Binwalk 1.2 has been released, and in addition to the usual signature / speed improvements, it sports several new features:

Recursive file scanning and extraction

Entropy and strings analysis

Plugin support

Recursive Extraction

Often files extracted by binwalk need to be further scanned / analyzed. This can now be automated with the –matryoshka option, which will recursively extract and scan files up to eight levels deep:

$ binwalk -e --matryoshka firmware.bin

Entropy Analysis

Binwalk’s signature analysis is great, but how do you know it didn’t miss something? What do you do if binwalk doesn’t find anything at all?

Examining a file’s entropy can reveal a lot about its contents, such as which parts of the file may be compressed or encrypted:

What’s more, you can combine binwalk’s entropy analysis with other scans, such as the standard signature scan, or a strings / opcode scan:

Plugin Support

In addition to a scriptable API, binwalk now supports plugins that are afforded considerable control over binwalk’s scan process. Plugins are particularly useful for extending or modifying binwalk’s analysis where custom signatures fall short.

Plugins are easy to write; check out some of the examples on the wiki!