Short Tutorial: Firmware Analysis Tool Binwalk [Updated 2023]
Tool: Binwalk (use in Forensic Analysis)
Author: Craig Heffner
Use: Analyze and extract firmware images and help in identifying code, files, and other information embedded in the binary image of firmware. Binwalk uses a libmagic library and custom magic signature file, which makes it more effective in analyzing executable binaries.
Download Link https://github.com/ReFirmLabs/binwalk
It is pre-installed on Kali Linux operating system. Just remember Binwalk's older version is not compatible with the latest versions, hence it is suggested to uninstall the older version before installing the latest version to avoid any API conflict.
If you want to install it on a Linux system, you need to install a python3 interpreter as a prerequisite.
sudo apt-get update sudo apt-get install python3
Then download the Binwalk binary from the download link mentioned above, Navigate to unzip the download directory and use the below command for installation:
$ sudo python3 setup.py install
How to Uninstall Binwalk from your system
You can uninstall Binwalk by just using a one-line command as mentioned below:
sudo python3 setup.py uninstall
Below command display all options
$ binwalk -h
Tool Usage Examples:
(1) Scan to identify code, files, and other information
$ binwalk <firmware-image>
(2) Extract files from firmware
$ binwalk -e <firmware-image>
(3) Extract files from firmware recursively
$ binwalk -Me <firmware-image>
Top 10 Firmware Security Vulnerabilities
(4) Generate differences between firmware images
$ binwalk -W <firmware1-image> <firmware2-image> <firmware3-image>
Click Here for 10 Best C Programming Books
(5) Signature Analysis
$ binwalk -B <firmware-image>
(6) Entropy Analysis
$ binwalk -E <firmware-image>
Low entropy signifies encryption mechanism may not implement while high entropy signifies the availability of an encryption mechanism
(7) Upgrade to the latest version
$ sudo binwalk -u
(8) Verbose Output
(9) Capture log files
$ binwalk -f file.log <firmware-image>
(10) Format output to a current terminal
$ binwalk -t <firmware-image>
(11) To display filesystem of binary
$ binwalk -y 'filesystem' <firmware-image>
(12) To display CPU architecture of binary
(13) To display Endianness of binary
binwalk -y "endian" <firmware-image>
(14) To extract the firmware recursively and decompress the file
binwalk -reM <firmware-image>
Binwalk is one of the best tools available for analyzing the security vulnerabilities of the firmware image. Although, other online tools such as Binvis and some standalone tools for finding issues.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.