> For the complete documentation index, see [llms.txt](https://www.hardbreak.wiki/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.hardbreak.wiki/hardware-hacking/basics/tools/software-tools/binwalk.md).

# Binwalk

Binwalk is a powerful tool designed for analyzing, extracting, and reverse-engineering firmware images. It is frequently used by pentesters and security researchers for identifying embedded files and data in firmware, especially in IoT and hardware hacking.

## Key Features

* Signature Scanning
  * Binwalk scans firmware images for known file signatures such as compressed files, file systems, and cryptographic keys.
* File Extraction
  * Automatically extracts embedded files and file systems from firmware images.
* Entropy Analysis
  * Helps detect encrypted or compressed data by analyzing the randomness within a binary.
* Custom Signatures
  * Users can define their own file signatures, expanding Binwalk's capabilities to detect specific patterns.

## Cheat Sheet

```bash
# Scan a firmware image for known file signatures
binwalk firmware.bin

# Automatically extract embedded files from a firmware image
binwalk -e firmware.bin

# Analyze entropy to detect encrypted or compressed sections
binwalk -E firmware.bin

# Recursively extract files from deeply embedded archives
binwalk -Me firmware.bin
```

## Installation

Binwalk can be easily installed on most Linux distributions using the following command:

```bash
sudo apt-get install binwalk
```

For other systems, or to build it from source, follow the instructions on the [official Binwalk GitHub repository](https://github.com/ReFirmLabs/binwalk).

## Usage

Here’s a quick breakdown of the most common commands:

1. Basic Scan: To identify and list all known signatures in a firmware image:

   ```php-template
   binwalk firmware.bin
   ```
2. Extract Embedded Files: Automatically extract files found during the scan:

   ```php-template
   binwalk -e firmware.bin
   ```
3. Entropy Analysis: Useful for detecting compressed or encrypted sections within the firmware:

   ```mathematica
   binwalk -E firmware.bin
   ```
4. Recursive Extraction: Extracts files recursively to dig deeper into embedded archives:

   ```php-template
   binwalk -Me firmware.bin
   ```

## Common Use Cases

* Firmware Reverse Engineering
  * Binwalk helps break down firmware to find vulnerabilities, such as hardcoded credentials or encryption keys.
* File System Extraction
  * Extract embedded file systems like JFFS2, SquashFS, etc. from IoT devices.
* Cryptanalysis
  * Identify and locate encrypted sections of firmware for further investigation.

## Resources

* [Binwalk Wiki](https://github.com/ReFirmLabs/binwalk/wiki)
