[BINWALK] Firmware Forensic Tool

Search This thread

Jackspsychosis

Senior Member
Oct 18, 2021
55
5
Houston, Tx
www.facebook.com
[BINWALK] Firmware Forensic Tool

ReFirm Labs.
https://www.refirmlabs.com
[email protected]
https://github.com/ReFirmLabs

Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

This thread will present two ways to go about installing this Binwalk (Automatically and Manuallly) and both are not without problems. .

If you're using Debain or Ubuntu 20.4 you can bash
./ dep.sh because its been tested on Debain and Ubuntu. I have installed binwalk on Ubuntu-Budgie 20.10, Ubuntu-Budgie 20.04 and windows 10. My theory on Windows 10 is **** windows use linux but just in case you nuts haven't dropped....

PREREQUISITES

1.Download & install Cygwin (place in path C:\cygwin)


https://www.cygwin.com/

2.Download & install latest version of Python3 ( place in path C:\python3)

https://www.python.org/downloads/


INSTALLATION (Auto)

Open your Cygwin terminal and type the following command:


$ lynx -source rawgit.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg install apt-cyg /bin

$ apt-cyg install git wget unzip

$ apt-cyg install python3 python3-pip

$ wget https://github.com/ReFirmLabs/binwalk/archive$ lynx -source rawgit.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg install apt-cyg /bin

$ apt-cyg install git wget unzip

$ apt-cyg install python3 python3-pip/master.zip

$ unzip master.zip

$ cd binwalk-master && python3 setup.py install


Debian users can install all optional and suggested extractors/dependencies using the included
deps.sh script (recommended):

$ sudo ./binwalk-master/deps.sh

If it installed with no issues then type "binwalk" and try to extract a firmware fill to make sure that you do not get an error. If you do than uninstall and reinstall manually.

(BEFORE installing Cygwin make a note of ALL the packages you will need to manually install Binwalk. You can get them during the installation of Cygwin. CHECK MARK wget, git, lynix and your list.)

If apt-cyg is unable to locate a package TRY THE "pip install <package_name>" COMMAND. If pip is unable locate the package then it's either already installed under a different name or its obsolete.


INSTALLATION (Manual)

$ lynx -source rawgit.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg install apt-cyg /bin

$ apt-cyg install git wget unzip

$ apt-cyg install python3 python3-pip

$ python3 setup.py install

$ pip3 --upgrade pip

$ pip3 install nose coverage

$ pip3 install pycryptodome

$ apt-cyg install libqt4-opengl python3-opengl python3-pyqt4 python3-pyqt4.qtopengl

$ pip3 install python3-numpy python3-scipy

$ pip3 install pyqtgraph


CAPSTONE

$ pip install capstone

$ apt-cyg install mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools sleuthkit default-jdk lzop srecord


SASQUATCH

$ apt-cyg install zlib1g-dev liblzma-dev liblzo2-dev

$ git clone https://github.com/devttys0/sasquatch $ cd sasquatch && ./build.sh

$ pip3 install cstruct $ git clone https://github.com/sviehb/jefferson $ cd jefferson && python3 setup.py install

$ apt-cyg install liblzo2-dev python-lzo $ git clone https://github.com/jrspruitt/ubi_reader $ cd ubi_reader && python3 setup.py install

$ git clone https://github.com/devttys0/yaffshiv $ cd yaffshiv && python3 setup.py install $ wget -O - http://downloads.tuxfamily.org/sdtraces/stuffit520.611linux-i386.tar.g | tar -zxv $ cp bin/unstuff /usr/local/bin/ Note that for Debian/Ubuntu users, all of the above dependencies can be installed automatically using the inclu
ded $ sudo ./deps.sh Note that I also used command it was the only way to get all the packages. It worked for me but make your own choices. Installing the IDA Plugin If IDA is installed on your system, you may optionally install the binwalk IDA plugin: $ python3 setup.py idainstall --idadir=/home/user/ida Likewise, the binwalk IDA plugin can be uninstalled: $ python3 setup.py idauninstall --idadir=/home/user/ida If all goes well... $ binwalk I believe this was my first tutorial. I gotta be honest, XDA as website is unbeatable. I have spent days upon days sifting through treads and will probably spend many more days doing research!
 
Last edited:
Feb 24, 2022
15
1
Wiko Rainbow
Thanks for sharing this.
Having made a quick look to https://www.kali.org/tools/binwalk/ it seems to be able to extract binaries from (otherwise) "closed" firmware files.
Then, of course you need to do the real thing to modify what you want to, according to your goals. At this point comes the reversing stuff.
Finally you have to repack everything (and eventually resign it as there might be some integrity check) to be able to use the given firmware.
On devices/roms I dealt with, the unpacking/repacking is done by the flashing program itself. (ie. SPD reserch tool for spreadtrum devices).
Is it able to repack correctly the rom as well ?
 

Jackspsychosis

Senior Member
Oct 18, 2021
55
5
Houston, Tx
www.facebook.com
Thanks for sharing this.
Having made a quick look to https://www.kali.org/tools/binwalk/ it seems to be able to extract binaries from (otherwise) "closed" firmware files.
Then, of course you need to do the real thing to modify what you want to, according to your goals. At this point comes the reversing stuff.
Finally you have to repack everything (and eventually resign it as there might be some integrity check) to be able to use the given firmware.
On devices/roms I dealt with, the unpacking/repacking is done by the flashing program itself. (ie. SPD reserch tool for spreadtrum devices).
Is it able to repack correctly the rom as well ?
You are welcome. You know I've never been able to get SP to work or any of them to tell you the truth. Lgup, Odin are more precious than gold. I've been trying for 3 or 4 days to get Salt to flash a kdz, do, zip and images without success. The good thing about Binwalk is it will dissect anything that you feed it BUT like you were saying its definitely a lot of work brother. Do you think you could bless me with a copy of this working SP tool?
 
Feb 24, 2022
15
1
Wiko Rainbow
You are welcome. You know I've never been able to get SP to work or any of them to tell you the truth. Lgup, Odin are more precious than gold. I've been trying for 3 or 4 days to get Salt to flash a kdz, do, zip and images without success. The good thing about Binwalk is it will dissect anything that you feed it BUT like you were saying its definitely a lot of work brother. Do you think you could bless me with a copy of this working SP tool?
You can get it directly from SP (free) :
For more convenience, I attached here both latest app and drivers. (compressed smaller)
--> however after 20' I still dont see them appear here...

This variant of the SP flasher can do really a lot of things (however I couldn't find any doc on it, you must be an SPD engineer to understand everything). Some .ini file comments can give a little help.
 
Last edited:

Jackspsychosis

Senior Member
Oct 18, 2021
55
5
Houston, Tx
www.facebook.com
You can get it directly from SP (free) :
For more convenience, I attached here both latest app and drivers. (compressed smaller)
--> however after 20' I still dont see them appear here...

This variant of the SP flasher can do really a lot of things (however I couldn't find any doc on it, you must be an SPD engineer to understand everything). Some .ini file comments can give a little help.
Thank you. Brother apparently I lied to ya, it wasn't SP that wouldn't flash. It was a different tool for Samsung devices. What I really need is something similar to LGUPD that will flash modified kdz firmware . I found an old school R&D tool that can make unpack and repack kdz files but can't flash since LGUP was released and LGUP won't flash a kdz file that's modified. Neither will Salt, Salt is more anal than LGUP if truth be told. It goes by LG anti-roll back rules smh. Odin won't flash a modified firmware either. You know what I'm trying do right? Sneak a patched boot image and/or custom recovery through.
 
Last edited:
Feb 24, 2022
15
1
Wiko Rainbow
Thank you. Brother apparently I lied to ya, it wasn't SP that wouldn't flash. It was a different tool for Samsung devices. What I really need is something similar to LGUPD that will flash modified kdz firmware . I found an old school R&D tool that can make unpack and repack kdz files but can't flash since LGUP was released and LGUP won't flash a kdz file that's modified. Neither will Salt, Salt is more anal than LGUP if truth be told. It goes by LG anti-roll back rules smh. Odin won't flash a modified firmware either. You know what I'm trying do right? Sneak a patched boot image and/or custom recovery through.
I don't have much knowledge on lgup (other than it didn't even recognize my c299 - lgup+uppercut). During my SP rooting attempt I went into a vbmeta signature issue that blocks any modified boot/recovery. I wrote here a long story about that...
Finally, all this hardly worth the time spent on it (at least, as I'm not a harcore pro ;-)
 
  • Like
Reactions: Jackspsychosis

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Thank you. Brother apparently I lied to ya, it wasn't SP that wouldn't flash. It was a different tool for Samsung devices. What I really need is something similar to LGUPD that will flash modified kdz firmware . I found an old school R&D tool that can make unpack and repack kdz files but can't flash since LGUP was released and LGUP won't flash a kdz file that's modified. Neither will Salt, Salt is more anal than LGUP if truth be told. It goes by LG anti-roll back rules smh. Odin won't flash a modified firmware either. You know what I'm trying do right? Sneak a patched boot image and/or custom recovery through.
    I don't have much knowledge on lgup (other than it didn't even recognize my c299 - lgup+uppercut). During my SP rooting attempt I went into a vbmeta signature issue that blocks any modified boot/recovery. I wrote here a long story about that...
    Finally, all this hardly worth the time spent on it (at least, as I'm not a harcore pro ;-)