Compare hex files in Mac OS X (strings, hexdump)

diff or sdiff built-in utilities make it easy to compare text files:
example file txt1.txt

line #1
line #2
line #3

example file txt2.txt

line #1
line #2
line #4 <<<===this is where difference lies from the above file

Both diff and sdiff will give us a precise indication of which differences exist and where they are:

$ diff txt1.txt txt2.txt 
3c3
< line #3 <===this is the contents of the first argument ("<", left file)
---
> line #4 <===this is the contents of the second argument (">", right file)

$ sdiff txt1.txt txt2.txt
line #1                         line #1
line #2                         line #2
line                       |    line #4 <===files are shown side-by-side
                                            and differences highlighted

Now what would occur with two different binary files is:

$ diff bin1.bin bin2.bin 
Binary files bin1.bin and bin2.bin differ

Evidently that’s not enough for us…
Well, there’s built-in tools that would be useful in highlighting some discrepancies, namely strings and hexdump. Let’s take a look at both of them with some examples.

1. strings command is able to find any “printable” objects in a file:

$ strings bin1.bin 
_DYNAMIC
_GLOBAL_OFFSET_TABLE_
__gmon_start__
_init
...

You might notice this can be a long output, hmmm… What about the following?

$ strings bin1.bin | grep -i version
version 5.0.0.5, build 0

Whereas:

$ strings bin2.bin | grep -i version
version 4.1.0.7, build 0

Of course “version” is just an example but quite relevant IMHO. Up to you to identify a string that would be meaningful for a comparison.

2. even more detailed, hexdump command, as its name implies, can show you the entire contents of the file along with the hex-to-ASCII translation, for instance:

$ hexdump -C bin1.bin 
00000000  7f 45 4c 46 01 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
00000010  03 00 03 00 01 00 00 00  e0 1d 00 00 34 00 00 00  |............4...|
00000020  b8 88 00 00 00 00 00 00  34 00 20 00 04 00 28 00  |........4. ...(.|
00000030  21 00 1e 00 01 00 00 00  00 00 00 00 00 00 00 00  |!...............|
...

In this case the suggestion is to redirect the output to a text file that can be examined with diff or sdiff, or your favourite tools, later on.