Binwalk包装说明

Binwalk是用于搜索给定二进制图像的嵌入式文件和可执行代码的工具。具体地说，它被设计用于识别文件和嵌入固件映像的内部码。 Binwalk使用libmagic库，所以它与Unix文件实用程序创建的魔法签名兼容。 Binwalk也包括其中包含改进的签名文件，这些文件中固件映像常见的如压缩/归档文件，固件头，Linux内核，引导程序，文件系统等定制神奇的签名档

Binwalk首页 | 卡利Binwalk回购

• 作者：克雷格·Heffner
• 许可：MIT

  0x01 包含在binwalk包工具

  binwalk - 固件分析工具

  :~# binwalk -h
  Binwalk v1.2.2-1
  Craig Heffner, http://www.devttys0.com
  Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...
  Signature Analysis:
    -B, --binwalk                 Perform a file signature scan (default)
    -R, --raw-bytes=<string>      Search for a custom signature
    -A, --opcodes                 Scan for executable code signatures
    -C, --cast                    Cast file contents as various data types
    -m, --magic=<file>            Specify an alternate magic file to use
    -x, --exclude=<filter>        Exclude matches that have <filter> in their description
    -y, --include=<filter>        Only search for matches that have <filter> in their description
    -I, --show-invalid            Show results marked as invalid
    -T, --ignore-time-skew        Do not show results that have timestamps more than 1 year in the future
    -k, --keep-going              Show all matching results at a given offset, not just the first one
    -b, --dumb                    Disable smart signature keywords
  Strings Analysis:
    -S, --strings                 Scan for ASCII strings (may be combined with -B, -R, -A, or -E)
    -s, --strlen=<n>              Set the minimum string length to search for (default: 3)
  Entropy Analysis:
    -E, --entropy                 Plot file entropy (may be combined with -B, -R, -A, or -S)
    -H, --heuristic               Identify unknown compression/encryption based on entropy heuristics (implies -E)
    -K, --block=<int>             Set the block size for entropy analysis (default: 1024)
    -a, --gzip                    Use gzip compression ratios to measure entropy
    -N, --no-plot                 Do not generate an entropy plot graph
    -F, --marker=<offset:name>    Add a marker to the entropy plot graph
    -Q, --no-legend               Omit the legend from the entropy plot graph
    -J, --save-plot               Save plot as an SVG (implied if multiple files are specified)
  Binary Diffing:
    -W, --diff                    Hexdump / diff the specified files
    -K, --block=<int>             Number of bytes to display per line (default: 16)
    -G, --green                   Only show hex dump lines that contain bytes which were the same in all files
    -i, --red                     Only show hex dump lines that contain bytes which were different in all files
    -U, --blue                    Only show hex dump lines that contain bytes which were different in some files
    -w, --terse                   Diff all files, but only display a hex dump of the first file
  Extraction Options:
    -D, --dd=<type:ext[:cmd]>     Extract <type> signatures, give the files an extension of <ext>, and execute <cmd>
    -e, --extract=[file]          Automatically extract known file types; load rules from file, if specified
    -M, --matryoshka              Recursively scan extracted files, up to 8 levels deep
    -r, --rm                      Cleanup extracted files and zero-size files
    -d, --delay                   Delay file extraction for files with known footers
  Plugin Options:
    -X, --disable-plugin=<name>   Disable a plugin by name
    -Y, --enable-plugin=<name>    Enable a plugin by name
    -p, --disable-plugins         Do not load any binwalk plugins
    -L, --list-plugins            List all user and system plugins by name
  General Options:
    -o, --offset=<int>            Start scan at this file offset
    -l, --length=<int>            Number of bytes to scan
    -g, --grep=<text>             Grep results for the specified text
    -f, --file=<file>             Log results to file
    -c, --csv                     Log results to file in csv format
    -O, --skip-unopened           Ignore file open errors and process only the files that can be opened
    -t, --term                    Format output to fit the terminal window
    -q, --quiet                   Supress output to stdout
    -v, --verbose                 Be verbose (specify twice for very verbose)
    -u, --update                  Update magic signature files
    -?, --examples                Show example usage
    -h, --help                    Show help output
  

  0x02 binwalk用法示例

  运行文件签名 扫描（-B） 在给定的固件文件 （DD-wrt.v24-13064_VINT_mini.bin）：

:~# binwalk -B dd-wrt.v24-13064_VINT_mini.bin 
DECIMAL     HEX         DESCRIPTION
-------------------------------------------------------------------------------------------------------------------
0           0x0         TRX firmware header, little endian, header size: 28 bytes, image size: 2945024 bytes, CRC32: 0x4D27FDC4 flags: 0x0, version: 1
28          0x1C        gzip compressed data, from Unix, NULL date: Wed Dec 31 19:00:00 1969, max compression
2472        0x9A8       LZMA compressed data, properties: 0x6E, dictionary size: 2097152 bytes, uncompressed size: 2084864 bytes
622592      0x98000     Squashfs filesystem, little endian, DD-WRT signature, version 3.0, size: 2320835 bytes,  547 inodes, blocksize: 131072 bytes, created: Mon Nov  2 07:24:06 2009

原文来自:https://www.hackfun.org/kali-tools/binwalk_zh.html。转载请注明原出处，商用请联系原作者授权。