Tuesday, May 27, 2014

Binwalk firmware analysis tool installation

Binwalk is a really great tool for analyzing and extracting firmware images.

Unfortunately, the version of binwalk included in the repository in quite old:

$ sudo aptitude show binwalk | grep Version
Version: 1.0-1

We will therefore install it from sources.

First install recommended extraction utilities in order to fully take advantage of binwalk's extraction features:

$ sudo aptitude install git mtd-utils zlib1g-dev liblzma-dev ncompress gzip bzip2 tar arj p7zip p7zip-full openjdk-6-jdk
Next, install firmware-mod-kit, which contains many file system extractors:

$ sudo mkdir -p /opt/firmware-mod-kit
$ sudo chmod -R a+rwx /opt/firmware-mod-kit
$ git clone https://code.google.com/p/firmware-mod-kit /opt/firmware-mod-kit/
$ cd /opt/firmware-mod-kit/src/
$ ./configure
$ make

Then install the following packages to take advantage of binwalk's graphing capabilities:

$ sudo aptitude install libqt4-opengl python-opengl python-qt4 python-qt4-gl python-numpy python-scipy
$ wget http://www.pyqtgraph.org/downloads/pyqtgraph-0.9.8.tar.gz

$ tar xf pyqtgraph-0.9.8.tar.gz
$ cd pyqtgraph-0.9.8/
$ sudo python ./setup.py install

We will also need to install libtool:
$ sudo aptitude install libtool

Let's now take care of binwalk:

$ git clone https://github.com/devttys0/binwalk
$ cd binwalk/
$ ./configure
$ make deps
$ make
$ sudo make install

And it's finally ready to use!

$ binwalk

Binwalk v2.0.0
Craig Heffner, http://www.binwalk.org

Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...

Signature Scan Options:
    -B, --signature                     Scan target file(s) for common file signatures
    -R, --raw=<str>                     Scan target file(s) for the specified sequence of bytes
    -A, --opcodes                       Scan target file(s) for common executable opcodes
    -C, --cast                          Cast offsets as a given data type (use -y to specify the data type / endianess)
    -m, --magic=<file>                  Specify a custom magic file to use
    -b, --dumb                          Disable smart signature keywords

Extraction Options:
    -e, --extract                       Automatically extract known file types
    -D, --dd=<type:ext:cmd>             Extract <type> signatures, give the files an extension of <ext>, and execute <cmd>
    -M, --matryoshka                    Recursively scan extracted files
    -d, --depth=<int>                   Limit matryoshka recursion depth (default: 8 levels deep)
    -j, --size=<int>                    Limit the size of each extracted file
    -r, --rm                            Cleanup extracted / zero-size files after extraction
    -z, --carve                         Carve data from files, but don't execute extraction utilities

Entropy Analysis Options:
    -E, --entropy                       Calculate file entropy
    -J, --save                          Save plot as a PNG
    -N, --nplot                         Do not generate an entropy plot graph
    -Q, --nlegend                       Omit the legend from the entropy plot graph

Heuristic Compression Options:
    -H, --heuristic                     Heuristically classify high entropy data
    -a, --trigger=<float>               Set the entropy trigger level (0.0 - 1.0, default: 0.90)

Binary Diffing Options:
    -W, --hexdump                       Perform a hexdump / diff of a file or files
    -G, --green                         Only show lines containing bytes that are the same among all files
    -i, --red                           Only show lines containing bytes that are different among all files
    -U, --blue                          Only show lines containing bytes that are different among some files
    -w, --terse                         Diff all files, but only display a hex dump of the first file

Binary Visualization Options:
    -3, --3D                            Generate a 3D binary visualization
    -2, --2D                            Project data points onto 3D cube walls only
    -Z, --points=<int>                  Set the maximum number of plotted data points
    -V, --grids                         Display the x-y-z grids in the resulting plot

Raw Compression Options:
    -X, --deflate                       Scan for raw deflate compression streams

Fuzzy Hash Options:
    -F, --fuzzy                         Perform fuzzy hash matching on files/directories
    -u, --cutoff=<int>                  Set the cutoff percentage
    -S, --strings                       Diff strings inside files instead of the entire file
    -s, --same                          Only show files that are the same
    -p, --diff                          Only show files that are different
    -n, --name                          Only compare files whose base names are the same
    -L, --symlinks                      Don't ignore symlinks

General Options:
    -l, --length=<int>                  Number of bytes to scan
    -o, --offset=<int>                  Start scan at this file offset
    -K, --block=<int>                   Set file block size
    -g, --swap=<int>                    Reverse every n bytes before scanning
    -I, --invalid                       Show results marked as invalid
    -x, --exclude=<str>                 Exclude results that match <str>
    -y, --include=<str>                 Only show results that match <str>
    -f, --log=<file>                    Log results to file
    -c, --csv                           Log results to file in CSV format
    -t, --term                          Format output to fit the terminal window
    -q, --quiet                         Supress output to stdout
    -v, --verbose                       Enable verbose output
    -h, --help                          Show help output

1 comment:

  1. How to install Binwalk without graphical capabilities? (no graphic libraries)