Skip to content

JSON Analysis Results

Jump to bottom Edit New page
devttys0 edited this page Oct 17, 2024 · 1 revision

Binwalk's --log argument can save both signature and entropy analysis results to a JSON file for easy digestion by external tools.

JSON Signature Analysis

During a signature scan, each analyzed file will have a JSON entry describing any signatures identified in the file, and, if extraction was requested, the extraction results for each identified file signature:

binwalk --log=results.json /tmp/firmware.bin
[
{
  "Analysis": {
    "file_path": "/tmp/firmware.bin",
    "file_map": [
      {
        "offset": 0,
        "id": "94865c45-c9a7-4b60-ace7-6b0301ad3f7b",
        "size": 116,
        "name": "dlob",
        "confidence": 128,
        "description": "DLOB firmware header, header size: 116 bytes, data size: 19996704",
        "always_display": false,
        "extraction_declined": false
      },
      {
        "offset": 116,
        "id": "8e535408-623a-44e7-b7b0-80bd0bdf4ecc",
        "size": 1808138,
        "name": "lzma",
        "confidence": 250,
        "description": "LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, compressed size: 1808138 bytes, uncompressed size: 4897632 bytes",
        "always_display": false,
        "extraction_declined": false
      },
      {
        "offset": 1835124,
        "id": "967616fd-6734-45c3-b1ae-4e4d6b86ea96",
        "size": 32,
        "name": "packimg",
        "confidence": 0,
        "description": "PackImg firmware header, header size: 32 bytes, data size: 2102529 bytes",
        "always_display": false,
        "extraction_declined": false
      },
      {
        "offset": 1835156,
        "id": "63994acf-c413-4004-9303-20918a91afc3",
        "size": 18159869,
        "name": "squashfs",
        "confidence": 250,
        "description": "SquashFS file system, little endian, version: 4.0, compression: xz, inode count: 2673, block size: 131072, image size: 18159869 bytes, created: 2016-05-24 09:50:50",
        "always_display": false,
        "extraction_declined": false
      }
    ],
    "extractions": {}
  }
}
]

JSON Entropy Analysis

During an entropy scan, the entropy of each block of file data will be saved to the JSON file, where an entropy of 8 is perfectly random and an entropy of 0 is not random at all:

binwalk --entropy --log=results.json /tmp/firmware.bin
[
{
  "Entropy": {
    "file": "firmware.bin.png",
    "blocks": [
      {
        "end": 1024,
        "start": 0,
        "entropy": 7.7531734
      },
      {
        "end": 2048,
        "start": 1024,
        "entropy": 7.813327
      },
...
      {
        "end": 19996672,
        "start": 19995648,
        "entropy": 0.0
      },
      {
        "end": 19996820,
        "start": 19996672,
        "entropy": 0.0
      }
    ]
  }
}
]
Add a custom sidebar
Clone this wiki locally