Skip to content

Latest commit

 

History

History
78 lines (55 loc) · 2.46 KB

binwalk.md

File metadata and controls

78 lines (55 loc) · 2.46 KB

Binwalk

Binwalk is a powerful tool designed for analyzing, extracting, and reverse-engineering firmware images. It is frequently used by pentesters and security researchers for identifying embedded files and data in firmware, especially in IoT and hardware hacking.

Key Features

  • Signature Scanning
    • Binwalk scans firmware images for known file signatures such as compressed files, file systems, and cryptographic keys.
  • File Extraction
    • Automatically extracts embedded files and file systems from firmware images.
  • Entropy Analysis
    • Helps detect encrypted or compressed data by analyzing the randomness within a binary.
  • Custom Signatures
    • Users can define their own file signatures, expanding Binwalk's capabilities to detect specific patterns.

Cheat Sheet

# Scan a firmware image for known file signatures
binwalk firmware.bin

# Automatically extract embedded files from a firmware image
binwalk -e firmware.bin

# Analyze entropy to detect encrypted or compressed sections
binwalk -E firmware.bin

# Recursively extract files from deeply embedded archives
binwalk -Me firmware.bin

Installation

Binwalk can be easily installed on most Linux distributions using the following command:

sudo apt-get install binwalk

For other systems, or to build it from source, follow the instructions on the official Binwalk GitHub repository.

Usage

Here’s a quick breakdown of the most common commands:

  1. Basic Scan: To identify and list all known signatures in a firmware image:

    binwalk firmware.bin

  2. Extract Embedded Files: Automatically extract files found during the scan:

    binwalk -e firmware.bin

  3. Entropy Analysis: Useful for detecting compressed or encrypted sections within the firmware:

    binwalk -E firmware.bin

  4. Recursive Extraction: Extracts files recursively to dig deeper into embedded archives:

    binwalk -Me firmware.bin

Common Use Cases

  • Firmware Reverse Engineering
    • Binwalk helps break down firmware to find vulnerabilities, such as hardcoded credentials or encryption keys.
  • File System Extraction
    • Extract embedded file systems like JFFS2, SquashFS, etc. from IoT devices.
  • Cryptanalysis
    • Identify and locate encrypted sections of firmware for further investigation.

Resources