【安服联合运营中心】【工具分享】固件分析工具 binwalk 使用
工具介绍
Binwalk 是针对固件逆向、漏洞挖掘的分析工具
工具使用及下载
工具地址 https://github.com/ReFirmLabs/binwalk
工具安装:
下载 Release 源码文件执行如下命令进行安装
$ sudo python3 setup.py install
官方使用介绍 https://github.com/ReFirmLabs/binwalk/wiki/Usage,本文主要介绍常用的几个命令
- 分析固件结构
# binwalk -B digicap.dav
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
108 0x6C Linux EXT filesystem, blocks count: 212992, image size: 218103808, rev 1.0, ext4 filesystem data, UUID=907c4fe6-346b-43f7-b5b7-10169bfd9bfd
219760236 0xD19466C POSIX tar archive (GNU), owner user name: "b/libtheora.so.0.3.10"
520160342 0x1F010456 MPEG transport stream data
553072748 0x20F7386C POSIX tar archive (GNU), owner user name: "GraphCfg.xml"
- 导出文件
# binwalk -e digicap.dav --run-as=root
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
219760236 0xD19466C POSIX tar archive (GNU), owner user name: "b/libtheora.so.0.3.10"
520160342 0x1F010456 MPEG transport stream data
553072748 0x20F7386C POSIX tar archive (GNU), owner user name: "GraphCfg.xml"
# ls _digicap.dav.extracted/
20F7386C.tar D19466C.tar FilterGraphCfg.xml ext-root libAnalysisLayer.so libavutil.so libconfig++.so.9.2.0 libcudart.so libcudnn.so.5
6C.ext2 FRAlgorithm.cfg baselib libAlgorithmLayer.so libavformat.so.57 libconfig++.so.9 libcublas.so libcudart.so.8.0
-e 参数是使用默认的预定义配置文件extract.conf
- 显示完整的扫描结果
# binwalk -I digicap.dav
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
107 0x6B LZMA compressed data, properties: 0x91, dictionary size: 0 bytes, uncompressed size: 0 bytes
108 0x6C Linux EXT filesystem, blocks count: 212992, image size: 218103808, rev 1.0, ext4 filesystem data, UUID=907c4fe6-346b-43f7-b5b7-10169bfd9bfd
218131172 0xD006AE4 Intel x86 or x64 microcode, sig 0x00000001, pf_mask 0x02, 0001-00-00, rev 0x0001, size 1
218131176 0xD006AE8 Intel x86 or x64 microcode, sig 0x00000001, pf_mask 0x00, 0001-00-00, rev 0x0001, size 1
218131180 0xD006AEC Intel x86 or x64 microcode, pf_mask 0x01, 0001-00-00, rev 0x0001, size 4294967295
218131184 0xD006AF0 Intel x86 or x64 microcode, sig 0x00000002, pf_mask 0x01, 0000-00-00, rev 0x0001, size 2048
218131188 0xD006AF4 Intel x86 or x64 microcode, pf_mask 0xffffffff, 0002-00-00, size 2048
218131204 0xD006B04 Intel x86 or x64 microcode, pf_mask 0x00, FFFF-FF-FF, rev 0x0001, size 2048
218131208 0xD006B08 Intel x86 or x64 microcode, pf_mask 0x00, 0000-00-00, rev 0x-001, size 2048
218132044 0xD006E4C Intel x86 or x64 microcode, pf_mask 0x00, 0000-00-00, size 2048
218149952 0xD00B440 Intel x86 or x64 microcode, sig 0x00000264, pf_mask 0x00, 0000-00-00, size 850
218149996 0xD00B46C Intel x86 or x64 microcode, pf_mask 0x00, 006B-00-00, rev 0x0001, size 2048
218150000 0xD00B470 Intel x86 or x64 microcode, sig 0x00000003, pf_mask 0x00, 0000-00-00, rev 0x006b, size 1
218150032 0xD00B490 Intel x86 or x64 microcode, sig 0x44460000, pf_mask 0x44190000, 0000-44-19, rev 0x3f800000, size 2048
219724677 0xD18BB85 LZMA compressed data, properties: 0x5B, dictionary size: 0 bytes, uncompressed size: 0 bytes
219724804 0xD18BC04 Intel x86 or x64 microcode, sig 0x000000ff, pf_mask 0x01, 0000-00-00, rev 0xff0018, size 4294967295
219724820 0xD18BC14 Intel x86 or x64 microcode, sig 0x00000001, pf_mask 0x00, 0001-00-00, rev 0x0100, size 2048
219724828 0xD18BC1C Intel x86 or x64 microcode, pf_mask 0x00, FFFF-FF-FF, rev 0x0001, size 2048
219724832 0xD18BC20 Intel x86 or x64 microcode, pf_mask 0x00, 0000-00-00, rev 0x-001, size 2048
219725668 0xD18BF64 Intel x86 or x64 microcode, pf_mask 0x00, 0000-00-00, size 2048
小结
在 Iot 渗透项目中固件分析是非常重要和关键的一步,binwalk 的使用和学习是必修课。
