Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From tools-plugin
Explores and reverse engineers binary files and firmware using strings, binwalk, hexdump, xxd, objdump, readelf, and nm to extract text, analyze entropy, and identify structures.
npx claudepluginhub laurigates/claude-plugins --plugin tools-pluginHow this skill is triggered — by the user, by Claude, or both
Slash command
/tools-plugin:binary-analysishaikuThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Tools for exploring and reverse engineering binary files, firmware, and unknown data.
Performs firmware image extraction and analysis with binwalk, including entropy analysis, recursive extraction of embedded filesystems (SquashFS, CramFS, JFFS2), and string analysis for credentials. Relevant for IoT device security assessments and embedded system reverse engineering.
Extracts and analyzes firmware images using binwalk, identifying embedded filesystems, compressed archives, and cryptographic material. Useful for IoT device security assessment and firmware reverse engineering.
Extracts and analyzes firmware images using binwalk to identify filesystems, archives, bootloaders, kernels, crypto material, and credentials via entropy and string analysis. For IoT reverse engineering and embedded security.
Share bugs, ideas, or general feedback.
Tools for exploring and reverse engineering binary files, firmware, and unknown data.
| Tool | Purpose | Install |
|---|---|---|
strings | Extract printable text from binaries | Built-in (binutils) |
binwalk | Firmware analysis, file extraction | pip install binwalk or cargo install binwalk |
hexdump | Hex/ASCII dump | Built-in |
xxd | Hex dump with reverse capability | Built-in (vim) |
file | Identify file type | Built-in |
Find human-readable strings embedded in binary files.
# Basic usage - find all printable strings (min 4 chars)
strings binary_file
# Set minimum string length
strings -n 10 binary_file # Only strings >= 10 chars
# Show file offset of each string
strings -t x binary_file # Hex offset
strings -t d binary_file # Decimal offset
# Search for specific patterns
strings binary_file | grep -i password
strings binary_file | grep -E 'https?://'
strings binary_file | grep -i api_key
# Wide character strings (UTF-16)
strings -e l binary_file # Little-endian 16-bit
strings -e b binary_file # Big-endian 16-bit
strings -e L binary_file # Little-endian 32-bit
# Scan entire file (not just initialized data sections)
strings -a binary_file
Common discoveries with strings:
Identify and extract embedded files, analyze entropy, find hidden data.
# Signature scan - identify embedded files/data
binwalk firmware.bin
# Extract all identified files
binwalk -e firmware.bin # Extract to _firmware.bin.extracted/
binwalk --extract firmware.bin # Same as -e
# Recursive extraction (extract files within extracted files)
binwalk -Me firmware.bin
# Entropy analysis - find compressed/encrypted regions
binwalk -E firmware.bin # Generate entropy graph
binwalk --entropy firmware.bin
# Opcode analysis - identify CPU architecture
binwalk -A firmware.bin
binwalk --opcodes firmware.bin
# Raw byte extraction at offset
binwalk --dd='type:extension' firmware.bin
# Specific signature types
binwalk --signature firmware.bin # File signatures only
binwalk --raw='\\x1f\\x8b' firmware.bin # Search for gzip magic bytes
binwalk output interpretation:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 TRX firmware header
28 0x1C LZMA compressed data
1835008 0x1C0000 Squashfs filesystem, little endian
# Hex + ASCII dump
hexdump -C binary_file
xxd binary_file
# Dump specific byte range
xxd -s 0x100 -l 256 binary_file # 256 bytes starting at offset 0x100
# Just hex, no ASCII
hexdump -v -e '/1 "%02x "' binary_file
# Create hex dump that can be reversed
xxd binary_file > hex.txt
xxd -r hex.txt > reconstructed_binary
# Find specific bytes
xxd binary_file | grep "504b" # Look for PK (ZIP signature)
# Basic identification
file unknown_file
file -i unknown_file # MIME type
# Check multiple files
file *
# Follow symlinks
file -L symlink
# 1. Identify file type
file mystery_file
# 2. Check for embedded files
binwalk mystery_file
# 3. Extract strings
strings -n 8 mystery_file | head -100
# 4. Look at hex header
xxd mystery_file | head -20
# 5. Check entropy (compressed/encrypted?)
binwalk -E mystery_file
# 1. Initial scan
binwalk firmware.bin
# 2. Extract everything
binwalk -Me firmware.bin
# 3. Explore extracted filesystem
find _firmware.bin.extracted -type f -name "*.conf"
find _firmware.bin.extracted -type f -name "passwd"
# 4. Search for secrets
grep -r "password" _firmware.bin.extracted/
strings -n 10 firmware.bin | grep -i -E "(pass|key|secret|token)"
# Check for data after end of file
binwalk -E file.jpg # Entropy spike at end = appended data
# Look for embedded archives
binwalk file.jpg | grep -E "(Zip|RAR|7z|gzip)"
# Extract with offset
dd if=file.jpg of=hidden.zip bs=1 skip=12345
| Signature | Hex | File Type |
|---|---|---|
PK | 50 4B 03 04 | ZIP archive |
Rar! | 52 61 72 21 | RAR archive |
7z | 37 7A BC AF | 7-Zip |
ELF | 7F 45 4C 46 | Linux executable |
MZ | 4D 5A | Windows executable |
PNG | 89 50 4E 47 | PNG image |
JFIF | FF D8 FF E0 | JPEG image |
sqsh | 73 71 73 68 | SquashFS |
hsqs | 68 73 71 73 | SquashFS (LE) |