Replace binwalk generic carver functionality with unblob #109
Conversation
…pping of intermediate folder
* added action to build extractor image based on unblob-2 branch
|
I can get behind this; binwalk has largely been abandoned and unblob seems to be more accurate at carving out components. |
You can already use FACT and the FACT extractor with unblob as carver: A docker image based on this branch is available as tag "unblob" (see https://hub.docker.com/repository/docker/fkiecad/fact_extractor/general). So you can simply pull it with docker pull fkiecad/fact_extractor:unbloband if you want to use it in FACT you need to edit But be advised: unblob does not always work better than binwalk and there are many cases where files are not extracted that were extracted with binwalk as carver (e.g. whole file systems). This is also the reason we binwalk was not fully replaced with unblob in the extractor yet. |
FYI: There seems to be a bug in the latest version of the extractor container with unblob. It will not carve files because the CLI API/behavior changed in a way that carving files without unpacking is no longer possible in a recent version. We will push a fix to this branch soon. edit: I have pushed a fix and the image on docker hub should also already be fixed |
|
Has currently problems with certain container types (which unblob will not carve because it expects a dedicated unpacker to be available for these types). Will be ready when:
|
No description provided.