Skip to content

File Analysis and Extraction

Jump to bottom Edit New page
devttys0 edited this page Oct 18, 2024 · 2 revisions

Usage

Binwalk makes it easy to analyze a file's contents and extract additional files embedded inside:

# Scan a file's contents
binwalk /tmp/firmware.bin
# Scan and extract a file's contents
binwalk -e /tmp/firmware.bin
# Scan and recursively extract a file's contents
binwalk -Me /tmp/firmware.bin

Tip

Use the --include and --exclude arguments to include or exclude specific signatures by name:

binwalk --exclude=jpeg,png,gif /tmp/firmware.bin

The signature names are displayed under the Signature Name column of the signature list.

Output

Results are color-coded to indicate confidence:

Green

High confidence; both file metadata and at least some portions of the file data were checked for accuracy

Yellow

Medium confidence; a reasonable amount of validation/sanity-checking was performed on the file metadata

Red

Low confidence; the "magic bytes" for the reported file type were identified, but little-to-no additional validation was performed

Add a custom sidebar
Clone this wiki locally