Binwalk is a tool to scan for a binary image of embedded and executable files. It is designed specifically for identifying files and embedded code inside firmware images.
Binwalk uses the libmagic library, so this is consistent with the Unix file utility’s magical signatures.
- Author: Craig Heffner
- License: MIT
Binwalk also consists of a custom signature report containing specialized signatures for documents typically found in firmware files such as compressed / archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.
To list all Binwalk options – root@kali:~# binwalk -h
To scan for embedded file types and systems in the firmware – root@kali:~# binwalk src_rxfw.07a
To delete known file types from the firmware image – -e, –extract
root@kali:~# binwalk -e src_rxfw.07a
To scan the files again -M, –matryoshka
root@kali:~# binwalk -Me src_rxfw.07a
To extract from the firmware image a specific signature type
root@kali:~# binwalk -D ‘png image:png’ src_rxfw.07a
Entropical evaluation can help to discover fascinating factual parts in a firmware picture
root@kali:~# binwalk -E src_rxfw.07a
To diff the Hexdump values -W, –diff
root@kali:~# binwalk -W src_rxfw.07a
To disable and enable plugin -X, -Y.
root@kali:~# binwalk -X src_rxfw.07a
For a forensic analyst, Binwalk is a critical tool. In a forensic investigation it can be a precious device combined with other equipment.