is useful for:

Fixing bugs in production binaries when recompilation isn’t possible
Applying security patches to legacy systems
Reverse engineering and understanding how programs work
CTF challenges and vulnerability research
Modifying behavior of closed-source applications
Creating binary diffs for distributing patches

Instead of editing high-level source code and recompiling, you directly modify the machine code bytes in the executable file. This requires understanding hexadecimal representation and executable file formats.

Important Note

Binary patching should only be performed on files you own or have explicit permission to modify. Modifying copyrighted software without permission may violate licensing agreements or laws.

What You’ll Need

Prerequisites

Before patching binaries, ensure you have:

xxd - Hex dump tool (included in most Linux distributions with vim-common)
diff - Text comparison tool (standard on all Linux systems)
bsdiff - Binary diff/patch tool (install separately: apt install bsdiff)
Backup copies of any files you plan to modify
Basic hex knowledge - Understanding hexadecimal representation (0x00-0xFF)

Method 1: Using xxd (Hex Editing)

The xxd command creates hexadecimal representations of binary files that you can edit with text editors, then convert back to binary.

Step 1: Convert Binary to Hex

First, create hex dumps of the binary files you want to work with:

1
xxd prog1.bin > b1.hex

This converts prog1.bin into a human-readable hexadecimal format saved in b1.hex.

Example output format:

1
2
00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000  .ELF............
00000010: 0200 3e00 0100 0000 7010 4000 0000 0000  ..>.....p.@.....

Each line shows:

Byte offset (left): Position in the file
Hex values (middle): The actual bytes in hexadecimal
ASCII representation (right): Printable characters (dots for non-printable)

Understanding xxd Output

The left column shows the file offset in hexadecimal. The middle section shows 16 bytes per line in hex format. The right section shows ASCII interpretation where . represents non-printable characters.

Step 2: Edit the Hex File

Now you can edit b1.hex with any text editor. Modify the hex values in the middle columns:

1
2
3
4
vim b1.hex

# Or use your preferred editor
nano b1.hex

Example modification: Change instruction opcodes, string values, or jump addresses by editing the hex bytes.

Edit Carefully

Only modify the hex values in the middle columns. Don’t change:

The byte offsets (left column)
The line structure or spacing
The ASCII representation (right column) - it’s auto-generated

Even a small mistake can corrupt the binary and make it unexecutable.

Step 3: Convert Hex Back to Binary

After editing, convert the hex file back to a binary:

1
xxd -r b1.hex new_prog1.bin

The -r flag tells xxd to reverse the conversion (hex to binary).

Step 4: Compare Binaries Using Hex Diffs

To see what changed between two versions, create hex dumps of both and compare:

1
2
3
xxd prog1.bin > original.hex
xxd new_prog1.bin > modified.hex
diff original.hex modified.hex

Or use vimdiff for visual comparison:

1
vimdiff original.hex modified.hex

This shows exactly which bytes changed, making it easy to document or reverse your modifications.

Binary Diff Alternative

For a more concise binary comparison, you can also use:

1
cmp -l prog1.bin new_prog1.bin

This shows byte positions and values that differ between the two files.

Method 2: Using bsdiff (Binary Patches)

The bsdiff tool creates and applies binary patch files, useful for distributing modifications without sharing entire binaries.

Step 1: Install bsdiff

If not already installed:

1
2
sudo apt install bsdiff      # Debian/Ubuntu
sudo yum install bsdiff      # Fedora/RHEL

Step 2: Create a Binary Patch

Generate a patch file from an old and new version of a binary:

1
bsdiff old_prog.bin new_prog.bin patch.bin

This creates patch.bin, which contains only the differences between the two files; much smaller than distributing the entire new binary.

What this does:

Analyzes differences between old_prog.bin and new_prog.bin
Creates compressed patch file containing only changed bytes
Patch file can be distributed separately from the full binary

Patch Size

Patch files are typically much smaller than full binaries. For example, a 1MB binary with a few byte changes might produce a patch file of only a few KB.

Step 3: Apply a Binary Patch

To apply a patch file to the original binary:

1
bspatch old_prog.bin output.bin patch.bin

This applies the modifications from patch.bin to old_prog.bin, creating output.bin which matches new_prog.bin.

Use cases:

Distributing security fixes without sharing entire executables
Applying community patches to games or applications
Version control for binary files
Minimizing download sizes for updates

Step 4: Verify the Result

Always verify the patched binary matches expectations:

1
2
3
4
5
6
7
8
# Compare file sizes
ls -lh old_prog.bin output.bin new_prog.bin

# Check file integrity if you have checksums
sha256sum old_prog.bin output.bin new_prog.bin

# Test functionality
./output.bin --version

Practical Example: Patching a Simple Binary

Here’s a complete workflow for patching a binary to change a string:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
# 1. Create backup
cp myprogram.bin myprogram.bin.backup

# 2. Convert to hex
xxd myprogram.bin > myprogram.hex

# 3. Search for the string you want to change
grep -n "Hello" myprogram.hex

# 4. Edit the hex file (change the bytes)
vim myprogram.hex
# Find the line with "Hello" and change it to "Hallo" (or whatever fits)

# 5. Convert back to binary
xxd -r myprogram.hex myprogram_patched.bin

# 6. Make executable
chmod +x myprogram_patched.bin

# 7. Test
./myprogram_patched.bin

String Length Matters

When replacing strings in binaries, the replacement must be the same length or shorter than the original. Longer strings will overwrite adjacent data and likely crash the program. Pad shorter strings with null bytes (00) if needed.

Troubleshooting

Common Issues

Issue: Patched binary crashes or doesn’t execute Solution:

Verify hex file wasn’t corrupted during editing
Check that you didn’t modify file offsets or structure
Ensure executable permissions: chmod +x patched.bin
Compare with original to identify unexpected changes

Issue: bspatch fails with “corrupt patch” Solution:

Ensure the patch file wasn’t corrupted during transfer
Verify you’re using the correct original binary version
Check file permissions on all involved files

Issue: String replacement causes crashes Solution:

Replacement strings must be same length or shorter
Pad with null bytes (00) if shorter
Check for null terminators (00) at end of strings

Issue: Changes don’t seem to take effect Solution:

Clear any cached versions: rm -f cached_version
Verify you’re running the patched binary, not original
Check if binary has anti-tampering or signature verification

Best Practices

Binary Patching Tips

Always backup original files before patching
Document changes you make for future reference
Test thoroughly after applying patches
Use version control for patch files themselves
Verify checksums after applying patches
Keep patch files small by only modifying necessary bytes
Consider legal implications before modifying binaries

Next Steps

Now that you understand binary patching:

Learn assembly: Read Linux Syscalls in Assembly to understand what you’re modifying
Master GDB: Use GDB to inspect binaries and find patch locations
Study ELF format: Learn about executable file structure to patch safely
Practice with CTFs: Capture The Flag challenges often require binary patching skills

Advanced Tools

For more sophisticated binary modification:

radare2 - Reverse engineering framework with patching capabilities
Binary Ninja - Commercial binary analysis platform
Ghidra - NSA’s free reverse engineering tool
objcopy - GNU tool for modifying object files