Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
Original binwalk authors started to rewrite it to rust. For now it's unstable/experimental but it comes with multiple improvements. See https://github.com/ReFirmLabs/binwalk/tree/binwalkv3 for more information.
This is a fork of the original code from ReFirmLabs. This fork is maintained by the community and there is no relation between the maintainers of this fork and the original authors or the original company (though we greatly appreciate their work).
If you want to contribute feel free to open issues, pull requests, or even ask to be added to the repository to help with reviewing and merging PR.
There seems to exist a well-maintained alternative called unblob. According to some reports it has better extraction capabilities (are able to extract more data and faster). The downside is that it doesn't detect as much filetypes as binwalk. Another important difference is the number of dependencies: while binwalk doesn't require any dependency (they are optional), unblob depends on almost 20 packages.
Prior to Binwalk v2.3.3, extracted archives could create symlinks which point anywhere on the file system, potentially resulting in a directory traversal attack if subsequent extraction utilties blindly follow these symlinks. More generically, Binwalk makes use of many third-party extraction utilties which may have unpatched security issues; Binwalk v2.3.3 and later allows external extraction tools to be run as an unprivileged user using the run-as
command line option (this requires Binwalk itself to be run with root privileges). Additionally, Binwalk v2.3.3 and later will refuse to perform extraction as root unless --run-as=root
is specified.
- Installation
- API
- Supported Platforms
- Getting Started
- Binwalk Command Line Usage
- Binwalk IDA Plugin Usage
More information on Wiki