固件解包--binwalk分析

Binwalk

binwalk完整安装

binwalk/INSTALL.md at master · ReFirmLabs/binwalk · GitHub

binwalk -h

Binwalk v2.2.0-ff34b12

Craig Heffner, ReFirmLabs

https://github.com/ReFirmLabs/binwalk

Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...

Signature Scan Options:

    -B, --signature              Scan target file(s) for common file signatures

    -R, --raw=<str>              Scan target file(s) for the specified sequence of bytes

    -A, --opcodes                Scan target file(s) for common executable opcode signatures

    -m, --magic=<file>           Specify a custom magic file to use

    -b, --dumb                   Disable smart signature keywords

    -I, --invalid                Show results marked as invalid

    -x, --exclude=<str>          Exclude results that match <str>

    -y, --include=<str>          Only show results that match <str>

Extraction Options:

    -e, --extract                Automatically extract known file types

    -D, --dd=<type[:ext[:cmd]]>  Extract <type> signatures (regular expression), give the files an extension of <ext>, and execute <cmd>

    -M, --matryoshka             Recursively scan extracted files

    -d, --depth=<int>            Limit matryoshka recursion depth (default: 8 levels deep)

    -C, --directory=<str>        Extract files/folders to a custom directory (default: current working directory)

    -j, --size=<int>             Limit the size of each extracted file

    -n, --count=<int>            Limit the number of extracted files

    -r, --rm                     Delete carved files after extraction

    -z, --carve                  Carve data from files, but don't execute extraction utilities

    -V, --subdirs                Extract into sub-directories named by the offset

Entropy Options:

    -E, --entropy                Calculate file entropy

    -F, --fast                   Use faster, but less detailed, entropy analysis

    -J, --save                   Save plot as a PNG

    -Q, --nlegend                Omit the legend from the entropy plot graph

    -N, --nplot                  Do not generate an entropy plot graph

    -H, --high=<float>           Set the rising edge entropy trigger threshold (default: 0.95)

    -L, --low=<float>            Set the falling edge entropy trigger threshold (default: 0.85)

Binary Diffing Options:

    -W, --hexdump                Perform a hexdump / diff of a file or files

    -G, --green                  Only show lines containing bytes that are the same among all files

    -i, --red                    Only show lines containing bytes that are different among all files

    -U, --blue                   Only show lines containing bytes that are different among some files

    -u, --similar                Only display lines that are the same between all files

    -w, --terse                  Diff all files, but only display a hex dump of the first file

Raw Compression Options:

    -X, --deflate                Scan for raw deflate compression streams

    -Z, --lzma                   Scan for raw LZMA compression streams

    -P, --partial                Perform a superficial, but faster, scan

    -S, --stop                   Stop after the first result

General Options:

    -l, --length=<int>           Number of bytes to scan

    -o, --offset=<int>           Start scan at this file offset

    -O, --base=<int>             Add a base address to all printed offsets

    -K, --block=<int>            Set file block size

    -g, --swap=<int>             Reverse every n bytes before scanning

    -f, --log=<file>             Log results to file

    -c, --csv                    Log results to file in CSV format

    -t, --term                   Format output to fit the terminal window

    -q, --quiet                  Suppress output to stdout

    -v, --verbose                Enable verbose output

    -h, --help                   Show help output

    -a, --finclude=<str>         Only scan files whose names match this regex

    -p, --fexclude=<str>         Do not scan files whose names match this regex

    -s, --status=<int>           Enable the status server on the specified port

记一次固件解包

前提:获取到了bin包,包含linux系统文件;

用binwalk解开bin包

在/_67AC.extracted/_4890E4.extracted/cpio-root/目录下发现系统目录;但是分析了一段时间,发现文件并不完全,请教大佬才知道30E9AA.cramfs文件也是系统文件,但是需要挂载起来才能打开;

挂载后可以看到文件还有其他的系统文件

sudo mount -o loop -t cramfs /30E9AA.cramfs /mnt

除了cramfs的文件类型,还有ramdisk、squashfs等Linux文件系统类型;

制作嵌入式linux文件系统(ramdisk,cramfs,squashfs) - 摩斯电码 - 博客园

binwalk源码分析(挖坑待填)

  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值