search

ReFirmLabs / binwalk

Firmware Analysis Tool
MIT License
10.35k stars 1.49k forks source link

If providing more than one file, binwalk uses verbose mode only. #647

Open Baa14453 opened 1 year ago

Baa14453 commented 1 year ago

Hi, I am using binwalk to calculate the entropy of two files. When I do this, it acts as if I have passed the --verbose switch. It does this from command-line and the API, In addition, using the API only the entropy of the last file is calculated.

Single file operations

binwalk -E file1.png --nplot:

DECIMAL       HEXADECIMAL     ENTROPY
--------------------------------------------------------------------------------
1024          0x400           Rising entropy edge (0.959579)
7168          0x1C00          Rising entropy edge (0.958100)
9216          0x2400          Rising entropy edge (0.963688)
15360         0x3C00          Rising entropy edge (0.966344)
17408         0x4400          Falling entropy edge (0.743483)
20480         0x5000          Falling entropy edge (0.753434)
22528         0x5800          Rising entropy edge (0.953214)
25600         0x6400          Rising entropy edge (0.964227)
32768         0x8000          Rising entropy edge (0.964087)
43008         0xA800          Rising entropy edge (0.975895)
51200         0xC800          Rising entropy edge (0.951791)
53248         0xD000          Rising entropy edge (0.962434)
55296         0xD800          Falling entropy edge (0.294694)
57344         0xE000          Rising entropy edge (0.965712)
66560         0x10400         Falling entropy edge (0.378792)

binwalk -E file1.png --nplot --verbose

Scan Time:     2023-06-01 19:04:58
Target File:   /home/baa/Downloads/temp/file1.png
MD5 Checksum:  12732d1bff9db47c11399ee435ea0215

DECIMAL       HEXADECIMAL     ENTROPY
--------------------------------------------------------------------------------
0             0x0             0.949861
1024          0x400           0.959579
2048          0x800           0.955817
3072          0xC00           0.971483
4096          0x1000          0.968247
5120          0x1400          0.969498
6144          0x1800          0.929251
7168          0x1C00          0.958100
8192          0x2000          0.914151
9216          0x2400          0.963688
10240         0x2800          0.969314
11264         0x2C00          0.971493
12288         0x3000          0.970677
13312         0x3400          0.926387
14336         0x3800          0.912220
15360         0x3C00          0.966344
16384         0x4000          0.961265
17408         0x4400          0.743483
18432         0x4800          0.928711
19456         0x4C00          0.924944
20480         0x5000          0.753434
21504         0x5400          0.878900
22528         0x5800          0.953214
23552         0x5C00          0.898333
24576         0x6000          0.931520
25600         0x6400          0.964227
26624         0x6800          0.954490
27648         0x6C00          0.959507
28672         0x7000          0.963246
29696         0x7400          0.971525
30720         0x7800          0.967919
31744         0x7C00          0.913375
32768         0x8000          0.964087
33792         0x8400          0.970660
34816         0x8800          0.971863
35840         0x8C00          0.964137
36864         0x9000          0.974050
37888         0x9400          0.966759
38912         0x9800          0.964000
39936         0x9C00          0.969037
40960         0xA000          0.947263
41984         0xA400          0.904252
43008         0xA800          0.975895
44032         0xAC00          0.972085
45056         0xB000          0.976440
46080         0xB400          0.972787
47104         0xB800          0.960667
48128         0xBC00          0.971557
49152         0xC000          0.963823
50176         0xC400          0.899801
51200         0xC800          0.951791
52224         0xCC00          0.903265
53248         0xD000          0.962434
54272         0xD400          0.921925
55296         0xD800          0.294694
56320         0xDC00          0.877480
57344         0xE000          0.965712
58368         0xE400          0.960424
59392         0xE800          0.960271
60416         0xEC00          0.964225
61440         0xF000          0.967849
62464         0xF400          0.952928
63488         0xF800          0.948450
64512         0xFC00          0.946729
65536         0x10000         0.891043
66560         0x10400         0.378792

Multiple file operation

binwalk -E file1.png file2.png --nplot

Scan Time:     2023-06-01 19:05:37
Target File:   /home/baa/Downloads/temp/file1.png
MD5 Checksum:  12732d1bff9db47c11399ee435ea0215

DECIMAL       HEXADECIMAL     ENTROPY
--------------------------------------------------------------------------------
0             0x0             0.949861
1024          0x400           0.959579
2048          0x800           0.955817
3072          0xC00           0.971483
4096          0x1000          0.968247
5120          0x1400          0.969498
6144          0x1800          0.929251
7168          0x1C00          0.958100
8192          0x2000          0.914151
9216          0x2400          0.963688
10240         0x2800          0.969314
11264         0x2C00          0.971493
12288         0x3000          0.970677
13312         0x3400          0.926387
14336         0x3800          0.912220
15360         0x3C00          0.966344
16384         0x4000          0.961265
17408         0x4400          0.743483
18432         0x4800          0.928711
19456         0x4C00          0.924944
20480         0x5000          0.753434
21504         0x5400          0.878900
22528         0x5800          0.953214
23552         0x5C00          0.898333
24576         0x6000          0.931520
25600         0x6400          0.964227
26624         0x6800          0.954490
27648         0x6C00          0.959507
28672         0x7000          0.963246
29696         0x7400          0.971525
30720         0x7800          0.967919
31744         0x7C00          0.913375
32768         0x8000          0.964087
33792         0x8400          0.970660
34816         0x8800          0.971863
35840         0x8C00          0.964137
36864         0x9000          0.974050
37888         0x9400          0.966759
38912         0x9800          0.964000
39936         0x9C00          0.969037
40960         0xA000          0.947263
41984         0xA400          0.904252
43008         0xA800          0.975895
44032         0xAC00          0.972085
45056         0xB000          0.976440
46080         0xB400          0.972787
47104         0xB800          0.960667
48128         0xBC00          0.971557
49152         0xC000          0.963823
50176         0xC400          0.899801
51200         0xC800          0.951791
52224         0xCC00          0.903265
53248         0xD000          0.962434
54272         0xD400          0.921925
55296         0xD800          0.294694
56320         0xDC00          0.877480
57344         0xE000          0.965712
58368         0xE400          0.960424
59392         0xE800          0.960271
60416         0xEC00          0.964225
61440         0xF000          0.967849
62464         0xF400          0.952928
63488         0xF800          0.948450
64512         0xFC00          0.946729
65536         0x10000         0.891043
66560         0x10400         0.378792

Scan Time:     2023-06-01 19:05:37
Target File:   /home/baa/Downloads/temp/file2.png
MD5 Checksum:  42f374df36849327f69c4d404ac1dcee

DECIMAL       HEXADECIMAL     ENTROPY
--------------------------------------------------------------------------------
0             0x0             0.949400
1024          0x400           0.959579
2048          0x800           0.955817
3072          0xC00           0.971483
4096          0x1000          0.968247
5120          0x1400          0.969498
6144          0x1800          0.929251
7168          0x1C00          0.958100
8192          0x2000          0.914151
9216          0x2400          0.963688
10240         0x2800          0.969314
11264         0x2C00          0.971493
12288         0x3000          0.970677
13312         0x3400          0.926387
14336         0x3800          0.912220
15360         0x3C00          0.966344
16384         0x4000          0.961265
17408         0x4400          0.743483
18432         0x4800          0.928711
19456         0x4C00          0.924944
20480         0x5000          0.753434
21504         0x5400          0.878900
22528         0x5800          0.953214
23552         0x5C00          0.898333
24576         0x6000          0.931520
25600         0x6400          0.964227
26624         0x6800          0.954490
27648         0x6C00          0.959507
28672         0x7000          0.963246
29696         0x7400          0.971525
30720         0x7800          0.967919
31744         0x7C00          0.913375
32768         0x8000          0.964087
33792         0x8400          0.970660
34816         0x8800          0.971863
35840         0x8C00          0.964137
36864         0x9000          0.974050
37888         0x9400          0.966759
38912         0x9800          0.964000
39936         0x9C00          0.969037
40960         0xA000          0.947263
41984         0xA400          0.904252
43008         0xA800          0.975895
44032         0xAC00          0.972085
45056         0xB000          0.976440
46080         0xB400          0.972787
47104         0xB800          0.960667
48128         0xBC00          0.971557
49152         0xC000          0.963823
50176         0xC400          0.899801
51200         0xC800          0.951791
52224         0xCC00          0.903265
53248         0xD000          0.962434
54272         0xD400          0.921925
55296         0xD800          0.294694
56320         0xDC00          0.877480
57344         0xE000          0.965712
58368         0xE400          0.960424
59392         0xE800          0.960271
60416         0xEC00          0.964225
61440         0xF000          0.967849
62464         0xF400          0.952928
63488         0xF800          0.948450
64512         0xFC00          0.946729
65536         0x10000         0.891043
66560         0x10400         0.378792

As you can see, no --verbose switch has been passed, yet it produces significantly more entropy offsets.

Example using the API:

import binwalk, shutil
from glob import glob

scan_results = binwalk.scan(*["file1.png", "file2.png"], entropy=True, quiet=True, nplot=True)

for module in scan_results:
    for result in module.results:
        print(result.file.name, result.entropy)

Output:

file2.png 0.9493996944468599
file2.png 0.9595791722861261
file2.png 0.9558169198936609
file2.png 0.9714829585169217
file2.png 0.9682472263461492
file2.png 0.9694977535535277
file2.png 0.9292512540892645
file2.png 0.9580999844401131
file2.png 0.9141505571106932
file2.png 0.9636884269465352
file2.png 0.9693139162127572
file2.png 0.9714932953837963
file2.png 0.9706772584604624
file2.png 0.9263866605337727
file2.png 0.9122197382879317
file2.png 0.9663442022196504
file2.png 0.9612653482355105
file2.png 0.7434828096366249
file2.png 0.9287111086094179
file2.png 0.9249435757188217
file2.png 0.7534343064656258
file2.png 0.8789004250389856
file2.png 0.9532139952319626
file2.png 0.8983331044969495
file2.png 0.931519964496851
file2.png 0.9642267738844269
file2.png 0.9544897483995143
file2.png 0.9595069003382327
file2.png 0.9632455479828916
file2.png 0.9715250607039375
file2.png 0.9679185595220438
file2.png 0.9133748589014484
file2.png 0.9640868603466539
file2.png 0.9706602528059435
file2.png 0.9718626201452758
file2.png 0.9641368415572951
file2.png 0.9740504400144321
file2.png 0.966759038140978
file2.png 0.963999648597922
file2.png 0.9690371318079097
file2.png 0.947262934035993
file2.png 0.9042520203577415
file2.png 0.9758947528658587
file2.png 0.9720849236316688
file2.png 0.9764404671754977
file2.png 0.9727871693348875
file2.png 0.9606666032245503
file2.png 0.9715573585035273
file2.png 0.9638233059287353
file2.png 0.899800654170215
file2.png 0.9517905494901737
file2.png 0.9032648690623268
file2.png 0.9624338929205475
file2.png 0.9219248538891675
file2.png 0.29469376058274616
file2.png 0.877479852654148
file2.png 0.9657120237236935
file2.png 0.9604239168003949
file2.png 0.9602711210893344
file2.png 0.9642254623864204
file2.png 0.9678487908106863
file2.png 0.9529282983767369
file2.png 0.9484503965210455
file2.png 0.9467292820596948
file2.png 0.8910431181661602
file2.png 0.37879248741029753

The output is verbose and there are no results for file1.png. I tried adding the verbose=False but it makes no difference.

Thanks.