binwalk install

https://blog.csdn.net/whatday/article/details/88896800

sudo apt-get update
$ sudo apt-get install build-essential autoconf git
 
$ git clone https://github.com/devttys0/binwalk
$ cd binwalk
$ sudo python setup.py install
 
# 如果安装的是 python 2.x，还需要安装python-lzma模块

[root@localhost binary]# binwalk -e  vmlinuz-5.4.60-89
Traceback (most recent call last):
  File "/usr/bin/binwalk", line 2, in <module>
    from binwalk.__main__ import main
  File "/usr/lib/python2.7/site-packages/binwalk/__init__.py", line 4, in <module>
    from binwalk.core.version import __version__ # This file is auto-generated by setup.py and ignored by .gitignore
  File "/usr/lib/python2.7/site-packages/binwalk/core/version.py", line 11, in <module>
    import pkg_resources
ImportError: No module named pkg_resources

解决办法：https://mhl.xyz/Python/No-module-named-pkg_resources.html

第一种安装：

yum install gcc python-setuptools python-devel
easy_install pip
第二种安装

如果不行使用下面步骤：
1.安装distribute

wget https://pypi.python.org/packages/source/d/distribute/distribute-0.7.3.zip --no-check-certificate
unzip distribute-0.7.3.zip
cd distribute-0.7.3
python setup.py install
2.安装setuptool
https://pypi.python.org/pypi/setuptools 下载最新版
解决并进入目录

python setup.py install
3.安装pip

easy_install pip
4.如果安装pip过程中报ImportError: No module named extern异常

https://pypi.python.org/pypi/extern 下载最新extern安装后再次尝试即可

[root@localhost binary]# binwalk -e  vmlinuz-5.4.60-89

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             gzip compressed data, maximum compression, from Unix, last modified: 1970-01-01 00:00:00 (null date)

生成 _vmlinuz-5.4.60-89.extracted

[root@localhost _vmlinuz-5.4.60-89.extracted]# ls
0  0.gz
[root@localhost _vmlinuz-5.4.60-89.extracted]# du -sh *
10M     0
4.7M    0.gz
[root@localhost _vmlinuz-5.4.60-89.extracted]# 

[root@localhost _vmlinuz-5.4.60-89.extracted]# file 0
0: MS-DOS executable, MZ for MS-DOS
[root@localhost _vmlinuz-5.4.60-89.extracted]# file 0.gz 
0.gz: gzip compressed data, from Unix, max compression
[root@localhost _vmlinuz-5.4.60-89.extracted]# 

[root@localhost _vmlinuz-5.4.60-89.extracted]# gunzip 0.gz 
gzip: 0 already exists; do you wish to overwrite (y or n)? n
        not overwritten
[root@localhost _vmlinuz-5.4.60-89.extracted]#

[root@localhost _vmlinuz-5.4.60-89.extracted]# binwalk 0

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Linux kernel ARM64 image, load offset: 0x80000, image size: 10964992 bytes, little endian, 4k page size,
122240        0x1DD80         SHA256 hash constants, little endian
7626752       0x746000        ELF, 64-bit LSB shared object, version 1 (SYSV)
7785152       0x76CAC0        CRC32 polynomial table, little endian
7826768       0x776D50        Intel x86 or x64 microcode, sig 0x0000000c, pf_mask 0x2012000, 2000-02-01, rev 0x-001, size 6
7901675       0x7891EB        Neighborly text, "neighbor dump requestbor dump request"
7901733       0x789225        Neighborly text, "neighbor dump request dump request"
7901788       0x78925C        Neighborly text, "neighbor dump request"
7902073       0x789379        Neighborly text, "neighbor dump requestInvalid values in header for neighbor get request"
7902115       0x7893A3        Neighborly text, "neighbor get requestrequest"
7902165       0x7893D5        Neighborly text, "neighbor get request get request"
7902220       0x78940C        Neighborly text, "neighbor get requestighbor get request"
7902281       0x789449        Neighborly text, "neighbor get requestrequest"
7902331       0x78947B        Neighborly text, "neighbor get requestest"
7902377       0x7894A9        Neighborly text, "neighbor get requestequest"
7902419       0x7894D3        Neighborly text, "neighbor table dump requestbor table dump request"
7902477       0x78950D        Neighborly text, "neighbor table dump request neighbor table dump request"
7902541       0x78954D        Neighborly text, "neighbor table dump request"
7903184       0x7897D0        Neighborly text, "Neighbor entry is now dead"
8583016       0x82F768        Unix path: /dev/vc/0
8635712       0x83C540        Unix path: /sys/fs/xfs/stats/stats
8660176       0x8424D0        xz compressed data
8747400       0x857988        Unix path: /lib/firmware/updates/5.4.60
8771423       0x85D75F        Copyright string: "Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>"
8785848       0x860FB8        Unix path: /sys/firmware/devicetree/base
8787265       0x861541        Unix path: /sys/firmware/fdt': CRC check failed
8809321       0x866B69        Neighborly text, "neighbor table overflow!atistics"
8860120       0x8731D8        Neighborly text, "NeighborSolicits"
8860144       0x8731F0        Neighborly text, "NeighborAdvertisementsErrors"
8863754       0x87400A        Neighborly text, "neighbor %.2x%.2x.%pM lost hash_elasticity option has been deprecated and is always %u"
9411704       0x8F9C78        ASCII cpio archive (SVR4 with no CRC), file name: "dev", file name length: "0x00000004", file size: "0x00000000"
9411820       0x8F9CEC        ASCII cpio archive (SVR4 with no CRC), file name: "dev/console", file name length: "0x0000000C", file size: "0x00000000"
9411944       0x8F9D68        ASCII cpio archive (SVR4 with no CRC), file name: "root", file name length: "0x00000005", file size: "0x00000000"
9412060       0x8F9DDC        ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
9995520       0x988500        AES S-Box
9995776       0x988600        AES Inverse S-Box

[root@localhost binary]# binwalk vmlinux-jay

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Linux kernel ARM64 image, load offset: 0x80000, image size: 10964992 bytes, little endian, 4k page size,
122240        0x1DD80         SHA256 hash constants, little endian
7626752       0x746000        ELF, 64-bit LSB shared object, version 1 (SYSV)
7785152       0x76CAC0        CRC32 polynomial table, little endian
7826768       0x776D50        Intel x86 or x64 microcode, sig 0x0000000c, pf_mask 0x2012000, 2000-02-01, rev 0x-001, size 6
7901675       0x7891EB        Neighborly text, "neighbor dump requestbor dump request"
7901733       0x789225        Neighborly text, "neighbor dump request dump request"
7901788       0x78925C        Neighborly text, "neighbor dump request"
7902073       0x789379        Neighborly text, "neighbor dump requestInvalid values in header for neighbor get request"
7902115       0x7893A3        Neighborly text, "neighbor get requestrequest"
7902165       0x7893D5        Neighborly text, "neighbor get request get request"
7902220       0x78940C        Neighborly text, "neighbor get requestighbor get request"
7902281       0x789449        Neighborly text, "neighbor get requestrequest"
7902331       0x78947B        Neighborly text, "neighbor get requestest"
7902377       0x7894A9        Neighborly text, "neighbor get requestequest"
7902419       0x7894D3        Neighborly text, "neighbor table dump requestbor table dump request"
7902477       0x78950D        Neighborly text, "neighbor table dump request neighbor table dump request"
7902541       0x78954D        Neighborly text, "neighbor table dump request"
7903184       0x7897D0        Neighborly text, "Neighbor entry is now dead"
8583016       0x82F768        Unix path: /dev/vc/0
8635712       0x83C540        Unix path: /sys/fs/xfs/stats/stats
8660176       0x8424D0        xz compressed data
8747400       0x857988        Unix path: /lib/firmware/updates/5.4.60
8771423       0x85D75F        Copyright string: "Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>"
8785848       0x860FB8        Unix path: /sys/firmware/devicetree/base
8787265       0x861541        Unix path: /sys/firmware/fdt': CRC check failed
8809321       0x866B69        Neighborly text, "neighbor table overflow!atistics"
8860120       0x8731D8        Neighborly text, "NeighborSolicits"
8860144       0x8731F0        Neighborly text, "NeighborAdvertisementsErrors"
8863754       0x87400A        Neighborly text, "neighbor %.2x%.2x.%pM lost hash_elasticity option has been deprecated and is always %u"
9411704       0x8F9C78        ASCII cpio archive (SVR4 with no CRC), file name: "dev", file name length: "0x00000004", file size: "0x00000000"
9411820       0x8F9CEC        ASCII cpio archive (SVR4 with no CRC), file name: "dev/console", file name length: "0x0000000C", file size: "0x00000000"
9411944       0x8F9D68        ASCII cpio archive (SVR4 with no CRC), file name: "root", file name length: "0x00000005", file size: "0x00000000"
9412060       0x8F9DDC        ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
9995520       0x988500        AES S-Box
9995776       0x988600        AES Inverse S-Box

在vmlinux文件偏移0x8424D0处，有一个疑似xz压缩文档，提取出来尝试解压。

参考 https://hev.cc/2863.html

[root@localhost binary]# dd if=vmlinux-jay of=t.xz bs=$((0x8424D0)) skip=1
0+1 records in
0+1 records out
1791280 bytes (1.8 MB) copied, 0.00243052 s, 737 MB/s

[root@localhost binary]# ls
  t.xz         vmlinuz-5.4.34-88  _vmlinuz-5.4.60-89.extracted
  vmlinux-jay  vmlinuz-5.4.60-89

[root@localhost rootfs]# xz -d t.xz 
xz: t.xz: Compressed data is corrupt
[root@localhost rootfs]#