Binwalk 1.0 has just been released and has been completely re-written as a Python module. This means that not only does it feature smarter scanning and signature processing features that were much, much easier to implement in Python, but it is now fully scriptable.
Aside from a few new options (and the removal of a few depreciated ones), the command line usage is pretty much the same. My personal favorite options to pass to binwalk are ‘-re’, which besides being a reference to reverse engineering, will attempt to extract data from the target file and clean up after itself (very handy for when there are a lot of false positive LZMA files extracted!):
$ binwalk -re firmware.bin
Scripting with binwalk is pretty straight forward. To perform a simple scan (equivalent to running binwalk with no command line options):
import pprint
from binwalk import Binwalk
binwalk = Binwalk()
pprint.PrettyPrinter().pprint(binwalk.scan('firmware.bin'))
binwalk.cleanup()
Check out the wiki for more command line usage and API examples.
Sorry, in the previous post I was using 0.5. I’ve not switched to 1.0. I compiled ‘file’ v5.12 and ‘python’ v2.7.3 from source. Also ‘pip install libmagic’, but get the following error:
~ # binwalk
Traceback (most recent call last):
File “/usr/local/bin/binwalk”, line 5, in
import binwalk
File “/usr/local/lib/python2.7/site-packages/binwalk/__init__.py”, line 2, in
import magic
You need to install the python magic module that came with the ‘file’ source. There should be a directory in the ‘file’ source called python with a setup.py script in it.
You’re doing god’s work son, this is incredible.
@Steve we all worship at the same church