Jump to content
SnakeByte

extracting bin files

Recommended Posts

SnakeByte

its very often while on a reverse engineering task/project you find yourself dealing with a bin file. One of the best tool to easy on your mission is Binwalk https://code.google.com/p/binwalk/ .

 

"Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules."

 

to download the source you can simply use the following:

$git clone  https://code.google.com/p/binwalk/

 

than for fast extraction of the bin file type from the source folder:

$binwalk -e firmware.bin

 

or for recursive of larger bin files:

$ binwalk -Me firmware.bin

 

for more information you can visit the google code wiki page:

https://code.google.com/p/binwalk/wiki/Usage?tm=6

 

good luck! 

  • Like 1

Share this post


Link to post
herman

I'm currently busy to audit a DVR and a router that I purchased. It is fun and I discovered various vulnerabilities already. 

For example, in the web GUI passwords are displayed with a bunch of ***. However a !! user account !! is allowed to download the router's config, which displays all pw's / WEP / WPA keys in plain-text.

 

For firmware analysis I tried to use binwalk but it does not want to extract the firmware to anything useful. It ends up with a bunch of data blobs and 7zip files. I am not sure what manual magic I could try.

 

Some post's did talk about extracting parts of the firmware with dd. Anybody got a decent tutorial on this? Nothing seems packed as I can run strings over the output files and read for example HTML source code. I would like to be able to do a static audit of the webserver binary with IDA.

  • Like 1

Share this post


Link to post
herman

It was not too difficult after some Google work. However one device seems to have a non-default file system and the other has encryption. So besides HTML/XML files and a partial decoded file system I still have no executables to audit haha. 

 

As reference here is how it works:

 

Extract Data with Binwalk:
- A specific block:
binwalk --dd=squashfs:1 firmware.img
(extract the part recognized as squashfs from the firmware file)
 
- Multiple blocks:
binwalk --dd=gzip:gz:2 firmware.img
(look for gzip data, extract and name it .gz, do this 2 times)
 
Extract Data Manually:
dd if=[firmware.img] skip=1 bs=[target size] of=lzma_data.7z
(for bs fill in the offset reported by Binwalk)
 
To be continued ...
 
PS For known firmware you could use the Firmware Toolkit to extract, modify and repack firmware images.
 
If anybody likes a small tutorial on embedded device exploitation I could throw something together. A very good source for info is http://devttys0.com
  • Like 1

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×