##Welcome to Project Binwalk!
###Meet the team!
Cameron Smith
Ben Weddle
Orion Radford
Christopher Burke
Binwalk is a tool that excells at searching through a file in order to find embedded files and executable code more specfically in firmware images. binwalk also uses the libmagic library(which is a library which supports the file command on a unix system and handles the loading of database files . I have also included a link with more information on that if you find it interesting or what to know more!) Now before we can jump into binwalk you are going to want to download kali linux for your WSL (Windows subsystem for linux) which can be found here you can download binwalk on windows but it is reccomended you install it on linux but if you really want it on windows i have provided a link for that aswell.
Now that you have your kali linux distrobution open it up and it will ask you to create a username and password for it I would reccomend you keep it to something you will remmeber. and afterwords it should look something like this. Now this is just a terminal version here of kali linux and you can get a desktop gui the process for that is here
now that we have kali up and going you can get binwalk installed very easily by doing 'wget https://github.com/ReFirmLabs/binwalk/archive/master.zip' this will download the master zip file from the binwalk repo which you can find here and is a very useful resource when first learning how to use binwalk
and this is where you run into your first problem is that you need to unzip the zip file you just got but you need to capabilities to do so. so your going to want to enter the command 'sudo apt-get install unzip' get that installed and then you can do 'unzip master.zip' and that will finish the binwalk instal process and you can do 'binwalk' and your screen should look something like this
and boom were done installing binwalk and it was a super easy process compared to some of other tools out there but unfortunaly for us we dont get any cool UI or anything like that we just got a command like interface. and now we can move on to using binwalk
###Cameron Smith - Signature Scan Options
Alright for my part I will be doing signature scan options for binwalk which is easy to do and provides you with information about the firmware file I will be using which can be found here
well start with just the basic scan command on the file you just downloaded 'binwalk -b ddwrt-linksys-wrt1200ac-webflash.bin' and you should get something like this
which we can now see some information about the file. whats cool about this is you can see the decimal and hexadecimal for each part of the file we just scanned you can also
scan for more spefic stuff like common executable opcode signatures which you can do with 'binwalk -A file' which if you were to do it with our current file would look something like this.
this is information in which can be used maybe along with another program to make use of it fully but this is a solid barebones way of getting this info you can also set include and exclude if you have more experience and are searching for spefics even more and this can be used to help reverse engineer firmware.
Now along with scanning for executable code and instructions as we have seen before you can also use 'binwalk -m file' to see how many signatures and time your file your looking at has been signed or if it has been signed at all.
As we can see here our file has 411 signatures and we can see the time it took to scan it but more importantly we get an MD5 checksum which as we all know we can use in order to verify the file.
Ben Weddle - Entropy Options
File Entropy is defined as the measure of randomness within a set of values on a scale from 0 to 8, with 8 being the maximum of randomness and 0 being the most orderly data. The graphs generated relate to the values generated by -E in that the low points on the graph are listed as the "Falling Entropy Edge" and the high points on the graph are listed as "Rising Entropy Edge". The file I am examining is the .png file generated when I examine my weddle.log (weddle.log.png) file from our Module 3: Ch 7 Linux assignment. I am doing this mostly because I really hate bringing new files into Ubuntu, so if I can reuse an old one, great. This results in a new .png file (weddle.log.png.png). -E is your go to command for entropy, it calculates the entropy of the contents of the file and generates a graph of said entropy. -F is the same thing, just faster and less accurate. -J will save the graph generated by either -E or -F as a .png file. -Q causes the graph to generate without its legend. -N tells binwalk to not generate a graph. -H and -L set the threshold to register a Rising or Falling Entropy Edge.
The reason I am adding "J" at the end of all of my commands is because for some reason I can't get Ubuntu to display the entropy graph with just -E or -F alone, so J allows me to save the graph as a png, and then I use the command "explorer.exe ." to see all my saved files in the windows file explorer.
Resources:
Christopher Burke - Extraction Options
If you've ever wanted to play around with firmware, Binwalk's extraction options are quite useful. I will be using the firmware off of the same model router as the one I have at home. You can follow along by getting the file from here The hash of the zipped file is da8edf2e81cfdfeb328207ff3f30a4a1d2733bc2fd03102bc445bd799c5f1d93. Unzip it, and you'll be left with the .bin file (I renamed the .bin file to ax1500.bin for shorter commands). After that, open your terminal in Kali and navigate to the folder the file is in. Once there, we can start extracting files from the firmware with the most basic of extraction options. Type 'binwalk -e ax1500.bin'. 
It will display the information seen in the image above, and also add a folder containing the extracted files. As seen here. 
Next, we'll search through the file and extract recursively through it. To do so, we'll use the matryoshka option '-M' as well as removing any files that couldn't be extracted or resulted empty files with '-r'. Type 'binwalk -Mre ax1500.bin'. 
This, unsurprisingly, leaves us with a much longer terminal print out and a few more extracted files to view. The last option we'll explore is the '-D' option. This allows us to specify file types to extract from the firmware, which is probably the most useful option for this course. To do so, we'll type 'binwalk -D 'png image:png' ax1500.bin'. 
As seen, this greatly decreases the amount of files you may not care about. 
The options covered are the main options of extraction, but there are additional, useful options in the link at the bottom of this README. Some useful sites I used were this and this.
Orion Radford - Raw Compression Options
This is a helpful link when looking for commands for binkwalk.