kali工具箱

Binwalk包装说明

Binwalk是用于搜索给定二进制图像的嵌入式文件和可执行代码的工具。具体地说，它被设计用于识别文件和嵌入固件映像的内部码。 Binwalk使用libmagic库，所以它与Unix文件实用程序创建的魔法签名兼容。 Binwalk也包括其中包含改进的签名文件，这些文件中固件映像常见的如压缩/归档文件，固件头，Linux内核，引导程序，文件系统等定制神奇的签名档

Binwalk首页 | 卡利Binwalk回购

作者：克雷格·Heffner
许可：MIT

包含在binwalk包工具

binwalk - 固件分析工具

[email protected]:~# binwalk -h



Binwalk v1.2.2-1

Craig Heffner, http://www.devttys0.com



Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...



Signature Analysis:

    -B, --binwalk                 Perform a file signature scan (default)

    -R, --raw-bytes=<string>      Search for a custom signature

    -A, --opcodes                 Scan for executable code signatures

    -C, --cast                    Cast file contents as various data types

    -m, --magic=<file>            Specify an alternate magic file to use

    -x, --exclude=<filter>        Exclude matches that have <filter> in their description

    -y, --include=<filter>        Only search for matches that have <filter> in their description

    -I, --show-invalid            Show results marked as invalid

    -T, --ignore-time-skew        Do not show results that have timestamps more than 1 year in the future

    -k, --keep-going              Show all matching results at a given offset, not just the first one

    -b, --dumb                    Disable smart signature keywords



Strings Analysis:

    -S, --strings                 Scan for ASCII strings (may be combined with -B, -R, -A, or -E)

    -s, --strlen=<n>              Set the minimum string length to search for (default: 3)



Entropy Analysis:

    -E, --entropy                 Plot file entropy (may be combined with -B, -R, -A, or -S)

    -H, --heuristic               Identify unknown compression/encryption based on entropy heuristics (implies -E)

    -K, --block=<int>             Set the block size for entropy analysis (default: 1024)

    -a, --gzip                    Use gzip compression ratios to measure entropy

    -N, --no-plot                 Do not generate an entropy plot graph

    -F, --marker=<offset:name>    Add a marker to the entropy plot graph

    -Q, --no-legend               Omit the legend from the entropy plot graph

    -J, --save-plot               Save plot as an SVG (implied if multiple files are specified)



Binary Diffing:

    -W, --diff                    Hexdump / diff the specified files

    -K, --block=<int>             Number of bytes to display per line (default: 16)

    -G, --green                   Only show hex dump lines that contain bytes which were the same in all files

    -i, --red                     Only show hex dump lines that contain bytes which were different in all files

    -U, --blue                    Only show hex dump lines that contain bytes which were different in some files

    -w, --terse                   Diff all files, but only display a hex dump of the first file



Extraction Options:

    -D, --dd=<type:ext[:cmd]>     Extract <type> signatures, give the files an extension of <ext>, and execute <cmd>

    -e, --extract=[file]          Automatically extract known file types; load rules from file, if specified

    -M, --matryoshka              Recursively scan extracted files, up to 8 levels deep

    -r, --rm                      Cleanup extracted files and zero-size files

    -d, --delay                   Delay file extraction for files with known footers



Plugin Options:

    -X, --disable-plugin=<name>   Disable a plugin by name

    -Y, --enable-plugin=<name>    Enable a plugin by name

    -p, --disable-plugins         Do not load any binwalk plugins

    -L, --list-plugins            List all user and system plugins by name



General Options:

    -o, --offset=<int>            Start scan at this file offset

    -l, --length=<int>            Number of bytes to scan

    -g, --grep=<text>             Grep results for the specified text

    -f, --file=<file>             Log results to file

    -c, --csv                     Log results to file in csv format

    -O, --skip-unopened           Ignore file open errors and process only the files that can be opened

    -t, --term                    Format output to fit the terminal window

    -q, --quiet                   Supress output to stdout

    -v, --verbose                 Be verbose (specify twice for very verbose)

    -u, --update                  Update magic signature files

    -?, --examples                Show example usage

    -h, --help                    Show help output

binwalk用法示例

运行文件签名扫描（-B）在给定的固件文件（DD-wrt.v24-13064_VINT_mini.bin）：

[email protected]:~# binwalk -B dd-wrt.v24-13064_VINT_mini.bin 



DECIMAL     HEX         DESCRIPTION

-------------------------------------------------------------------------------------------------------------------

0           0x0         TRX firmware header, little endian, header size: 28 bytes, image size: 2945024 bytes, CRC32: 0x4D27FDC4 flags: 0x0, version: 1

28          0x1C        gzip compressed data, from Unix, NULL date: Wed Dec 31 19:00:00 1969, max compression

2472        0x9A8       LZMA compressed data, properties: 0x6E, dictionary size: 2097152 bytes, uncompressed size: 2084864 bytes

622592      0x98000     Squashfs filesystem, little endian, DD-WRT signature, version 3.0, size: 2320835 bytes,  547 inodes, blocksize: 131072 bytes, created: Mon Nov  2 07:24:06 2009