Penetration testing course: 0x02.2 Hexadecimal Numeral System

In the previous article we saw how binary numbers are represented and how to convert from decimal to binary and vice versa, finally how to perform operations like addition, substraction, multiplication, division and bitwise operations between binary numbers. In this lesson we’ll talk about the hexadecimal system and why it is important for computer science in general.


In mathematics and computing, hexadecimal (also base 16, or hex) is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0–9 to represent values zero to nine, and A, B, C, D, E, F (or alternatively a, b, c, d, e, f) to represent values ten to fifteen.


Hexadecimal numbers are widely used in computer science. Here I give you a list of the main use cases:

  • In URIs (including URLs), character codes are written as hexadecimal pairs prefixed with %: where %20 is the space (blank) character (code value 20 in hex, 32 in decimal).
  • Unicode is a computing industry standard for the consistent encoding, representation, and handling of text expressed in most of the world’s writing systems. Unicode defines a codespace of 1,114,112 code points in the range 0hex to 10FFFFhex. Normally a Unicode code point is referred to by writing “U+” followed by its hexadecimal number.
  • Color references in HTMLCSS and X Window can be expressed with six hexadecimal digits (two each for the red, green and blue components, in that order) prefixed with #. Example: White #FFFFFF ; black: #000000.
  • *nix (Unix and related) shells, AT&T assembly language and likewise the C programming language, which was designed for Unix (and the syntactic descendants of C – including C++, C#, D, Java, JavaScript, Python and Windows PowerShell) use the prefix 0x for numeric constants represented in hex. Did you notice how I represented chapters and paragraphs of this course? Yes, I used hex constants for that!
  • Any IPv6 address can be written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). This, for example, is a valid IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 .
  • Globally unique identifiers (GUID) are written as thirty-two hexadecimal digits, often in unequal hyphen-separated groupings, for example {3F2504E0-4F89-41D3-9A0C-0305E82C3301}. GUID are used in Windows systems to represent classes and interfaces of COM objects (did you ever see a sequence like that in the Windows registry? Well, that is hex encoded). Besides GUID is also used by the GTP partition table system and can sometimes be used by developers as primary key while building databases to ensure uniqueness between database servers.
  • Raw network packets are represent in hex as well. In case you missed it, fire up tcpdump or wireshark to find out!


RAM or Random Access Memory is a particular type of volatile memory where data is loaded for being processed by the CPU and used by programs. It is temporary and fast. Any data located at any memory address can be retrieved almost instantly, no matter the position, unlike other memory systems (like hard drives, CDs, DVDs, where the position is related to the seek time). Have you ever noticed your Windows machine becomes slow as hell after installing many programs, executing system updates, downloading many files? Well, that’s because files are stored in non contiguous chunks of data. This optimizes the speed while saving files, but it’s obviously not efficient when you have to retrieve them. That’s why defragmenting a hard drive is important. It moves the chunks of data related to the same file into the same cluster in the correct order, besides the most frequently used files are stored in a portion of the hard disk that can be accessed faster. Linux and Mac OS X systems are projected in a way not to produce fragments of file, so if you use any of the 2 systems you are safe. Moreover with the introduction of SSD hard drives, speed increased considerably. Nice digression, but let’s go back to the RAM. Any piece of data that is stored in RAM is located at a certain memory address. The memory address is made of 2 hex numbers separated by a colon (:), the segment address and the offset. The actual memory address is calculated by adding a zero to the right of the segment address and adding the offset value, like this: C800:5 = C8000 + 5 = C8005.


If you have a Linux system you can use a variety of command line utilities for viewing the hex representation of a file. For example you can use xxd:

xxd creates a hex dump of a given file or standard input. It can also
convert a hex dump back to its original binary form. Like uuencode
and uudecode it allows the transmission of binary data in a ‘mail-
safe’ ASCII representation, but has the advantage of decoding to stan-
dard output. Moreover, it can be used to perform binary file patching.

If you are not the command line type of guy, then you may like Bless or wxHexEditor.

Bless hex editor

Bless hex editor





If you use a Windows system then you can try HxD or HexEdit.






Hex editors are very useful when you have to edit something because they often show the ASCII representation alongside the hex code, so it’s easy to locate the part you are interested in.


Well, that’s easy, as we saw hex is a way of encoding data and hackers are interested in viewing and altering data in order to achieve their goals. When hackers want to alter the code of a program they’ll often use a hex editor or a disassembler like IDA Pro, ImmunityDebugger, OllyDBG, W32DASM, Hiew, PE Explorer, Radare2, Hopper.. We’ll come back to this when we’ll talk about  Software Cracking, Malware Analysis and Forensics.

Hackers and security professionals like penetration tester also love hex because it allows to load payloads directly in memory (RAM) without touching the disk and this is an important element for AV evasion. This kind of payload is normally referred to as shellcode. This is an exciting topic and I’m sure you are interested in this, but we’ll get back to it at due time, as we are progressing step by step through the path for becoming a professional ethical hacker or penetration tester.

example of shellcode

example of shellcode

See the cute hex code? Isn’t it lovely? 😀

See you at the next lesson!

Did you enjoy this article?
Signup today and receive free updates straight in your inbox. We will never share or sell your email address.

Author: Fabio Baroni   Date: 2015-12-30 14:20:23

Related posts:

Comments 2

  1. Pingback: Dan

    1. Post

Leave a Reply

Your email address will not be published. Required fields are marked *