Hex Dump and Text-to-Hex Encoding

A hex dump shows the hexadecimal byte values of text or binary data alongside its ASCII representation, which is the standard way to inspect binary files, network packets, and protocol messages at the byte level. This collection shows hex dump output for common strings and protocol magic bytes. The text-to-hex converter is useful when constructing binary protocol messages, debugging network captures, and verifying byte-level encoding in security work. Each ASCII character maps to a predictable two-digit hex value you will quickly memorize. The ASCII table maps every printable character to a number from 32 to 126. In hex: space is 0x20, uppercase A is 0x41, lowercase a is 0x61 (exactly 0x20 more than uppercase — the case difference is always a single bit flip). Digits 0-9 map to 0x30-0x39. This predictable layout means experienced developers can read short hex strings directly: "48 65 6C 6C 6F" is immediately recognizable as "Hello" once you know H=0x48, e=0x65, l=0x6C, o=0x6F. Hex dumps are the primary tool for understanding binary file formats. Every file type has identifying characteristics at known byte offsets. The JPEG format begins with the magic bytes FF D8 FF E0 or FF D8 FF E1 — any file starting with these bytes is a valid JPEG regardless of its extension. PNG files start with 89 50 4E 47 0D 0A 1A 0A — the 89 byte (non-ASCII) was deliberately chosen to detect transmission systems that strip high bits. PDF files start with 25 50 44 46 2D, which is the ASCII string %PDF- followed by the version number. ZIP archives start with 50 4B 03 04 — the letters "PK" after Phil Katz, who created the format. Control characters appear in hex dumps as values below 0x20: null terminator is 0x00, tab is 0x09, line feed (Unix newline) is 0x0A, carriage return is 0x0D, and escape is 0x1B. When a file's line endings look corrupted, a hex dump immediately reveals whether the file uses LF (0x0A), CRLF (0x0D 0x0A), or CR (0x0D) line endings. This is the fastest way to diagnose line ending problems in shell scripts or configuration files that behave differently on different operating systems. Network protocol debugging uses hex dumps to inspect raw packet payloads. When Wireshark captures an HTTP request, the hex dump shows the exact bytes transmitted — including whether Content-Type headers use the correct encoding and whether request bodies are properly null-terminated. Binary protocols like MQTT, Redis RESP, and custom game protocols require hex-level inspection to verify message framing and byte ordering (little-endian vs. big-endian integers). Security analysis relies on hex dumps to examine malware, shellcode, and obfuscated payloads. Shellcode typically begins with recognizable patterns: EB XX (short jump), 90 (NOP), or E8 (call). Encrypted or packed executables lack the readable strings and consistent byte patterns of normal code. Comparing hex dumps before and after encryption visually demonstrates randomization. For constructing binary protocol messages manually: convert each field's value to hex, concatenate with the correct byte order, and verify the total length matches the protocol specification. The text-to-hex converter handles this for ASCII string fields; integer fields require manual conversion with attention to endianness.

# ASCII text to hex
Hello → 48 65 6C 6C 6F
World → 57 6F 72 6C 64

# HTTP method bytes
GET  → 47 45 54
POST → 50 4F 53 54

# File magic bytes (signatures)
PNG:  89 50 4E 47 0D 0A 1A 0A
JPEG: FF D8 FF E0
PDF:  25 50 44 46 2D    (%PDF-)
ZIP:  50 4B 03 04

# Null byte and control chars
\0  = 00    \n = 0A    \r = 0D    \t = 09