Binwalk is a really great tool for analyzing and extracting firmware images.
Unfortunately, the version of binwalk included in the repository in quite old:
$ sudo aptitude show binwalk | grep Version
Version: 1.0-1
We will therefore install it from sources.
First install recommended extraction utilities in order to fully take advantage of binwalk's extraction features:
$ sudo aptitude install git mtd-utils zlib1g-dev liblzma-dev ncompress gzip bzip2 tar arj p7zip p7zip-full openjdk-6-jdk
Next, install firmware-mod-kit, which contains many file system extractors:
$ sudo mkdir -p /opt/firmware-mod-kit
$ sudo chmod -R a+rwx /opt/firmware-mod-kit
$ git clone https://code.google.com/p/firmware-mod-kit /opt/firmware-mod-kit/
$ cd /opt/firmware-mod-kit/src/
$ ./configure
$ make
Then install the following packages to take advantage of binwalk's graphing capabilities:
$ sudo aptitude install libqt4-opengl python-opengl python-qt4 python-qt4-gl python-numpy python-scipy
$ wget http://www.pyqtgraph.org/downloads/pyqtgraph-0.9.8.tar.gz
$ tar xf pyqtgraph-0.9.8.tar.gz
$ cd pyqtgraph-0.9.8/
$ sudo python ./setup.py install
We will also need to install libtool:
$ sudo aptitude install libtool
Let's now take care of binwalk:
$ git clone https://github.com/devttys0/binwalk
$ cd binwalk/
$ ./configure
$ make deps
$ make
$ sudo make install
And it's finally ready to use!
$ binwalk
Binwalk v2.0.0
Craig Heffner, http://www.binwalk.org
Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...
Signature Scan Options:
-B, --signature Scan target file(s) for common file signatures
-R, --raw=<str> Scan target file(s) for the specified sequence of bytes
-A, --opcodes Scan target file(s) for common executable opcodes
-C, --cast Cast offsets as a given data type (use -y to specify the data type / endianess)
-m, --magic=<file> Specify a custom magic file to use
-b, --dumb Disable smart signature keywords
Extraction Options:
-e, --extract Automatically extract known file types
-D, --dd=<type:ext:cmd> Extract <type> signatures, give the files an extension of <ext>, and execute <cmd>
-M, --matryoshka Recursively scan extracted files
-d, --depth=<int> Limit matryoshka recursion depth (default: 8 levels deep)
-j, --size=<int> Limit the size of each extracted file
-r, --rm Cleanup extracted / zero-size files after extraction
-z, --carve Carve data from files, but don't execute extraction utilities
Entropy Analysis Options:
-E, --entropy Calculate file entropy
-J, --save Save plot as a PNG
-N, --nplot Do not generate an entropy plot graph
-Q, --nlegend Omit the legend from the entropy plot graph
Heuristic Compression Options:
-H, --heuristic Heuristically classify high entropy data
-a, --trigger=<float> Set the entropy trigger level (0.0 - 1.0, default: 0.90)
Binary Diffing Options:
-W, --hexdump Perform a hexdump / diff of a file or files
-G, --green Only show lines containing bytes that are the same among all files
-i, --red Only show lines containing bytes that are different among all files
-U, --blue Only show lines containing bytes that are different among some files
-w, --terse Diff all files, but only display a hex dump of the first file
Binary Visualization Options:
-3, --3D Generate a 3D binary visualization
-2, --2D Project data points onto 3D cube walls only
-Z, --points=<int> Set the maximum number of plotted data points
-V, --grids Display the x-y-z grids in the resulting plot
Raw Compression Options:
-X, --deflate Scan for raw deflate compression streams
Fuzzy Hash Options:
-F, --fuzzy Perform fuzzy hash matching on files/directories
-u, --cutoff=<int> Set the cutoff percentage
-S, --strings Diff strings inside files instead of the entire file
-s, --same Only show files that are the same
-p, --diff Only show files that are different
-n, --name Only compare files whose base names are the same
-L, --symlinks Don't ignore symlinks
General Options:
-l, --length=<int> Number of bytes to scan
-o, --offset=<int> Start scan at this file offset
-K, --block=<int> Set file block size
-g, --swap=<int> Reverse every n bytes before scanning
-I, --invalid Show results marked as invalid
-x, --exclude=<str> Exclude results that match <str>
-y, --include=<str> Only show results that match <str>
-f, --log=<file> Log results to file
-c, --csv Log results to file in CSV format
-t, --term Format output to fit the terminal window
-q, --quiet Supress output to stdout
-v, --verbose Enable verbose output
-h, --help Show help output
Unfortunately, the version of binwalk included in the repository in quite old:
$ sudo aptitude show binwalk | grep Version
Version: 1.0-1
We will therefore install it from sources.
First install recommended extraction utilities in order to fully take advantage of binwalk's extraction features:
$ sudo aptitude install git mtd-utils zlib1g-dev liblzma-dev ncompress gzip bzip2 tar arj p7zip p7zip-full openjdk-6-jdk
Next, install firmware-mod-kit, which contains many file system extractors:
$ sudo mkdir -p /opt/firmware-mod-kit
$ sudo chmod -R a+rwx /opt/firmware-mod-kit
$ git clone https://code.google.com/p/firmware-mod-kit /opt/firmware-mod-kit/
$ cd /opt/firmware-mod-kit/src/
$ ./configure
$ make
Then install the following packages to take advantage of binwalk's graphing capabilities:
$ sudo aptitude install libqt4-opengl python-opengl python-qt4 python-qt4-gl python-numpy python-scipy
$ wget http://www.pyqtgraph.org/downloads/pyqtgraph-0.9.8.tar.gz
$ tar xf pyqtgraph-0.9.8.tar.gz
$ cd pyqtgraph-0.9.8/
$ sudo python ./setup.py install
We will also need to install libtool:
$ sudo aptitude install libtool
Let's now take care of binwalk:
$ git clone https://github.com/devttys0/binwalk
$ cd binwalk/
$ ./configure
$ make deps
$ make
$ sudo make install
And it's finally ready to use!
$ binwalk
Binwalk v2.0.0
Craig Heffner, http://www.binwalk.org
Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...
Signature Scan Options:
-B, --signature Scan target file(s) for common file signatures
-R, --raw=<str> Scan target file(s) for the specified sequence of bytes
-A, --opcodes Scan target file(s) for common executable opcodes
-C, --cast Cast offsets as a given data type (use -y to specify the data type / endianess)
-m, --magic=<file> Specify a custom magic file to use
-b, --dumb Disable smart signature keywords
Extraction Options:
-e, --extract Automatically extract known file types
-D, --dd=<type:ext:cmd> Extract <type> signatures, give the files an extension of <ext>, and execute <cmd>
-M, --matryoshka Recursively scan extracted files
-d, --depth=<int> Limit matryoshka recursion depth (default: 8 levels deep)
-j, --size=<int> Limit the size of each extracted file
-r, --rm Cleanup extracted / zero-size files after extraction
-z, --carve Carve data from files, but don't execute extraction utilities
Entropy Analysis Options:
-E, --entropy Calculate file entropy
-J, --save Save plot as a PNG
-N, --nplot Do not generate an entropy plot graph
-Q, --nlegend Omit the legend from the entropy plot graph
Heuristic Compression Options:
-H, --heuristic Heuristically classify high entropy data
-a, --trigger=<float> Set the entropy trigger level (0.0 - 1.0, default: 0.90)
Binary Diffing Options:
-W, --hexdump Perform a hexdump / diff of a file or files
-G, --green Only show lines containing bytes that are the same among all files
-i, --red Only show lines containing bytes that are different among all files
-U, --blue Only show lines containing bytes that are different among some files
-w, --terse Diff all files, but only display a hex dump of the first file
Binary Visualization Options:
-3, --3D Generate a 3D binary visualization
-2, --2D Project data points onto 3D cube walls only
-Z, --points=<int> Set the maximum number of plotted data points
-V, --grids Display the x-y-z grids in the resulting plot
Raw Compression Options:
-X, --deflate Scan for raw deflate compression streams
Fuzzy Hash Options:
-F, --fuzzy Perform fuzzy hash matching on files/directories
-u, --cutoff=<int> Set the cutoff percentage
-S, --strings Diff strings inside files instead of the entire file
-s, --same Only show files that are the same
-p, --diff Only show files that are different
-n, --name Only compare files whose base names are the same
-L, --symlinks Don't ignore symlinks
General Options:
-l, --length=<int> Number of bytes to scan
-o, --offset=<int> Start scan at this file offset
-K, --block=<int> Set file block size
-g, --swap=<int> Reverse every n bytes before scanning
-I, --invalid Show results marked as invalid
-x, --exclude=<str> Exclude results that match <str>
-y, --include=<str> Only show results that match <str>
-f, --log=<file> Log results to file
-c, --csv Log results to file in CSV format
-t, --term Format output to fit the terminal window
-q, --quiet Supress output to stdout
-v, --verbose Enable verbose output
-h, --help Show help output
How to install Binwalk without graphical capabilities? (no graphic libraries)
ReplyDelete