Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images.
Features of Binwalk Firmware Security Analysis & Extraction Tool
- Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems
- File Extraction – You can tell binwalk to extract any files that it finds in the firmware image
- Entropy Analysis – Can help identify interesting sections of data inside a firmware image
- String Search – Allows you to search the specified file(s) for a custom string
There are also various filters such as by CPU architecture, number of instructions, include filter, exclude filter,
Installation of Binwalk Firmware Security Analysis & Extraction Tool
$ wget https://github.com/ReFirmLabs/binwalk/archive/master.zip
$ unzip master.zip
Install binwalk; if you have a previously installed version of binwalk, it is suggested that you uninstall it before upgrading:
$ (cd binwalk–master && sudo python setup.py uninstall && sudo python setup.py install)
Debian users can install all optional and suggested extractors/dependencies using the included deps.sh script (recommended):
$ sudo ./binwalk–master/deps.sh
If you are not a Debian user, or if you wish to install only selected dependencies, see the
INSTALL documentation for more details.
Usage of Binwalk Firmware Security Analysis & Extraction Tool
You can tell binwalk to extract any files that it finds in the firmware image with the -e option:
$ binwalk –e firmware.bin
Binwalk will even recursively scan files as it extracts them if you also specify the -M option:
$ binwalk –Me firmware.bin
And if the -r option is specified, any file signatures that couldn’t be extracted – or that resulted in 0-size files – will be automatically deleted:
$ binwalk –Mre firmware.bin
To extract one specific signature type, specify one or more -D type options:
$ binwalk –D ‘png image:png’ firmware.bin
What happens if binwalk doesn’t report any signatures? Or, how do you know binwalk didn’t miss anything interesting?
Entropy analysis can help identify interesting sections of data inside a firmware image:
$ binwalk –E firmware.bin
You can download Binwalk here:
Or read more here.