Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-24-2021, 04:12
SMH17 SMH17 is offline
Friend
 
Join Date: Jul 2016
Location: Elysium
Posts: 34
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 12
Thanks Rcvd at 11 Times in 9 Posts
SMH17 Reputation: 0
What are the alternatives to Binwalk for firmware analysis?

I'm wondering if there are better alternatives to Binwalk to work on reverse engineering of firmware images.
Reply With Quote
  #2  
Old 04-25-2021, 02:02
traf0 traf0 is offline
Family
 
Join Date: Nov 2017
Posts: 86
Rept. Given: 2
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 228
Thanks Rcvd at 118 Times in 46 Posts
traf0 Reputation: 4
you can try

Centrifuge
Quote:
https://github.com/BinaryResearch/centrifuge-toolkit
Firmware Analysis Toolkit
Quote:
https://github.com/attify/firmware-analysis-toolkit
Reply With Quote
The Following 4 Users Say Thank You to traf0 For This Useful Post:
niculaita (04-25-2021), sh3dow (05-31-2021), SMH17 (05-30-2021), wild (04-26-2021)
  #3  
Old 05-31-2021, 21:02
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
Binwalk is the gold standard for this like IDA pro for binary reversing in its golden days (before Ghidra been released)
But Binwalk is more like PEiD or Exeinfo than firmware reverse engineering tool, it use signature based scan to identify the compression algorithms used by the manufacture and unpack the firmware image, and later evolved over time and improved its arsenal like the ability of ISA identification and entropy Visualization.

There are new tools made to avoid Binwalk's weakness (the signature based scan) by using machine learning. the first tool is ISAdetect, which focuses specifically on identifying the target CPU of the binary file and it's accomplish this using machine learning. the second one is Centrifuge which focuses specifically on visualizing the data in the binary file and give a better understanding of these data (it is far better than Binwalk Visualization function). it use Python plotting libraries to accomplish that, also use DBSCAN algorithm to finds clusters of statistically-similar data which really give a bigger picture for the reverse engineer on what the the binary file include inside its dark world. the the creator of this tool gave two example you can read them to have a better idea on how Centrifuge's data visualization is superior to that of Binwalk and helpful to the reverse engineer.

keep in mind in the two example the creator of this tool made he unpacked the firmware with Binwalk first then proceed to farther analyze it with Centrifuge.

Quote:
One of Centrifuge's design goals was to assist with firmware analysis, complementing existing tools such as the tried and true `binwalk`.
So in the end these are not replacement but complementing tools to Binwalk.

Quote:
Originally Posted by traf0 View Post
you can try

"Firmware Analysis Toolkit"
This use Binwalk for extracting and QEMU for emulation, so it's not really an alternative tool.

---

Right now there is not complete replacement to Binwalk and the territory of firmware analysis/reverse engineering is lacking in its arsenal, it's still not as advanced as computers or cell phones analysis/reverse engineering toolkits, but we hope this will change since near everything now connected through the internet and the IOT is hot topic.

Last edited by sh3dow; 05-31-2021 at 21:35.
Reply With Quote
The Following 5 Users Say Thank You to sh3dow For This Useful Post:
DominicCummings (09-09-2021), SMH17 (06-04-2021), taos (06-20-2021), traf0 (06-01-2021), yoza (05-31-2021)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firmware Analysis - ZLIB file conversion to Bitmap psgama General Discussion 3 08-02-2021 05:03
Veh Debugger alternatives (not CE) WyvernX General Discussion 1 07-20-2016 16:04


All times are GMT +8. The time now is 16:43.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )