Pentest Tools

Published on December 24th, 2015 📆 | 8340 Views ⚑


Binwalk — Firmware Analysis Tool

Free Text to Speech

Binwalk is a fast, easy to use tool for analyzing
and extracting firmware images

Firmware Analysis Tool binwalk_scan Firmware Analysis Tool


Firmware Analysis Tool

Binwalk can:


Β [adsense size='1']

Binwalk supports Python 2.7 – 3.x. Although most systems have Python2.7 set as their default Python interpreter, binwalk does run faster in Python3.



Installation follows the typical Python installation procedure:

# Python2.7
$ sudo python install
# Python3.x
$ sudo python3 install

[adsense size='1']


Besides a Python interpreter, there are no installation dependencies for binwalk. All dependencies are optional run-time dependencies, and unless otherwise specified, are available from most Linux package managers.

Although all binwalk run-time dependencies are optional, the python-lzma module is highly recommended for improving the reliability of signature scans. This module is included by default in Python3, but must be installed separately for Python2.7:

$ sudo apt-get install python-lzma

Binwalk uses pyqtgraph to generate graphs and visualizations, which requires the following:

# Python2.7
$ sudo apt-get install libqt4-opengl python-opengl python-qt4 python-qt4-gl python-numpy python-scipy python-pip
$ sudo pip install pyqtgraph
# Python3.x
$ sudo apt-get install libqt4-opengl python3-opengl python3-pyqt4 python3-pyqt4.qtopengl python3-numpy python3-scipy python3-pip
$ sudo pip3 install pyqtgraph

[adsense size='1']

Binwalk’s --disasm option requires the Capstone disassembly framework and its corresponding Python bindings:

$ wget
$ tar -zxvf capstone-2.1.2.tgz
$ (cd capstone-2.1.2 && ./ && sudo make install)
$ (cd capstone-2.1.2/bindings/python && sudo python ./ install)

Binwalk relies on multiple external utilties in order to automatically extract/decompress files and data:

# Install standard extraction utilities
$ sudo apt-get install mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools
# Install sasquatch to extract non-standard SquashFS images
$ sudo apt-get install zlib1g-dev liblzma-dev liblzo2-dev
$ git clone
$ (cd sasquatch && make && sudo make install)
# Install unstuff (closed source) to extract StuffIt archive files
$ wget -O - | tar -zxv
$ sudo cp bin/unstuff /usr/local/bin/

Firmware Analysis Tool hexdiff Firmware Analysis Tool



Basic usage is simple:

$ binwalk firmware.bin

0             0x0             TRX firmware header, little endian, header size: 28 bytes, image size: 14766080 bytes, CRC32: 0x6980E553 flags: 0x0, version: 1
28            0x1C            LZMA compressed data, properties: 0x5D, dictionary size: 65536 bytes, uncompressed size: 5494368 bytes
2319004       0x23629C        Squashfs filesystem, little endian, version 4.0, compression: xz, size: 12442471 bytes, 3158 inodes, blocksize: 131072 bytes, blocksize: 131072 bytes, created: 2014-05-21 22:38:47

[adsense size='1']

For additional examples and descriptions of advanced options check wiki page:

Firmware Analysis Tool binwalk wiki Firmware Analysis Tool

[adsense size='1']

Source && Download

Leave a Reply

Your email address will not be published.