00000000 de ad be ef 00 15 00 50 |.....P| ^^^^^^^^^^ TCP Source Port ^^^^^ TCP Dest Port Suppose you’re parsing a custom binary protocol with a header:
tshark -r capture.pcap -Y "udp" -T fields -e data | xxd -r -p | xdumpgo -c -g 1 Dump raw memory from a serial monitor log: xdumpgo tutorial
func (p IPv4Plugin) Decode(data []byte) (interface{}, error) if len(data) < 4 return nil, fmt.Errorf("need 4 bytes") 00000000 de ad be ef 00 15 00 50 |
xdumpgo --plugin ipv4 -g 4 dump.bin 1. Reverse Engineering a Game Save File saveData, _ := os.ReadFile("game.sav") cfg := xdumpgo.DefaultConfig() cfg.GroupSize = 4 cfg.Endian = xdumpgo.LittleEndian xdumpgo.NewDumper(cfg).Write(os.Stdout, saveData) Spot checksum fields and embedded strings instantly. 2. Network Packet Analysis (PCAP payload) Extract UDP payload and dump it: Network Packet Analysis (PCAP payload) Extract UDP payload
type MyFormatter struct{} func (f MyFormatter) Format(offset uint64, bytes []byte, ascii string) string return fmt.Sprintf("[%08x] %v -> %q", offset, bytes, ascii)
type IPv4Plugin struct{} func (p IPv4Plugin) Name() string return "ipv4"
func main() data := []byte("Hello xdumpgo! Let's inspect this sentence.") cfg := xdumpgo.DefaultConfig() cfg.GroupSize = 2 cfg.Endian = xdumpgo.LittleEndian cfg.Color = true