$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
I came across an interesting tool today called Binwalk.
Binwalk is a firmware analysis tool that scans a given binary file for embedded files and executable code.
Binwalk requires a Linux machine, I used the Backtrack VM I used from my article about WEP keys.
Note there is no binary distribution of Binwalk so you will need to compile it but this is a breeze.
Unpack the downloaded version (I used 0.3.10 which is the most recent at this time).
1 | tar -zxvf binwalk-03.10.tar.gz |
Binwalk comes with a configure script that checks the preconditions and creates a make file. Start if from the src directory:
1 | ./configure |
If it complains about libcurl, install it:
1 2 | sudo apt-get install libgnutls-dev sudo apt-get install libcurl4-gnutls-dev |
Then compile it:
1 2 | make sudo make install |
Now analyse your binaries with binwalk <filename>. Here is some example output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------- 440 0x1B8 Linux Journalled Flash filesystem, little endian 16051 0x3EB3 zlib compressed data 35669 0x8B55 zlib compressed data 35955 0x8C73 zlib compressed data 58845 0xE5DD zlib compressed data 60235 0xEB4B zlib compressed data 85016 0x14C18 zlib compressed data 147952 0x241F0 zlib compressed data 148251 0x2431B zlib compressed data 195432 0x2FB68 zlib compressed data 235131 0x3967B zlib compressed data 254245 0x3E125 zlib compressed data 270740 0x42194 zlib compressed data 277773 0x43D0D zlib compressed data 324869 0x4F505 zlib compressed data 329091 0x50583 zlib compressed data 330495 0x50AFF zlib compressed data 423027 0x67473 zlib compressed data 451841 0x6E501 zlib compressed data 452191 0x6E65F zlib compressed data 452941 0x6E94D zlib compressed data 1081757 0x10819D LZMA compressed data, properties: 0x82, dictionary size: 47316992 bytes, uncompressed size: 16777216 bytes |
The Binwalk wiki contains some usage examples to get you started.
Leave a reply