BINWALK

Description

Binwalk is a firmware analysis tool designed for analyzing, reverse engineering and extracting data contained in firmware images.

Written primarily in Python, it is fully scriptable and easily extendable via custom signatures and plugins.

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.

Usage

Syntax

 binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...

Options

Signature Scan Options:
    -B, --signature                     Scan target file(s) for common file signatures Binwalk 
    -R, --raw=<str>                     Scan target file(s) for the specified sequence of bytes
    -A, --opcodes                       Scan target file(s) for common executable opcodes
    -C, --cast                          Cast offsets as a given data type (use -y to specify the data type / endianess)
    -m, --magic=<file>                  Specify a custom magic file to use
    -b, --dumb                          Disable smart signature keywords Binwalk 

Extraction Options:
    -e, --extract                       Automatically extract known file types
    -D, --dd=<type:ext:cmd>             Extract <type> signatures, give the files an extension of <ext>, and execute <cm                                        d>
    -M, --matryoshka                    Recursively scan extracted files
    -d, --depth=<int>                   Limit matryoshka recursion depth (default: 8 levels deep)
    -j, --size=<int>                    Limit the size of each extracted file
    -r, --rm                            Cleanup extracted / zero-size files after extraction
    -z, --carve                         Carve data from files, but don't execute extraction utilities

Entropy Analysis Options:
    -E, --entropy                       Calculate file entropy
    -J, --save                          Save plot as a PNG
    -N, --nplot                         Do not generate an entropy plot graph
    -Q, --nlegend                       Omit the legend from the entropy plot graph

Fuzzy Hash Options:
    -F, --fuzzy                         Perform fuzzy hash matching on files/directories
    -u, --cutoff=<int>                  Set the cutoff percentage
    -S, --strings                       Diff strings inside files instead of the entire file
    -s, --same                          Only show files that are the same
    -p, --diff                          Only show files that are different
    -n, --name                          Only compare files whose base names are the same
    -L, --symlinks                      Don't ignore symlinks  

Raw Compression Options:
    -X, --deflate                       Scan for raw deflate compression streams

Binary Diffing Options:
    -W, --hexdump                       Perform a hexdump / diff of a file or files
    -G, --green                         Only show lines containing bytes that are the same among all files
    -i, --red                           Only show lines containing bytes that are different among all files
    -U, --blue                          Only show lines containing bytes that are different among some files
    -w, --terse                         Diff all files, but only display a hex dump of the first file

Binary Visualization Options:
    -3, --3D                            Generate a 3D binary visualization Binwalk  
    -2, --2D                            Project data points onto 3D cube walls only
    -Z, --points=<int>                  Set the maximum number of plotted data points
    -V, --grids                         Display the x-y-z grids in the resulting plot

Heuristic Compression Options:
    -H, --heuristic                     Heuristically classify high entropy data Binwalk 
    -a, --trigger=<float>               Set the entropy trigger level (0.0 - 1.0, default: 0.90)

General Options:
    -l, --length=<int>                  Number of bytes to scan
    -o, --offset=<int>                  Start scan at this file offset
    -K, --block=<int>                   Set file block size
    -g, --swap=<int>                    Reverse every n bytes before scanning
    -I, --invalid                       Show results marked as invalid
    -x, --exclude=<str>                 Exclude results that match <str>
    -y, --include=<str>                 Only show results that match <str>
    -f, --log=<file>                    Log results to file
    -c, --csv                           Log results to file in CSV format
    -t, --term                          Format output to fit the terminal window
    -q, --quiet                         Supress output to stdout
    -v, --verbose                       Enable verbose output
    -h, --help                          Show help output

Example

cyborg@cyborg:~$ binwalk -e DIR890LA1_FW107b09.bin 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             DLOB firmware header, boot partition: "dev=/dev/mtdblock/7"
116           0x74            LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 4905376 bytes
1835124       0x1C0074        PackImg section delimiter tag, little endian size: 9499136 bytes; big endian size: 15896576 bytes
1835156       0x1C0094        Squashfs filesystem, little endian, version 4.0, compression:lzma (non-standard type definition), size: 15894704 bytes,  2593 inodes, blocksize: 131072 bytes, created: Tue May 26 17:40:02 2015
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?