CNX Software – Embedded Systems News

Binwalk Utility Helps You Analyze and Reverse-Engineer Firmware Files

Binwalk is a “firmware analysis tool designed for analyzing, reverse engineering and extracting data contained in firmware images”.  This tool written in python supports Linux, and somewhat Mac OS X, can scan firmware files for files signature, and can be useful for hacking firmware files, and finding hidden information.

Partial output from a scan of a firmware image for file signatures

Let’s install binwalk first. It’s very easy in a Debian or Ubuntu machine, as you just have to download the package, and run a script for installation:


If you have another Linux ditributions, it’s just a little more complicated. You still need to download and extract the release package as above, but you’ll have to install the following package depending on the features your need:

Once, this is done, run sudo python ./setup.sh install in src directory to complete the installation.

You can also checkout the latest source code from github:


Once we’ve got binwalk installed, let’s test with the firmware for SJ1000 camera.

Just running binwalk with the firmware file as argument will scan the file for known data representations.


Right, did not find much apart from a JPEG file. I tried to extract it with binwalk -e FW96650A.bin, but it just created and empty directory (_FW96650A.bin.extracted). However, I’ve tried the scan with an Android firmware (MK908 mini PC), and the scan output is extremely verbose, it will find the Linux kernel strings, and apparently list all files. There may be options to better analyze this type of firwmare, as there are many many options, and it may take a while to be familiar with the tool.

Let’s carry on with one of the other option: ASCII string scan. In theory, the same can be achieved with strings utility, but binwalk will also provide the offset for each string in the file. In the command below, S is for string scan, and -s5  sets the minimum string size to 5 characters.


Let’s plot an entropy chart. To be honest I’m not 100% sure sure how to exploit this feature, but I understand that it will help locate where useful data may be, as well as areas filled with 0xFF or 0x00 with no useful information.
Binwalk has lots of other features, and you can do things such as scanning a firmware image for executable opcodes, diffing multiple firmware headers, using a custom signature, and so on.

Support CNX Software - Donate via PayPal, become a Patron on Patreon, or buy review samples