Binwalk v1.0, Now With Python!

  By Craig | February 6, 2013 - 9:26 pm | ,

Binwalk 1.0 has just been released and has been completely re-written as a Python module. This means that not only does it feature smarter scanning and signature processing features that were much, much easier to implement in Python, but it is now fully scriptable.

Aside from a few new options (and the removal of a few depreciated ones), the command line usage is pretty much the same. My personal favorite options to pass to binwalk are ‘-re’, which besides being a reference to reverse engineering, will attempt to extract data from the target file and clean up after itself (very handy for when there are a lot of false positive LZMA files extracted!):

$ binwalk -re firmware.bin

Scripting with binwalk is pretty straight forward. To perform a simple scan (equivalent to running binwalk with no command line options):

import pprint
from binwalk import Binwalk

binwalk = Binwalk()
pprint.PrettyPrinter().pprint(binwalk.scan('firmware.bin'))
binwalk.cleanup()

Check out the wiki for more command line usage and API examples.

Bookmark the permalink.

6 Responses to Binwalk v1.0, Now With Python!

  1. Matt says:
    February 12, 2013 at 5:07 pm

    Sorry, in the previous post I was using 0.5. I’ve not switched to 1.0. I compiled ‘file’ v5.12 and ‘python’ v2.7.3 from source. Also ‘pip install libmagic’, but get the following error:
    ~ # binwalk
    Traceback (most recent call last):
    File “/usr/local/bin/binwalk”, line 5, in
    import binwalk
    File “/usr/local/lib/python2.7/site-packages/binwalk/__init__.py”, line 2, in
    import magic

    Reply
    • Craig says:
      February 12, 2013 at 10:47 pm

      You need to install the python magic module that came with the ‘file’ source. There should be a directory in the ‘file’ source called python with a setup.py script in it.

      Reply
  2. Steve says:
    February 27, 2013 at 4:02 pm

    You’re doing god’s work son, this is incredible.

    Reply
  3. rob says:
    February 17, 2014 at 6:10 pm

    Hi, I have the following setup:

    Python 2.7
    Python Magic 5.17

    When I do an import magic, I get this error:

    >>> import magic
    Traceback (most recent call last):
    File “”, line 1, in
    File “magic.py”, line 19, in
    _libraries[‘magic’] = _init()
    File “magic.py”, line 16, in _init
    return ctypes.cdll.LoadLibrary(find_library(‘magic’))
    File “C:\python27\lib\ctypes\__init__.py”, line 443, in LoadLibrary
    return self._dlltype(name)
    File “C:\python27\lib\ctypes\__init__.py”, line 365, in __init__
    self._handle = _dlopen(self._name, mode)
    TypeError: expected string or Unicode object, NoneType found

    Any help would be appreciate thanks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *