Convert Hex to Binary

Enter your hexadecimal values below—one per line—and get instant binary conversions. Whether you're reverse engineering opcodes, analyzing firmware dumps, or working with low-level bit operations, this tool converts hex to binary using standard nibble expansion.

HEXADECIMAL

Enter hexadecimal values to convert

BINARY

Outputs binary (base-2) representation

Loading converter...

How to convert Hexadecimal to Binary - a step by step tutorial

Critical for reverse engineering and malware analysis. Expand hex opcodes into binary bit patterns to understand instruction encoding and shellcode structure.

Quick Reference

Each hex digit expands to exactly 4 binary bits (one nibble). This direct mapping makes hex-to-binary conversion essential for reverse engineering and malware analysis.

Split Hex Digits

Separate each hexadecimal digit (0-9, A-F). Process each digit individually for conversion.

0x2A → 2 and A

Convert to 4-Bit Binary

Replace each hex digit with its 4-bit binary equivalent using hex-to-nibble lookup table.

2 = 0010, A = 1010

Concatenate Nibbles

Join all 4-bit groups together in order. This gives the complete binary representation.

0010 1010 = 00101010

Analyze Bit Pattern

Interpret the binary for opcodes, flags, or data structures. Binary reveals the true underlying pattern.

0x2A₁₆ = 00101010₂ = 42₁₀

Hex to Binary for Reverse Engineering

Disassemblers show machine code in hex, but understanding instruction encoding requires binary analysis. Convert hex opcodes to binary to decode instruction formats and operands.

x86Intel x86 Instruction Decoding

; Hex opcode from disassembler

83 C4 08

; Convert to binary for analysis

83 → 10000011

C4 → 11000100

08 → 00001000

; Decoded: ADD ESP, 8 (adjust stack)

Binary reveals the ModR/M byte structure: bits 7-6 (mod), bits 5-3 (reg), bits 2-0 (r/m). Essential for understanding instruction encoding.

ARMARM Thumb-2 Analysis

// Firmware hex dump

0x4FF0 0x0000

// Binary breakdown

4FF0 → 0100 1111 1111 0000

0000 → 0000 0000 0000 0000

// MOV.W R0, #0 (32-bit Thumb instruction)

Thumb-2 uses 16-bit and 32-bit instructions. Binary analysis identifies instruction type by examining bit patterns in the first halfword.

MIPSMIPS Instruction Format

# Router firmware opcode

0x8C620004

# Binary field extraction

100011 00011 00010 0000000000000100

# opcode rs rt immediate

# LW $2, 4($3) - load word from memory

MIPS uses fixed 32-bit instruction format. Binary reveals opcode (6 bits), source register (5 bits), target register (5 bits), and immediate value (16 bits).

Hex to Binary in Security Research

🔍

Shellcode Analysis

Exploit payloads appear as hex strings (\\x90\\x90\\xEB\\xFE). Converting to binary reveals NOP sleds (10010000 = 0x90), jump instructions, and return addresses. Security researchers decode shellcode to understand attack vectors.

🦠

Malware Unpacking

Packed malware hides code in encrypted hex blocks. Binary analysis of decryption stubs (XOR loops, ROR operations) helps identify unpacking algorithms. IDA Pro and Ghidra display hex; understanding binary bit shifts is crucial.

📡

Firmware Extraction

IoT device firmware dumps contain hex boot loaders and kernels. Binary patterns identify file headers (ELF magic: 0x7F454C46 = 01111111 01000101...), encryption markers, and memory-mapped peripheral registers.

🛡️

Binary Patching

Software cracks modify hex bytes in executables. Convert hex to binary to understand conditional jumps (JE/JNE), then flip specific bits to bypass license checks. Cheat Engine and x64dbg rely on hex-to-binary for precise byte modifications.

🔐

Cryptanalysis

Weak encryption often uses XOR with hex keys. Binary XOR analysis reveals patterns: 0x5A XOR 0xFF = 10100101 XOR 11111111 = 01011010 (bitwise complement). Side-channel attacks examine binary bit flips in AES S-boxes.

⚙️

Protocol Reverse Engineering

Proprietary network protocols send hex packets. Binary breakdown reveals flag bits, version numbers, and length fields. Wireshark displays hex; binary context clarifies bit-packed header structures (3 bits type + 5 bits length).

Complete Hex to Binary Reference Table

Quick reference for disassembly and reverse engineering. Each hex digit directly maps to its 4-bit binary representation.

Hex	Binary (4-bit)	Use Case
0	0000	All bits clear
1	0001	LSB set
2	0010	Bit 1 set
3	0011	Lower 2 bits
4	0100	Bit 2 set
5	0101	Bits 0,2
6	0110	Bits 1,2
7	0111	Lower 3 bits

Hex	Binary (4-bit)	Use Case
8	1000	MSB set (sign)
9	1001	Bits 0,3
A	1010	Alternating
B	1011	Upper+bit 0,1
C	1100	Upper 2 bits
D	1101	Bits 0,2,3
E	1110	Upper 3 bits
F	1111	All bits set

Recognizing Common Opcodes in Binary

Security researchers memorize frequent instruction patterns. Hex opcodes in disassemblers reveal their purpose when converted to binary.

x86 Common Instructions

0x9010010000NOP (no operation)

0xC311000011RET (return)

0xCC11001100INT 3 (breakpoint)

0xEB11101011JMP short

0x7401110100JE/JZ (jump if equal)

ARM Thumb Patterns

0x46C00100011011000000NOP (MOV R8,R8)

0x47700100011101110000BX LR (return)

0xBE001011111000000000BKPT 0 (breakpoint)

0xE7FE1110011111111110B . (infinite loop)

0x20000010000000000000MOVS R0, #0

Hex to Binary: Reverse Engineering FAQs

Why convert hex opcodes to binary for reverse engineering?

Binary reveals instruction bit fields that hex obscures. x86 ModR/M byte 0xC4 (11000100) shows mod=11 (register), reg=000 (AL/AX/EAX), r/m=100 (SP). Hex hides this structure; binary makes it visible for manual instruction decoding.

How to identify shellcode vs data in hex dumps?

Look for binary patterns after conversion: NOP sleds (10010000 repeating = 0x90), jump instructions (111xxxxx = 0xE0-0xFF range in x86), and RET bytes (11000011 = 0xC3). Data has random binary distribution; code shows instruction pattern clustering.

What binary patterns indicate packed/encrypted malware?

High entropy (random-looking binary) with small executable stub. Convert stub hex to binary and look for XOR loops: 0x34 (00110100) = XOR AL, immediate. Packers like UPX leave recognizable binary decryption patterns in the entry point code.

How does endianness affect hex-to-binary analysis?

Little-endian reverses byte order, not bit order. Hex 0x12345678 in memory (little-endian): 78 56 34 12. Each byte converts to binary independently: 78 = 01111000, 56 = 01010110. Analyze individual bytes in binary, then consider multi-byte assembly in reverse order.

Can I identify x86 vs ARM code from binary patterns?

Yes! x86 has variable-length instructions with patterns like 01001xxx (INC/DEC reg). ARM Thumb uses fixed 16-bit: 010000xxxx = data processing. ARM32 is fixed 32-bit with condition codes in bits 31-28 (1110 = AL = always). Binary pattern analysis reveals architecture.

How to patch binary without corrupting instruction alignment?

Convert hex to binary to see instruction boundaries. x86: single-byte NOP (0x90 = 10010000) safe to insert. Multi-byte changes risk misalignment. ARM Thumb requires 2-byte alignment; patch in pairs. Binary view shows byte boundaries and prevents mid-instruction corruption.