Binwalk is a tool to scan for a binary image of embedded and executable files. It is designed specifically for identifying files and embedded code inside firmware images.
Binwalk uses the libmagic library, so this is consistent with the Unix file utility’s magical signatures.
- Author: Craig Heffner
- License: MIT
Binwalk also consists of a custom signature report containing specialized signatures for documents typically found in firmware files such as compressed / archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.
To list all Binwalk options – [email protected]:~# binwalk -h
To scan for embedded file types and systems in the firmware – [email protected]:~# binwalk src_rxfw.07a
To delete known file types from the firmware image – -e, –extract
[email protected]:~# binwalk -e src_rxfw.07a
To scan the files again -M, –matryoshka
[email protected]:~# binwalk -Me src_rxfw.07a
To extract from the firmware image a specific signature type
[email protected]:~# binwalk -D ‘png image:png’ src_rxfw.07a
Entropical evaluation can help to discover fascinating factual parts in a firmware picture
[email protected]:~# binwalk -E src_rxfw.07a
To diff the Hexdump values -W, –diff
[email protected]:~# binwalk -W src_rxfw.07a
To disable and enable plugin -X, -Y.
[email protected]:~# binwalk -X src_rxfw.07a
For a forensic analyst, Binwalk is a critical tool. In a forensic investigation it can be a precious device combined with other equipment.