Binwalk v3
官方教程:
Compile From Source · ReFirmLabs/binwalk Wiki
下载地址:Compile From Source · ReFirmLabs/binwalk Wiki
Tip
The compiled binary will be located at binwalk/target/release/binwalk.
You may copy it to, and run it from, any directory you prefer.
About
This is an updated version of the Binwalk firmware analysis tool. It has been re-written in Rust, and is currently considered unstable/experimental.
While the usage and output is similar to that of previous Binwalk releases, this version has several notable improvements:
- Rust go BRRRT
- JSON output summary
- Multi-threaded analysis
- Efficient pattern matching
- Smarter file carving and extraction
- Much improved signature validation and reporting
Supported Platforms
Binwalk is only supported on 64-bit Linux systems, and only tested on Debian/Ubuntu Linux. It is recommended that you run Binwalk on a Debian-based system.
Installation
Build Dependencies
To compile Binwalk from source, you must first have the Rust compiler installed:
sudo apt install curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
. $HOME/.cargo/envAdditionally, entropy graphing requires the fontconfig library to be installed:
sudo apt install libfontconfig1-devCompiling From Source
To download and build the Binwalk source code:
sudo apt install git
git clone -b binwalkv3 https://github.com/ReFirmLabs/binwalk.git
cd binwalk
sudo ./binwalk/dependencies/ubuntu.sh
cargo build --release
./target/release/binwalk --helpThe Binwalk binary will be located at the target/release/binwalk path, as shown above. You may copy it to, and run it from, any location on your system that you prefer.
Runtime Dependencies
Binwalk relies on several external command-line utilities to perform extraction. Some are installed on most Linux systems by default, others are not.
To install all required extraction utilities:
sudo apt install p7zip-full zstd unzip tar sleuthkit cabextract lz4 lzop device-tree-compiler unrar
sudo apt install python3-pip
sudo pip3 install uefi_firmware
sudo pip3 install jefferson
sudo pip3 install ubi-reader
# Thanks to the ONEKEY team for maintaining this Sasquatch Debian package!
curl -L -o sasquatch_1.0.deb "https://github.com/onekey-sec/sasquatch/releases/download/sasquatch-v4.5.1-4/sasquatch_1.0_$(dpkg --print-architecture).deb"
sudo dpkg -i sasquatch_1.0.deb
rm sasquatch_1.0.deb
sudo apt install build-essential clang liblzo2-dev libucl-dev liblz4-dev
git clone https://github.com/askac/dumpifs.git
cd dumpifs
make dumpifs
sudo cp ./dumpifs /usr/local/bin/dumpifs
mkdir srec
cd srec
wget http://www.goffart.co.uk/s-record/download/srec_151_src.zip
unzip srec_151_src.zip
make
sudo cp srec2bin /usr/local/bin/Usage
To list all supported file types and required extraction utilities:
To scan a file's contents:
To exclude specific signatures from a scan:
binwalk -x jpeg,png,pdf file_name.binTo only serch for specific signatures during a scan:
binwalk -y jpeg,png,pdf file_name.binTo scan a file and extract its contents (default output directory is extractions):
To recursively scan and extract a file's contents:
binwalk -Me file_name.binGenerate an entropy graph of the specified file (a PNG image will be saved to the current working directory):
To save signature or entropy analysis results to a JSON file:
binwalk -l results.json file_name.binCommand Line Output
For each identified file type, Binwalk displays the file offset in both decimal and hexadecimal, along with a brief description.
Output is color-coded to indicate the confidence of the reported results:
There is no strict definition for the confidence level of each result, but they can generally be interpreted as:
red: Low confidence; the "magic bytes" for the reported file type were identified, but little-to-no additional validation was performedyellow: Medium confidence; a reasonable amount of validation/sanity-checking was performed on the file metadatagreen: High confidence; both file metadata and at least some portions of the file data were checked for accuracy
Note that during recursive extraction only "interesting" results will be displayed; use the --verbose command line option to display all results.
Supported Signatures
All supported file signatures and their corresponding extraction utility (if any) can be displayed with the --list command line option:
Each signature is color-coded to indicate:
green: Signature is fully supportedyellow: Signature is prone to false positives and will only be matched at the beginning of a file
The values displayed in the Signature Name column can be used with the --include and --exclude signature filter arguments.
Entropy Graphs
Entropy graphs (--entropy) display a plot of how random the contents of a file are, with the level of randomness displayed on the y axis and the file offset displayed on the x axis:
Randomness is calculated on a unit-less scale of 0 (not random at all) to 8 (very random). Since compressed and encrypted data is, by nature, very random, this is useful for identifying sections of a file that have been compressed or encrypted.
JSON Output
The JSON logs (--log) include more detailed signature and extraction information than is reported on the command line.
If an entropy scan was requested (--entropy), the JSON data will contain the raw entropy data for the specified file.
Errors and Logging
Errors and debug logs are handled by the Rust env_logger, which allows users to control log levels via the RUST_LOG environment variable:
RUST_LOG=off binwalk -Me file_name.bin
RUST_LOG=info binwalk -Me file_name.bin
RUST_LOG=debug binwalk -Me file_name.binAll errors and debug information are printed to stderr.
Limitations
Binwalk is a command line utility only; there is no library, API, or plugins (yet).
Binwalk can be very resource intensive. By default it will use all available CPU cores (this can be controlled with the --threads argument), and reads files into memory in their entirety.
报错总结
本次安装没有出现git网络不可达之类的错误,谢天谢地!!
有一些库没有安装:
要提前装好make gcc等,他报错什么balabala没有命令,没有目录,就装什么咯
例如:7zip 无法定位软件包
sudo apt-get install p7zip
报错:
fatal error: openssl/sha.h: No such file or directory 原因是:没有安装libssl-dev~
libssl-dev包含libraries, header files and manpages,他是openssl的一部分,而openssl对ssl进行了实现~
使用sudo apt-get install libssl-dev来安装libssl-dev即可
fatal error: bzlib.h: No such file or directory 解决办法:boost编译时的库依赖bzlib.h尚未安装
sudo apt-get install libbz2-dev
zlib.h:没有那个文件或目录安装sudo apt-get install zlib1g-dev
argo build时候遇到的报错:
error: failed to run custom build command for `yeslogic-fontconfig-sys v5.0.0`
note: To improve backtraces for build dependencies, set the CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG=true environment variable to enable debug information generation.sudo apt install pkg-config libfreetype6-dev libfontconfig1-dev
接下来:
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace此时,rust编译器提示你进行错误"回溯"
一般情况下默认使用的是 bash 命令行,请使用以下命令:
RUST_BACKTRACE=1 cargo run
但是,你最好是把其他的报错解决之后,运行
cargo build --release