binwalk 安装 与使用 xz_wrapper.h:50:2: error: unknown type name ‘lzma_vli’

1. 安装

git clone https://github.com/devttys0/binwalk 

cd binwalk

sudo python setup.py install

但是git下载超慢所以建议用下面的方式Linux 安装

sudo apt-get install binwalk

2.使用

2.1 使用binwalk工具对设备的固件进行文件组成格式的分析

binwalk *.bin

输出类似如下:

--------------------------------------------------------------------------------
218444        0x3554C         CRC32 polynomial table, little endian
5947392       0x5AC000        Squashfs filesystem, little endian, version 4.0, compression:xz, size: 6939582 bytes, 945 inodes, blocksize: 262144 bytes, created: 2018-08-06 10:04:01
12964446      0xC5D25E        xz compressed data

 

28391676      0x1B138FC       JFFS2 filesystem, little endian
28838384      0x1B809F0       xz compressed data

37483840      0x23BF540       Zlib compressed data, compressed

71368704      0x4410000       UBI erase count header, version: 1, EC: 0x1, VID header offset: 0x800, data offset: 0x1000

省略了一部分,挑出代表性的内容

--------------------------------------------------------------------------------

可以输出到一个txt文件方面查看 binwalk *.bin>outstruct.txt

2.2 binwalk工具对设备的固件文件系统进行提取

binwalk -e *.bin

但是会出现错误如

WARNING: Extractor.execute failed to run external extractor 'jefferson -d '%%jffs2-root%%' '%e'': [Errno 2] No such file or directory: 'jefferson': 'jefferson'
57470232      0x36CED18       JFFS2 filesystem, little endian
57488704      0x36D3540     

 

Make sure all of your tools are up to date and you have the necessary plugins installed. From the

https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md

Binwalk依靠多个外部实用程序来自动提取/解压缩文件和数据:

Binwalk relies on multiple external utilties in order to automatically extract/decompress files and data:

# Install standard extraction utilities
$ sudo apt-get install mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools sleuthkit default-jdk lzop srecord
# Install sasquatch to extract non-standard SquashFS images
$ sudo apt-get install zlib1g-dev liblzma-dev liblzo2-dev
$ git clone https://github.com/devttys0/sasquatch
$ (cd sasquatch && ./build.sh)
# Install jefferson to extract JFFS2 file systems
$ sudo pip install cstruct
$ git clone https://github.com/sviehb/jefferson
$ (cd jefferson && sudo python setup.py install)
# Install ubi_reader to extract UBIFS file systems
$ sudo apt-get install liblzo2-dev python-lzo
$ git clone https://github.com/jrspruitt/ubi_reader
$ (cd ubi_reader && sudo python setup.py install)
# Install yaffshiv to extract YAFFS file systems
$ git clone https://github.com/devttys0/yaffshiv
$ (cd yaffshiv && sudo python setup.py install)
# Install unstuff (closed source) to extract StuffIt archive files
$ wget -O - http://my.smithmicro.com/downloads/files/stuffit520.611linux-i386.tar.gz | tar -zxv
$ sudo cp bin/unstuff /usr/local/bin/

Note that for Debian/Ubuntu users, all of the above dependencies can be installed automatically using the included deps.sh script:

$ sudo ./deps.sh

有些不需要的工具其实不必要都安上

安装时候出错

xz_wrapper.h:50:2: error: unknown type name ‘lzma_vli’

cd squashfs-tools,编辑Makefile以注释掉XZ_SUPPORT = 1行,然后尝试构建:注意此时不要直接./build.sh

进入 文件夹-tools, sudo make && make install 

error :

WARNING: Extractor.execute failed to run external extractor 'ubireader_extract_files -o '%%ubifs-root%%' '%e'': [Errno 2] No such file or directory: 'ubireader_extract_files': 'ubireader_extract_files'
 

然后重新提取

如果还指定-M选项,Binwalk甚至会在提取文件时递归扫描文件

binwalk -Me *.bin

但是提取的时候会发现对于某些固件提取的文件超大,128M的文件竟然生成了16G的文件,后续需要更改

3binwalk IDA plugin插件工具的安装

python setup.py idainstall --idadir=/home/user/ida

卸载

python setup.py idauninstall --idadir=/home/user/ida

 

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值