I am working on an important school project and I use Binwalk as one of my tools. I saw that using the --invalid parameter, I get more promising results. Yet I don't know how to decide whether the results I got are useful, or if I can ignore them and call them garbage.
I'm a beginner to things relating to reverse engineering.
What makes a Binwalk result "invalid"?
What factors does Binwalk take into account when deciding to mark a result as invalid?
Anyone happen to know how I could determine if an "invalid"-marked result might actually be a valid result?
(I know this question ends up being broad, since there are SO MANY different types of data that Binwalk can recognize.)
There's also been a question posted on the Reverse Engineering Stack Exchange a few months ago, called ~"what's the advantage of show results marked as invalid?" yet no one's answered it yet, which is somewhat dissatisfying.
I am working on an important school project and I use Binwalk as one of my tools. I saw that using the --invalid parameter, I get more promising results. Yet I don't know how to decide whether the results I got are useful, or if I can ignore them and call them garbage. I'm a beginner to things relating to reverse engineering.
What makes a Binwalk result "invalid"? What factors does Binwalk take into account when deciding to mark a result as invalid? Anyone happen to know how I could determine if an "invalid"-marked result might actually be a valid result? (I know this question ends up being broad, since there are SO MANY different types of data that Binwalk can recognize.)
There's also been a question posted on the Reverse Engineering Stack Exchange a few months ago, called ~"what's the advantage of show results marked as invalid?" yet no one's answered it yet, which is somewhat dissatisfying.