Binwalk 1.2 has been released, and in addition to the usual signature / speed improvements, it sports several new features:
- Recursive file scanning and extraction
- Entropy and strings analysis
- Plugin support
Recursive Extraction
Often files extracted by binwalk need to be further scanned / analyzed. This can now be automated with the –matryoshka option, which will recursively extract and scan files up to eight levels deep:
$ binwalk -e --matryoshka firmware.bin
Entropy Analysis
Binwalk’s signature analysis is great, but how do you know it didn’t miss something? What do you do if binwalk doesn’t find anything at all?
Examining a file’s entropy can reveal a lot about its contents, such as which parts of the file may be compressed or encrypted:
What’s more, you can combine binwalk’s entropy analysis with other scans, such as the standard signature scan, or a strings / opcode scan:
Plugin Support
In addition to a scriptable API, binwalk now supports plugins that are afforded considerable control over binwalk’s scan process. Plugins are particularly useful for extending or modifying binwalk’s analysis where custom signatures fall short.
Plugins are easy to write; check out some of the examples on the wiki!