[Binwalk] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules.

Binwalk supports various types of analysis useful for inspecting and reverse engineering firmware, including:

• Embedded file identification and extraction
• Executable code identification
• Type casting
• Entropy analysis and graphing
• Heuristic data analysis
• "Smart" strings analysis

Binwalk's file signatures are (mostly) compatible with the magic signatures used by the Unix file utility, and include customized/improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, kernels, bootloaders, filesystems, etc.

Features

Binwalk is:

• Fast
• Flexible
• Extendable
• Easy to use

Binwalk can:

• Find and extract interesting files / data from binary images
• Find and extract raw compression streams
• Identify opcodes for a variety of architectures
• Perform data entropy analysis
• Heuristically analyze unknown compression / encryption
• Visualize binary data
• Diff an arbitrary number of files

Download Binwalk

[Binwalk v1.2.2] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules.

Binwalk supports various types of analysis useful for inspecting and reverse engineering firmware, including:

• Embedded file identification and extraction
• Executable code identification
• Type casting
• Entropy analysis and graphing
• Heuristic data analysis
• "Smart" strings analysis

Binwalk's file signatures are (mostly) compatible with the magic signatures used by the Unix file utility, and include customized/improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, kernels, bootloaders, filesystems, etc. 

Download Binwalk v1.2.2 

[Binwalk v1.2] Firmware Analysis Tool

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.

Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.

Changelog v1.2

• Recursive File Scanning and Extraction: Often files extracted by binwalk need to be further scanned / analyzed.
• Entropy and Strings Analysis: Binwalk’s signature analysis is great, but how do you know it didn’t miss something? What do you do if binwalk doesn’t find anything at all? Examining a file’s entropy can reveal a lot about its contents
• Plugin Support: In addition to a scriptable API, binwalk now supports plugins that are afforded considerable control over binwalk’s scan process. Plugins are particularly useful for extending or modifying binwalk’s analysis where custom signatures fall short.

Plugins are easy to write; check out some of the examples on the wiki!

Full Changelog: here

Download Binwalk v1.2