binwalk

Binwalk is a tool for taking apart firmware and other files to see what is hidden inside them. Firmware is the low-level software built into devices like routers, cameras, and other gadgets. It usually comes as one large file that actually contains many smaller pieces packed together, such as a file system, compressed data, or program code. Binwalk reads through such a file and works out what those embedded pieces are. This version, Binwalk v3, has been rewritten in the Rust programming language, which the maintainers say makes it faster and more accurate than before.

The main job is identification and extraction. Binwalk can scan a file, point out the different files and chunks of data buried within it, and then optionally pull them out so you can examine them separately. Its primary focus is firmware, but it recognizes a wide range of file and data types, with the full list kept in the project's wiki.

It also includes a technique called entropy analysis. Entropy here is a measure of how random the data looks. By charting this, Binwalk can flag sections that appear to be compressed or encrypted even when it cannot identify them outright, which gives an investigator a useful clue about what they are looking at. Beyond the standalone tool, Binwalk is offered as a Rust library, so developers can build its capabilities into their own Rust programs.

There are several ways to install it. The README says the easiest route is to build a Docker image, which bundles the tool together with everything it depends on. You can also install it through Cargo, the package manager that comes with Rust, or compile it yourself from the source code.

Using it is meant to be straightforward. You run the binwalk command followed by the name of the file you want to inspect, and it prints a detailed report of what it found. A help option and the project wiki cover more advanced settings for people who need them. The README keeps things brief and points to the wiki for deeper documentation.