Short Tutorial: Firmware Analysis Tool Binwalk [Updated 2023]

Tool: Binwalk (use in Forensic Analysis)

Author: Craig Heffner

Use: Analyze and extract firmware images and help in identifying code, files, and other information embedded in the binary image of firmware. Binwalk usesĀ a libmagic library and custom magic signature file, which makes it more effective in analyzing executable binaries.

Download Link


It is pre-installed on Kali Linux operating system. Just remember Binwalk's older version is not compatible with the latest versions, hence it is suggested to uninstall the older version before installing the latest version to avoid any API conflict.

If you want to install it on a Linux system, you need to install a python3 interpreter as a prerequisite.

sudo apt-get update
sudo apt-get install python3

Then download the Binwalk binary from the download link mentioned above, Navigate to unzip the download directory and  use the below command for installation:

$ sudo python3 install

How to Uninstall Binwalk from your system

You can uninstall Binwalk by just using a one-line command as mentioned below:

sudo python3 uninstall

Tool help

Below command display all options

$ binwalk -h

Tool Usage Examples:

(1) Scan to identify code, files, and other information

$ binwalk <firmware-image>

(2) Extract files from firmware 

$ binwalk -e <firmware-image>

(3) Extract files from firmware recursively

$ binwalk -Me <firmware-image>

Top 10 Firmware Security Vulnerabilities

(4) Generate differences between firmware images

$ binwalk -W <firmware1-image> <firmware2-image> <firmware3-image>

Click Here for 10 Best C Programming Books

(5) Signature Analysis

$ binwalk -B <firmware-image>

(6) Entropy Analysis

$ binwalk -E <firmware-image>

Low entropy signifies encryption mechanism may not implement while high entropy signifies the availability of an encryption mechanism

(7) Upgrade to the latest version

$ sudo binwalk -u

(8) Verbose Output

$ binwalk --verbose <firmware-image>

(9) Capture log files

$ binwalk -f file.log <firmware-image>

(10) Format output to a current terminal

$ binwalk -t <firmware-image>

(11) To display filesystem of binary

$ binwalk -y 'filesystem' <firmware-image>

(12) To display CPU architecture of binary

binwalk --disasm <firmware-image>

(13) To display Endianness of binary

binwalk -y "endian"  <firmware-image> 

(14) To extract the firmware recursively and decompress the file

binwalk -reM  <firmware-image> 


Binwalk is one of the best tools available for analyzing the security vulnerabilities of the firmware image. Although, other online tools such as Binvis and some standalone tools for finding issues.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

1 Response

Leave a Reply

Your email address will not be published. Required fields are marked *