Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images.

Features of Binwalk Firmware Security Analysis & Extraction Tool

• Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems
• File Extraction – You can tell binwalk to extract any files that it finds in the firmware image
• Entropy Analysis – Can help identify interesting sections of data inside a firmware image
• String Search – Allows you to search the specified file(s) for a custom string

There are also various filters such as by CPU architecture, number of instructions, include filter, exclude filter,

Installation of Binwalk Firmware Security Analysis & Extraction Tool

Download binwalk:

Install binwalk; if you have a previously installed version of binwalk, it is suggested that you uninstall it before upgrading:

Debian users can install all optional and suggested extractors/dependencies using the included deps.sh script (recommended):

If you are not a Debian user, or if you wish to install only selected dependencies, see the INSTALL documentation for more details.

Usage of Binwalk Firmware Security Analysis & Extraction Tool

File Extraction

You can tell binwalk to extract any files that it finds in the firmware image with the -e option:

Binwalk will even recursively scan files as it extracts them if you also specify the -M option:

And if the -r option is specified, any file signatures that couldn’t be extracted – or that resulted in 0-size files – will be automatically deleted:

To extract one specific signature type, specify one or more -D type options:

Entropy Analysis

What happens if binwalk doesn’t report any signatures? Or, how do you know binwalk didn’t miss anything interesting?

Entropy analysis can help identify interesting sections of data inside a firmware image:

You can download Binwalk here:

binwalk-v2.2.0.zip

Or read more here.