Short Tutorial: Firmware Analysis Tool Binwalk [Updated 2024]

Tool: Binwalk (used in Forensic Analysis and Reverse Engineering)

Author: Craig Heffner

Use: Analyze and extract firmware images and help in identifying code, files, and other information embedded in the binary image of firmware. Binwalk uses a libmagic library and custom magic signature file, which makes it more effective in analyzing executable binaries.

Short Tutorial: Firmware Analysis Tool Binwalk

Download Link https://github.com/ReFirmLabs/binwalk

Installation 

It is pre-installed on the Kali Linux operating system. Just remember Binwalk's older version is not compatible with the latest versions, hence it is suggested to uninstall the older version before installing the latest version to avoid any API conflict.

If you want to install it on a Linux system, you need to install a python3 interpreter as a prerequisite.

sudo apt-get update
sudo apt-get install python3

Then download the Binwalk binary from the download link mentioned above, Navigate to unzip the download directory, and  use the below command for installation:

$ sudo python3 setup.py install

How to Uninstall Binwalk from your system

You can uninstall Binwalk by just using a one-line command as mentioned below:

sudo python3 setup.py uninstall

Tool help

The below command displays all options

$ binwalk -h

Tool Usage Examples

(1) Scan to identify code, files, and other information

$ binwalk <firmware-image>

(2) Extract files from firmware 

$ binwalk -e <firmware-image>

(3) Extract files from firmware recursively

$ binwalk -Me <firmware-image>

Top 10 Firmware Security Vulnerabilities

(4) Generate differences between firmware images

$ binwalk -W <firmware1-image> <firmware2-image> <firmware3-image>

(5) Signature Analysis

$ binwalk -B <firmware-image>

(6) Entropy Analysis

$ binwalk -E <firmware-image>

Low entropy signifies encryption mechanism may not be implemented while high entropy signifies the availability of an encryption mechanism

(7) Upgrade to the latest version

$ sudo binwalk -u

(8) Verbose Output

$ binwalk --verbose <firmware-image>

(9) Capture log files

$ binwalk -f file.log <firmware-image>

(10) Format output to a current terminal

$ binwalk -t <firmware-image>

(11) To display the filesystem of binary

$ binwalk -y 'filesystem' <firmware-image>

(12) To display the CPU architecture of binary

binwalk --disasm <firmware-image>

(13) To display the Endianness of binary

binwalk -y "endian"  <firmware-image> 

(14) To extract the firmware recursively and decompress the file

binwalk -reM  <firmware-image> 

Conclusion

Binwalk is one of the best tools available for analyzing the security vulnerabilities of the firmware image. However, other online tools such as Binvis and some standalone tools can also be used for finding issues.