Binwalk 0.3.8 Release

Binwalk 0.3.8 has just been released. In addition to bug fixes, signature updates and speed improvements, binwalk can now also identify raw executable code for various different architectures using the -A option:

$ binwalk -A soho.bin

DECIMAL   	HEX       	DESCRIPTION
-------------------------------------------------------------
132       	0x84      	MIPSEL function epilogue
144       	0x90      	MIPSEL function epilogue
176       	0xB0      	MIPSEL function epilogue
224       	0xE0      	MIPSEL function epilogue
248       	0xF8      	MIPSEL function prologue
432       	0x1B0     	MIPSEL function epilogue
440       	0x1B8     	MIPSEL function prologue
896       	0x380     	MIPSEL function epilogue
904       	0x388     	MIPSEL function prologue
1548      	0x60C     	MIPSEL function epilogue
1556      	0x614     	MIPSEL function prologue
2128      	0x850     	MIPSEL function epilogue
2136      	0x858     	MIPSEL function prologue
2800      	0xAF0     	MIPSEL function epilogue
2808      	0xAF8     	MIPSEL function prologue
2880      	0xB40     	MIPSEL function epilogue
2888      	0xB48     	MIPSEL function prologue
3172      	0xC64     	MIPSEL function epilogue
...
1830540   	0x1BEE8C  	MIPSEL function epilogue
1830584   	0x1BEEB8  	MIPSEL function epilogue
1830616   	0x1BEED8  	MIPSEL function epilogue
1830748   	0x1BEF5C  	MIPSEL function epilogue
1830800   	0x1BEF90  	MIPSEL function epilogue
1830812   	0x1BEF9C  	MIPSEL function epilogue

Grab the latest release here!

Tagged . Bookmark the permalink.

4 Responses to Binwalk 0.3.8 Release

  1. Dinos says:

    Thanks, it was really needed as a feature !

  2. SD says:

    Thanks, nice feature!

    I’ve been dreaming about printer exploitation recently, and I think it would be interesting if binwalk could support analyzing these types of firmware. Often they seem to be wrapped in Postscript files.

    Here is a Xerox firmware if youre interested in looking at it. http://www.support.xerox.com/support/phaser-6120/file-redirect/enus.html?operatingSystem=winxp&fileLanguage=en&contentId=54315

    This is just one example, but I think MFP’s would be cool to look at, extracting firmware, vulnerabilities. Maybe building backdoored firmware with SSH daemon and re-uploading to printer, stuff like that.

    • Craig says:

      I’ve done some live analysis of printers, but haven’t done much firmware-only analysis on them. But from what I’ve seen, yes, the firmware is usually updated via PJL. Though they are usually running some non-Linux RTOS, though I believe there are some Lexmarks that run Linux.

      Binwalk can easily be updated to support these types of firmware, the trick is to figure out how the firmware is constructed and what compression types and firmware layouts they use so that those signatures can be added to binwalk. I’ll take a look at the firmware image you linked to and see what I can come up with. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *