Binwalk

binwalk完整安装

binwalk/INSTALL.md at master · ReFirmLabs/binwalk · GitHub

binwalk -h

Binwalk v2.2.0-ff34b12

Craig Heffner, ReFirmLabs

https://github.com/ReFirmLabs/binwalk

Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...

Signature Scan Options:

-B, --signature              Scan target file(s) for common file signatures

-R, --raw=<str>              Scan target file(s) for the specified sequence of bytes

-A, --opcodes                Scan target file(s) for common executable opcode signatures

-m, --magic=<file>           Specify a custom magic file to use

-b, --dumb                   Disable smart signature keywords

-I, --invalid                Show results marked as invalid

-x, --exclude=<str>          Exclude results that match <str>

-y, --include=<str>          Only show results that match <str>

Extraction Options:

-e, --extract                Automatically extract known file types

-D, --dd=<type[:ext[:cmd]]>  Extract <type> signatures (regular expression), give the files an extension of <ext>, and execute <cmd>

-M, --matryoshka             Recursively scan extracted files

-d, --depth=<int>            Limit matryoshka recursion depth (default: 8 levels deep)

-C, --directory=<str>        Extract files/folders to a custom directory (default: current working directory)

-j, --size=<int>             Limit the size of each extracted file

-n, --count=<int>            Limit the number of extracted files

-r, --rm                     Delete carved files after extraction

-z, --carve                  Carve data from files, but don't execute extraction utilities

-V, --subdirs                Extract into sub-directories named by the offset

Entropy Options:

-E, --entropy                Calculate file entropy

-F, --fast                   Use faster, but less detailed, entropy analysis

-J, --save                   Save plot as a PNG

-Q, --nlegend                Omit the legend from the entropy plot graph

-N, --nplot                  Do not generate an entropy plot graph

-H, --high=<float>           Set the rising edge entropy trigger threshold (default: 0.95)

-L, --low=<float>            Set the falling edge entropy trigger threshold (default: 0.85)

Binary Diffing Options:

-W, --hexdump                Perform a hexdump / diff of a file or files

-G, --green                  Only show lines containing bytes that are the same among all files

-i, --red                    Only show lines containing bytes that are different among all files

-U, --blue                   Only show lines containing bytes that are different among some files

-u, --similar                Only display lines that are the same between all files

-w, --terse                  Diff all files, but only display a hex dump of the first file

Raw Compression Options:

-X, --deflate                Scan for raw deflate compression streams

-Z, --lzma                   Scan for raw LZMA compression streams

-P, --partial                Perform a superficial, but faster, scan

-S, --stop                   Stop after the first result

General Options:

-l, --length=<int>           Number of bytes to scan

-o, --offset=<int>           Start scan at this file offset

-O, --base=<int>             Add a base address to all printed offsets

-K, --block=<int>            Set file block size

-g, --swap=<int>             Reverse every n bytes before scanning

-f, --log=<file>             Log results to file

-c, --csv                    Log results to file in CSV format

-t, --term                   Format output to fit the terminal window

-q, --quiet                  Suppress output to stdout

-v, --verbose                Enable verbose output

-h, --help                   Show help output

-a, --finclude=<str>         Only scan files whose names match this regex

-p, --fexclude=<str>         Do not scan files whose names match this regex

-s, --status=<int>           Enable the status server on the specified port

记一次固件解包

前提：获取到了bin包，包含linux系统文件；

用binwalk解开bin包

在/_67AC.extracted/_4890E4.extracted/cpio-root/目录下发现系统目录；但是分析了一段时间，发现文件并不完全，请教大佬才知道30E9AA.cramfs文件也是系统文件，但是需要挂载起来才能打开；

挂载后可以看到文件还有其他的系统文件

sudo mount -o loop -t cramfs /30E9AA.cramfs /mnt

除了cramfs的文件类型，还有ramdisk、squashfs等Linux文件系统类型；

制作嵌入式linux文件系统（ramdisk，cramfs，squashfs) - 摩斯电码 - 博客园

binwalk源码分析（挖坑待填）