Skip to content

Supported Signatures

devttys0 edited this page Oct 30, 2024 · 4 revisions

Binwalk supports a wide variety of file and data signatures; these can be viewed at any time by running:

$ binwalk --list
------------------------------------------------------------------------------------------------------------------------
Signature Description              Signature Name                     Extraction Utility
------------------------------------------------------------------------------------------------------------------------
7-zip archive data                 7zip                               7z
AES S-Box                          aes_sbox                           None
Android sparse image               android_sparse                     Built-in
Apple Disk iMaGe                   dmg                                dmg2img
APple File System                  apfs                               7zzs
Arcadyan obfuscated LZMA           arcadyan                           Built-in
Autel obfuscated firmware          autel                              Built-in
BIN firmware header                binhdr                             None
BTRFS file system                  btrfs                              None
bzip2 compressed data              bzip2                              Built-in
CFE bootloader                     cfe                                None
CHK firmware header                chk                                None
compress'd data                    compressd                          7z
Copyright text                     copyright                          None
CPIO ASCII archive                 cpio                               7z
CramFS filesystem                  cramfs                             7z
CRC32 polynomial table             crc32                              None
Debian package file                deb                                None
Device tree blob (DTB)             dtb                                dtc
DLOB firmware header               dlob                               None
DOS Master Boot Record             mbr                                Built-in
eCos kernel exception handler      ecos                               None
EFI Global Partition Table         efigpt                             7z
ELF binary                         elf                                None
EXT filesystem                     ext                                tsk_recover
FAT file system                    fat                                tsk_recover
GIF image                          gif                                Built-in
GPG signed file                    gpg_signed                         Built-in
gzip compressed data               gzip                               Built-in
HP Printer Job Language data       pjl                                None
Intel serial flash for PCH ROM     pchrom                             uefi-firmware-parser
ISO9660 primary volume             iso9660                            tsk_recover
JBOOT firmware header              jboot_arm                          None
JBOOT SCH2 header                  jboot_sch2                         Built-in
JBOOT STAG header                  jboot_stag                         None
JFFS2 filesystem                   jffs2                              jefferson
JPEG image                         jpeg                               Built-in
Linux kernel ARM64 boot image      linux_arm64_boot_image             None
Linux kernel boot image            linux_boot_image                   None
Linux kernel version               linux_kernel                       vmlinux-to-elf
LUKS header                        luks                               None
LZ4 compressed data                lz4                                lz4
LZFSE compressed data              lzfse                              lzfse
LZMA compressed data               lzma                               Built-in
LZO compressed data                lzop                               lzop
Microsoft Cabinet archive          cab                                cabextract
Motorola S-record                  srecord                            srec2bin
Motorola S-record (generic)        srecord_generic                    srec2bin
NTFS partition                     ntfs                               tsk_recover
OpenSSL encryption                 openssl                            None
PackImg firmware header            packimg                            None
Pcap-NG capture file               pcapng                             Built-in
PDF document                       pdf                                None
PEM certificate                    pem_certificate                    Built-in
PEM private key                    pem_private_key                    Built-in
PEM public key                     pem_public_key                     Built-in
PNG image                          png                                Built-in
POSIX tar archive                  tarball                            tar
QNX IFS image                      qnx_ifs                            dumpifs
RAR archive                        rar                                unrar
RIFF image                         riff                               Built-in
RomFS filesystem                   romfs                              Built-in
RSA encrypted session key          rsa                                None
RTK firmware header                rtk                                None
SEAMA firmware header              seama                              None
SHA256 hash constants              sha256                             None
SquashFS file system               squashfs                           sasquatch
SVG image                          svg                                Built-in
TP-Link firmware header            tplink                             None
TP-Link RTOS firmware              tplink_rtos                        None
TRX firmware image                 trx                                Built-in
UBI image                          ubi                                ubireader_extract_images
UBIFS image                        ubifs                              ubireader_extract_files
UEFI capsule image                 uefi_capsule                       uefi-firmware-parser
UEFI PI firmware volume            uefi_pi_volume                     uefi-firmware-parser
uImage firmware image              uimage                             Built-in
VxWorks symbol table               vxworks_symtab                     Built-in
VxWorks WIND kernel version        wind_kernel                        None
Windows CE binary image            wince                              Built-in
Windows PE binary                  pe                                 None
XZ compressed data                 xz                                 Built-in
YAFFSv2 filesystem                 yaffs                              unyaffs
ZIP archive                        zip                                7z
Zlib compressed file               zlib                               Built-in
ZSTD compressed data               zstd                               zstd
------------------------------------------------------------------------------------------------------------------------

Total signatures: 85
Extractable signatures: 57

Note

When run in a terminal, signatures displayed in yellow are prone to false positives, and by default, only searched for at the beginning of each file.

Tip

To search for all signatures at all file offsets, use the --search-all command line option.

Clone this wiki locally