Binwalk 1.2 has been released, and in addition to the usual signature / speed improvements, it sports several new features:
- Recursive file scanning and extraction
- Entropy and strings analysis
- Plugin support
Often files extracted by binwalk need to be further scanned / analyzed. This can now be automated with the –matryoshka option, which will recursively extract and scan files up to eight levels deep:
$ binwalk -e --matryoshka firmware.bin
Binwalk’s signature analysis is great, but how do you know it didn’t miss something? What do you do if binwalk doesn’t find anything at all?
Examining a file’s entropy can reveal a lot about its contents, such as which parts of the file may be compressed or encrypted:
What’s more, you can combine binwalk’s entropy analysis with other scans, such as the standard signature scan, or a strings / opcode scan:
In addition to a scriptable API, binwalk now supports plugins that are afforded considerable control over binwalk’s scan process. Plugins are particularly useful for extending or modifying binwalk’s analysis where custom signatures fall short.