Description
Binwalk is a tool for analyzing, reverse engineering, and extracting firmware images. It scans for embedded file signatures, compressed archives, file systems, and executable code within binary files.
Installation
BASH
sudo apt install binwalk
# With full dependencies
sudo apt install binwalk squashfs-tools mtd-utils gzip bzip2 tar arj lhasa p7zip cabextractBasic Usage
BASH
# Signature scan
binwalk firmware.bin
# Extract embedded files
binwalk -e firmware.bin
# Recursive extraction
binwalk -Me firmware.bin
# Entropy analysis (find encrypted/compressed sections)
binwalk -E firmware.binAdvanced Usage
BASH
# Extract specific file system
binwalk -e --dd='squashfs:squashfs' firmware.bin
# Hexdump with highlighting
binwalk -W firmware1.bin firmware2.bin # Compare two images
# Custom signature scan
binwalk -R '\x89\x50\x4e\x47' firmware.bin # Find PNG images
# Strings extraction with offset
strings -a -t x firmware.bin | grep -i password
# Mount extracted filesystem
sudo mount -t squashfs squashfs-root.img /mnt/firmwareCommon Workflows
BASH
# IoT firmware analysis
binwalk firmware.bin # Identify components
binwalk -Me firmware.bin # Extract everything
find _firmware.bin.extracted/ -name "*.conf" -o -name "passwd" # Find secrets
grep -r "password\|secret\|key" _firmware.bin.extracted/