binwalk

Overview

binwalk scans firmware for embedded files and filesystems. `-e` extracts; `-M` recurses into extracted content.

Signatures for squashfs, cramfs, u-boot, compressed blobs. Essential for IoT/embedded RE pipeline with ghidra.

Primary use cases

• Firmware extraction from router/IP camera images
• Finding hardcoded keys in embedded filesystems

Key commands

binwalk -eM firmware.bin

Related tools

• Ghidra — Reverse engineering IDE. Disassembly, decompilation, scripting, and binary diffing.
• YARA — Malware identification language. String/hex patterns with boolean conditions over scanned files.