Skip to content

binwalk.py

ofrak.core.binwalk

BinwalkAnalyzer (Analyzer)

Uses the binwalk tool to scan binary data for embedded files, filesystems, compressed data, bootloaders, and known file signatures. Binwalk identifies file offsets and types based on magic bytes and header patterns. Use for initial triage of unknown firmware or binaries to discover what's embedded inside, identify compressed sections, find filesystem boundaries, or locate interesting artifacts without manually parsing. This is a good first step in the firmware analysis workflow if OFRAK cannot automatically identify and unpack a given firmware - once binwalk identifies firmware chunk boundaries, create children for each chunk and use the OFRAK firmware analysis workflows accordingly. If using the GUI, use the "Carve Child" button to create these children.

analyze(self, resource, config=None) async

Analyze a resource for to extract specific ResourceAttributes.

Users should not call this method directly; rather, they should run Resource.run or Resource.analyze.

Parameters:

Name Type Description Default
resource Resource

The resource that is being analyzed

 required
config

Optional config for analyzing. If an implementation provides a default, this default will always be used when config would otherwise be None. Note that a copy of the default config will be passed, so the default config values cannot be modified persistently by a component run.

 None

Returns:

Type Description
BinwalkAttributes

The analysis results
Source code in ofrak/core/binwalk.py 
async def analyze(self, resource: Resource, config=None) -> BinwalkAttributes:
    if not BINWALK_INSTALLED:
        raise ComponentMissingDependencyError(self, BINWALK_TOOL)
    async with resource.temp_to_disk() as temp_path:
        # Should errors be handled the way they are in the `DataSummaryAnalyzer`? Likely to be
        # overkill here.
        offsets = await asyncio.get_running_loop().run_in_executor(
            self.pool, _run_binwalk_on_file, temp_path
        )
    return BinwalkAttributes(offsets)

BinwalkAttributes (ResourceAttributes) dataclass

BinwalkAttributes(offsets: Dict[int, str])

_BinwalkExternalTool (ComponentExternalTool) private

__init__(self) special

Initialize self. See help(type(self)) for accurate signature.

Source code in ofrak/core/binwalk.py 
def __init__(self):
    super().__init__(
        "binwalk",
        "https://github.com/ReFirmLabs/binwalk",
        install_check_arg="",
    )

is_tool_installed(self) async

Check if a tool is installed by running it with the install_check_arg. This method runs <tool> <install_check_arg>.

Returns:

Type Description
bool

True if the tool command returned zero, False if tool could not be found or returned non-zero exit code.
Source code in ofrak/core/binwalk.py 
async def is_tool_installed(self) -> bool:
    return BINWALK_INSTALLED