Binwalk 1.2.2 Release

Binwalk 1.2.2 has just been released which introduces some useful new features:

  • Binary diffing of an arbitrary number of files
  • Heuristic compression/encryption analysis
  • Identification of zlib compression streams (implemented via a plugin)

Here are three thousand words to demonstrate these new features:

Diffing two firmware headers

Heuristic analysis of firmware with zlib compressed data

Heuristic analysis of firmware with zlib compressed data

Identifying zlib compression in an Apple firmware update

Identifying zlib compression in an Apple firmware update

Bookmark the permalink.

4 Responses to Binwalk 1.2.2 Release

  1. Pingback: Links da semana #12 | Blog do Sergio Prado

  2. y0da says:

    There is something that i can do, when i run
    binwalk -H foo and i have this result ?
    -> High entropy data, best guess: encrypted

    Tks! Very good blog, post more 🙂

    • Craig says:

      Remember, that is just a “best guess”. It could be encrypted data, or it could just be very well compressed data (such as LZMA). Look at/near the start of that high entropy data to see if there are any readable strings, or possible header fields (magic bytes, file sizes, etc). These could help you in identifying what type of data you might be looking at.

  3. 3.14 says:

    whats the meaning of moderate entropy data?

Leave a Reply

Your email address will not be published. Required fields are marked *