Short Tutorial: Firmware Analysis Tool Binwalk [Updated 2024]
Tool: Binwalk (used in Forensic Analysis and Reverse Engineering)
Author: Craig Heffner
Use: Analyze and extract firmware images and help in identifying code, files, and other information embedded in the binary image of firmware. Binwalk uses a libmagic library and custom magic signature file, which makes it more effective in analyzing executable binaries.
Short Tutorial: Firmware Analysis Tool Binwalk
Download Link https://github.com/ReFirmLabs/binwalk
Installation
It is pre-installed on the Kali Linux operating system. Just remember Binwalk's older version is not compatible with the latest versions, hence it is suggested to uninstall the older version before installing the latest version to avoid any API conflict.
If you want to install it on a Linux system, you need to install a python3 interpreter as a prerequisite.
sudo apt-get update sudo apt-get install python3
Then download the Binwalk binary from the download link mentioned above, Navigate to unzip the download directory, and use the below command for installation:
$ sudo python3 setup.py install
How to Uninstall Binwalk from your system
You can uninstall Binwalk by just using a one-line command as mentioned below:
sudo python3 setup.py uninstall
Tool help
The below command displays all options
$ binwalk -h
Tool Usage Examples
(1) Scan to identify code, files, and other information
$ binwalk <firmware-image>
(2) Extract files from firmware
$ binwalk -e <firmware-image>
(3) Extract files from firmware recursively
$ binwalk -Me <firmware-image>
Top 10 Firmware Security Vulnerabilities
(4) Generate differences between firmware images
$ binwalk -W <firmware1-image> <firmware2-image> <firmware3-image>
(5) Signature Analysis
$ binwalk -B <firmware-image>
(6) Entropy Analysis
$ binwalk -E <firmware-image>
Low entropy signifies encryption mechanism may not be implemented while high entropy signifies the availability of an encryption mechanism
(7) Upgrade to the latest version
$ sudo binwalk -u
(8) Verbose Output
$ binwalk --verbose <firmware-image>
(9) Capture log files
$ binwalk -f file.log <firmware-image>
(10) Format output to a current terminal
$ binwalk -t <firmware-image>
(11) To display the filesystem of binary
$ binwalk -y 'filesystem' <firmware-image>
(12) To display the CPU architecture of binary
binwalk --disasm <firmware-image>
(13) To display the Endianness of binary
binwalk -y "endian" <firmware-image>
(14) To extract the firmware recursively and decompress the file
binwalk -reM <firmware-image>
Conclusion
Binwalk is one of the best tools available for analyzing the security vulnerabilities of the firmware image. However, other online tools such as Binvis and some standalone tools can also be used for finding issues.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
hey