Binwalk 1.2.2 has just been released which introduces some useful new features:
- Binary diffing of an arbitrary number of files
- Heuristic compression/encryption analysis
- Identification of zlib compression streams (implemented via a plugin)
Here are three thousand words to demonstrate these new features:
Diffing two firmware headers
Heuristic analysis of firmware with zlib compressed data
Identifying zlib compression in an Apple firmware update
Pingback: Links da semana #12 | Blog do Sergio Prado
There is something that i can do, when i run
binwalk -H foo and i have this result ?
-> High entropy data, best guess: encrypted
Tks! Very good blog, post more 🙂
Remember, that is just a “best guess”. It could be encrypted data, or it could just be very well compressed data (such as LZMA). Look at/near the start of that high entropy data to see if there are any readable strings, or possible header fields (magic bytes, file sizes, etc). These could help you in identifying what type of data you might be looking at.
whats the meaning of moderate entropy data?