unblob is an open-source extraction toolkit developed and maintained by ONEKEY, with the goal of βextract everything.β It is designed for complex inputs such as unknown binary blobs and firmware images. It can parse more than 30 archive, compression, and file system formats, recursively extract their contents, and perform carving on unrecognized data blocks. It provides both a command-line interface and can be used as a Python library, with a clear focus on embedded security, firmware analysis, and reverse engineering.
unblobβs key strength is accurately identifying the start and end offsets of chunks. It locates start offsets through search rules, then calculates end offsets according to format specifications, validates headers, and discards overlapping chunks to reduce false positives. It can also automatically identify and report known padding such as null padding and 0xFF padding. After extraction, the tool continues traversing unpacked files for recursive analysis, and can generate metadata reports including format, offsets, size, entropy, permissions, timestamps, and more.
The project is mainly written in Python, while CPU-intensive tasks such as entropy calculation are accelerated with Rust. Binary pattern searching uses Hyperscan, ELF analysis uses LIEF, the CLI is built with Click, and logging uses structlog. Its API design is well suited to secondary development: developers can extend Handler, DirectoryHandler, Extractor, and DirectoryExtractor to implement custom format detection, multi-file collection handling, and extraction logic.
unblob is explicitly free to use and is released under the permissive MIT License, making it relatively low-cost for both commercial and internal security teams to integrate. The source text does not mention any paid version, commercial hosting, or SLA.
Its advantages include being open source, having a clear focus on accuracy, supporting recursive extraction, and using multiprocessing and memory mapping to improve speed. It also emphasizes security: it does not need to run with elevated privileges, has undergone extensive testing and fuzzing, and some third-party extractors have been audited. The downside is that it is primarily aimed at professional developers and security researchers, so the command line, external dependencies, and custom handler development all come with a certain learning curve. It is a good fit for teams working on firmware security, reverse engineering, data recovery, memory forensics, and malware analysis.
The collected text does not provide information about access, mirrors, or download availability in mainland China, so china_access can only be considered unknown. If GitHub access is unstable, users can consider downloading the source code and dependencies from an accessible environment. Alternative tools to watch include binwalk, firmware-mod-kit, and foremost.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on unblob.org official site.
unblob.org is an Unknown Dev Tools provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach unblob.org directly.