Skip to content

Generating Entropy Graphs

devttys0 edited this page Dec 6, 2024 · 3 revisions

In the context of file analysis, Entropy represents the randomness of the data contained in a file.

Both compression and encryption algorithms seek to remove repetitive data. Although they do it for different reasons, the end result is that both compressed and encrypted data is, by nature, very random.

This makes entropy analysis very useful for identifying sections of a file that may be compressed or encrypted!

Binwalk can be used to generate an entropy graph of a file where the x-axis represents the file offset and y axis represents the file data's entropy; the y-axis of this graph is a unit-less scale of 0 (not random at all) to 8 (very random).

Example

Here you can see a file that has two clear sections of high-entropy data, with the beginning, middle, and end of the file containing lower-entropy data:

binwalk --entropy a8v2.2-up-noboot_2023-08-24_21.42.12.bin

example entropy

Tip

By default, the entropy graph will be saved as a PNG to your current working directory. Use the --png argument to specify an alternative PNG output file.