Speed Tests

Although accuracy is paramount, a conscious effort has been made to keep binwalk's signature scans fast and efficient, even when run against very large files.

Running binwalk v2.1.0 in Python3 on a 32 bit Ubuntu 14.04 virtual machine with a single-core 2.2GHz Intel i7 processor, 100MB of /dev/random data can be scanned for a single signature in less than one second:

binwalk@ubuntu:~/tmp$ dd if=/dev/urandom bs=$((100*1024*1024)) count=1 of=100MB.bin
binwalk@ubuntu:~/tmp$ time binwalk -v 100MB.bin -y gzip

Scan Time:     2014-11-09 18:06:32
Target File:   100MB.bin
MD5 Checksum:  d0c6159390caeca9b43104f1344cde10
Signatures:    1

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------


real    0m0.783s
user    0m0.592s
sys     0m0.156s

Scanning 104,857,600 offsets for a single signature in .783 seconds on a 2.2GHz CPU equates to about one scan every 16 CPU clock cycles, which is respectable.

Of course, many factors may affect this type of metric (file contents, CPU core, HDD vs SSD, etc), but it does show that binwalk signature scans scale very well:

binwalk@ubuntu:~/tmp$ time binwalk -v 100MB.bin 

Scan Time:     2014-11-09 18:05:52
Target File:   100MB.bin
MD5 Checksum:  d0c6159390caeca9b43104f1344cde10
Signatures:    312

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------


real    0m13.934s
user    0m13.556s
sys     0m0.308s

Scanning the same file on the same machine for 312 different signatures took less than 14 seconds, or one signature scan every .94 CPU clock cycles.

This, coupled with smart signature parsing, allows binwalk to scan in seconds what takes other tools minutes or even hours.