-
Notifications
You must be signed in to change notification settings - Fork 3
Binwalk Enterprise FAQ
Binwalk Enterprise is an automated firmware analysis platform. It allows you to submit raw firmware images, then unpacks and decompresses the files from within the firmware and performs a series of automated analysis steps to identify potential security vulnerabilities in the firmware.
Binwalk Open Source is the popular open source tool used to extract file systems from binary firmware images. Binwalk Enterprise goes beyond Binwalk Open Source to provide full automated firmware security analysis and reporting as well as enhanced file system extraction. A full comparison of the different versions of Binwalk can be found here: https://github.com/ReFirmLabs/binwalk-enterprise-faq/wiki/Binwalk-Enterprise-TSG#pre-sales
If you have questions or are having issues with Binwalk Enterprise, please login at: https://centrifuge.refirmlabs.com/, click on the "Help" icon and select "Contact Support".
- To log into the Microsoft support web portal, you will be prompted to enter any valid Microsoft Account (MSA) or Office 365 account. (An MSA is an Outlook/Hotmail account, or any email linked to a Microsoft account. (You can create or configure an MSA from: https://account.microsoft.com/account)
- Select the category and problem that best describes your issue.
- Enter any additional information, upload any attachments, confirm your contact information, and submit your ticket.
- You will receive an email confirming your request upon submission.
Binwalk Enterprise starts with the binary image of the firmware that would be installed on a device. The image is uploaded via the web portal by choosing “Add Firmware”. Alternatively if using Binwalk Enterprise the image can be submitted using the REST API or command line utility. Once the image is loaded, the system attempts to identify and extract the embedded file system from the image, and then conducts a series of security analyses to identify potential issues.
A wide variety (>25) of unencrypted filesystem encoding formats are supported, (including ubifs, cramfs, squashfs, linux ext, jffs2, yaffs, qnx, and numerous compression formats). Additionally non-filesystem formats such as elf or RTOS images may be analyzed.
Supported Formats:
ubi
ubifs filesystem
cramfs filesystem
squashfs filesystem
linux ext filesystem
romfs filesystem
jffs2 filesystem
yaffs filesystem
qnx6 superblock
qnx4 boot block
qnx ifs startup header
ascii cpio archive
gzip compressed
bzip2 compressed
lzma compressed
lz4 compressed
posix tar archive
old-style tar archive
xz compressed
star archive
zip archive
microsoft cabinet archive data
7-zip archive
end of zip archive
intel serial flash
uefi
uefiguid
jar
dpkg
elf
gpg signed
linux kernel version
ecos kernel exception handler
supermicro firmware with encrypted cramfs images
iso 9660
qsdk firmware header
obfuscated arcadyan firmware
qnap qtx encrypted firmware
buffalo encrypted firmware
nec aterm encrypted firmware
android sparse image
vxworks symbol table
uc/os-ii symbol table
Generally no, the firmware image needs to be unencrypted for Binwalk to extract the file system for analysis. If you have access to the decrypted firmware image, you can upload a tarball of the filesystem to get analysis results.
Vulnerability analysis is available for firmware images built for MIPS (32- and 64-bit), ARM (32- and 64-bit), PowerPC (32-bit), x86_64, and SuperH.
Binwalk Enterprise supports analysis of embedded Linux (various flavors) and Blackberry QNX. Beta support is provided for analyzing VxWorks and µC/OS-II RTOS (see below).
Beta support is available for analyzing VxWorks and µC/OS-II RTOS images. A symbol table is required to assist in the vulnerability analysis - this can be left in the image from the build process, or if it is available separately, concatenate it to the end of the image before uploading.
Not yet - please contact us if you are interested.
Analysis of bare metal firmware images (i.e., with an underlying OS) is not supported at this time.
Binwalk Enterprise is limited to 3GB files via the web ui but is unrestricted when uploading via the REST API. Binwalk Teams is limited to 1GB.
No, Binwalk Enterprise works with the binary firmware image - it does not analyze source code.
If you are a device developer, take the final image from your development build process, or repository of golden images for different releases. If you are a device operator, you can usually download the image from the vendor (sometimes a support contract is required), or ask the manufacturer for the firmware image.
No, there is rarely a way to pull a firmware image from a device over a network. The best approach is to get the image from the manufacturer.
It depends on how large the firmware image is, and how many executable files are present for analysis. For a small image (<100MB) analysis typically takes less than 10 minutes. For very large images (>1GB) analysis may take an hour or more.
Other users in your organization will automatically see the results of any firmware that you have analyzed. If they do not have an account, or are not in your organization, you can create a Shared Report, which is a read-only link you can send to them to see the results. You can also download a summary report as a PDF that provides a high level overview of the results.
Shared Reports can have optional passwords and also expiration dates for security - these can be set when you create the shared report, or you can modify existing shared reports to add these restrictions. Recipients on shared report links cannot download the original firmware image.
If there are no results, and the file extraction count is lower than expected then this is generally an extraction issue.
Look at the Root FS Found count in the main firmware overview page as to an indicator whether extraction was successful.
If you believe there should be a Linux or QNX based filesystem in the upload and Binwalk does not extract it please contact support.