File Analysis and Extraction - ReFirmLabs/binwalk GitHub Wiki

Usage

Binwalk makes it easy to analyze a file's contents and extract additional files embedded inside:

# Scan a file's contents
binwalk /tmp/firmware.bin

# Scan and extract a file's contents
binwalk -e /tmp/firmware.bin

# Scan and recursively extract a file's contents
binwalk -Me /tmp/firmware.bin

[!TIP] Use the --include and --exclude arguments to include or exclude specific signatures by name:

binwalk --exclude=jpeg,png,gif /tmp/firmware.bin

The signature names are displayed under the Signature Name column of the signature list.

Output

Results are color-coded to indicate confidence:

Green

High confidence; both file metadata and at least some portions of the file data were checked for accuracy

Yellow

Medium confidence; a reasonable amount of validation/sanity-checking was performed on the file metadata

Red

Low confidence; the "magic bytes" for the reported file type were identified, but little-to-no additional validation was performed