Executable Code

Binwalk is a tool to scan for a binary image of embedded and executable files. It is designed specifically for identifying files and embedded code inside firmware images.

Binwalk uses the libmagic library, so this is consistent with the Unix file utility’s magical signatures.

  • Author: Craig Heffner
  • License: MIT

Binwalk also consists of a custom signature report containing specialized signatures for documents typically found in firmware files such as compressed / archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.

Firmware Scanning

To list all Binwalk options – [email protected]:~# binwalk -h

To scan for embedded file types and systems in the firmware – [email protected]:~# binwalk src_rxfw.07a

To delete known file types from the firmware image – -e, –extract

[email protected]:~# binwalk -e src_rxfw.07a

To scan the files again -M, –matryoshka

[email protected]:~# binwalk -Me src_rxfw.07a

To extract from the firmware image a specific signature type

[email protected]:~# binwalk -D ‘png image:png’ src_rxfw.07a

Entropical evaluation can help to discover fascinating factual parts in a firmware picture

[email protected]:~# binwalk -E src_rxfw.07a

To diff the Hexdump values -W, –diff

[email protected]:~# binwalk -W src_rxfw.07a

To disable and enable plugin -X, -Y.

[email protected]:~# binwalk -X src_rxfw.07a

For a forensic analyst, Binwalk is a critical tool. In a forensic investigation it can be a precious device combined with other equipment.



Please enter your comment!
Please enter your name here