Binwalk是用于搜索给定二进制图像的嵌入式文件和可执行代码的工具。具体地说,它被设计用于识别文件和嵌入固件映像的内部码。 Binwalk使用libmagic库,所以它与Unix文件实用程序创建的魔法签名兼容。 Binwalk也包括其中包含改进的签名文件,这些文件中固件映像常见的如压缩/归档文件,固件头,Linux内核,引导程序,文件系统等定制神奇的签名档

Binwalk首页 | 卡利Binwalk回购

  • 作者:克雷格·Heffner
  • 许可:MIT

    0x01 包含在binwalk包工具

    binwalk - 固件分析工具
    :~# binwalk -h
    Binwalk v1.2.2-1
    Craig Heffner,
    Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...
    Signature Analysis:
      -B, --binwalk                 Perform a file signature scan (default)
      -R, --raw-bytes=<string>      Search for a custom signature
      -A, --opcodes                 Scan for executable code signatures
      -C, --cast                    Cast file contents as various data types
      -m, --magic=<file>            Specify an alternate magic file to use
      -x, --exclude=<filter>        Exclude matches that have <filter> in their description
      -y, --include=<filter>        Only search for matches that have <filter> in their description
      -I, --show-invalid            Show results marked as invalid
      -T, --ignore-time-skew        Do not show results that have timestamps more than 1 year in the future
      -k, --keep-going              Show all matching results at a given offset, not just the first one
      -b, --dumb                    Disable smart signature keywords
    Strings Analysis:
      -S, --strings                 Scan for ASCII strings (may be combined with -B, -R, -A, or -E)
      -s, --strlen=<n>              Set the minimum string length to search for (default: 3)
    Entropy Analysis:
      -E, --entropy                 Plot file entropy (may be combined with -B, -R, -A, or -S)
      -H, --heuristic               Identify unknown compression/encryption based on entropy heuristics (implies -E)
      -K, --block=<int>             Set the block size for entropy analysis (default: 1024)
      -a, --gzip                    Use gzip compression ratios to measure entropy
      -N, --no-plot                 Do not generate an entropy plot graph
      -F, --marker=<offset:name>    Add a marker to the entropy plot graph
      -Q, --no-legend               Omit the legend from the entropy plot graph
      -J, --save-plot               Save plot as an SVG (implied if multiple files are specified)
    Binary Diffing:
      -W, --diff                    Hexdump / diff the specified files
      -K, --block=<int>             Number of bytes to display per line (default: 16)
      -G, --green                   Only show hex dump lines that contain bytes which were the same in all files
      -i, --red                     Only show hex dump lines that contain bytes which were different in all files
      -U, --blue                    Only show hex dump lines that contain bytes which were different in some files
      -w, --terse                   Diff all files, but only display a hex dump of the first file
    Extraction Options:
      -D, --dd=<type:ext[:cmd]>     Extract <type> signatures, give the files an extension of <ext>, and execute <cmd>
      -e, --extract=[file]          Automatically extract known file types; load rules from file, if specified
      -M, --matryoshka              Recursively scan extracted files, up to 8 levels deep
      -r, --rm                      Cleanup extracted files and zero-size files
      -d, --delay                   Delay file extraction for files with known footers
    Plugin Options:
      -X, --disable-plugin=<name>   Disable a plugin by name
      -Y, --enable-plugin=<name>    Enable a plugin by name
      -p, --disable-plugins         Do not load any binwalk plugins
      -L, --list-plugins            List all user and system plugins by name
    General Options:
      -o, --offset=<int>            Start scan at this file offset
      -l, --length=<int>            Number of bytes to scan
      -g, --grep=<text>             Grep results for the specified text
      -f, --file=<file>             Log results to file
      -c, --csv                     Log results to file in csv format
      -O, --skip-unopened           Ignore file open errors and process only the files that can be opened
      -t, --term                    Format output to fit the terminal window
      -q, --quiet                   Supress output to stdout
      -v, --verbose                 Be verbose (specify twice for very verbose)
      -u, --update                  Update magic signature files
      -?, --examples                Show example usage
      -h, --help                    Show help output

    0x02 binwalk用法示例

    运行文件签名 扫描(-B) 在给定的固件文件 (DD-wrt.v24-13064_VINT_mini.bin):
:~# binwalk -B dd-wrt.v24-13064_VINT_mini.bin 
0           0x0         TRX firmware header, little endian, header size: 28 bytes, image size: 2945024 bytes, CRC32: 0x4D27FDC4 flags: 0x0, version: 1
28          0x1C        gzip compressed data, from Unix, NULL date: Wed Dec 31 19:00:00 1969, max compression
2472        0x9A8       LZMA compressed data, properties: 0x6E, dictionary size: 2097152 bytes, uncompressed size: 2084864 bytes
622592      0x98000     Squashfs filesystem, little endian, DD-WRT signature, version 3.0, size: 2320835 bytes,  547 inodes, blocksize: 131072 bytes, created: Mon Nov  2 07:24:06 2009


results matching ""

    No results matching ""