1. 安装
git clone https://github.com/devttys0/binwalk
cd binwalk
sudo python setup.py install
但是git下载超慢所以建议用下面的方式Linux 安装
sudo apt-get install binwalk
2.1 使用binwalk工具对设备的固件进行文件组成格式的分析
binwalk *.bin
218444 0x3554C CRC32 polynomial table, little endian
5947392 0x5AC000 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 6939582 bytes, 945 inodes, blocksize: 262144 bytes, created: 2018-08-06 10:04:01
12964446 0xC5D25E xz compressed data
28391676 0x1B138FC JFFS2 filesystem, little endian
28838384 0x1B809F0 xz compressed data
37483840 0x23BF540 Zlib compressed data, compressed
71368704 0x4410000 UBI erase count header, version: 1, EC: 0x1, VID header offset: 0x800, data offset: 0x1000
可以输出到一个txt文件方面查看 binwalk *.bin>outstruct.txt
2.2 binwalk工具对设备的固件文件系统进行提取
binwalk -e *.bin
WARNING: Extractor.execute failed to run external extractor 'jefferson -d '%%jffs2-root%%' '%e'': [Errno 2] No such file or directory: 'jefferson': 'jefferson'
57470232 0x36CED18 JFFS2 filesystem, little endian
57488704 0x36D3540
Make sure all of your tools are up to date and you have the necessary plugins installed. From the
Binwalk relies on multiple external utilties in order to automatically extract/decompress files and data:
# Install standard extraction utilities
$ sudo apt-get install mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools sleuthkit default-jdk lzop srecord
# Install sasquatch to extract non-standard SquashFS images
$ sudo apt-get install zlib1g-dev liblzma-dev liblzo2-dev
$ git clone https://github.com/devttys0/sasquatch
$ (cd sasquatch && ./build.sh)
# Install jefferson to extract JFFS2 file systems
$ sudo pip install cstruct
$ git clone https://github.com/sviehb/jefferson
$ (cd jefferson && sudo python setup.py install)
# Install ubi_reader to extract UBIFS file systems
$ sudo apt-get install liblzo2-dev python-lzo
$ git clone https://github.com/jrspruitt/ubi_reader
$ (cd ubi_reader && sudo python setup.py install)
# Install yaffshiv to extract YAFFS file systems
$ git clone https://github.com/devttys0/yaffshiv
$ (cd yaffshiv && sudo python setup.py install)
# Install unstuff (closed source) to extract StuffIt archive files
$ wget -O - http://my.smithmicro.com/downloads/files/stuffit520.611linux-i386.tar.gz | tar -zxv
$ sudo cp bin/unstuff /usr/local/bin/
Note that for Debian/Ubuntu users, all of the above dependencies can be installed automatically using the included deps.sh
$ sudo ./deps.sh
xz_wrapper.h:50:2: error: unknown type name ‘lzma_vli’
cd squashfs-tools,编辑Makefile以注释掉XZ_SUPPORT = 1行,然后尝试构建:注意此时不要直接./build.sh
进入 文件夹-tools, sudo make && make install
error :
WARNING: Extractor.execute failed to run external extractor 'ubireader_extract_files -o '%%ubifs-root%%' '%e'': [Errno 2] No such file or directory: 'ubireader_extract_files': 'ubireader_extract_files'
binwalk -Me *.bin
3binwalk IDA plugin插件工具的安装
python setup.py idainstall --idadir=/home/user/ida
python setup.py idauninstall --idadir=/home/user/ida