-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Generating Entropy Graphs
In the context of file analysis, Entropy represents the randomness of the data contained in a file.
Both compression and encryption algorithms seek to remove repetitive data. Although they do it for different reasons, the end result is that both compressed and encrypted data is, by nature, very random.
This makes entropy analysis very useful for identifying sections of a file that may be compressed or encrypted!
Binwalk can be used to generate an entropy graph of a file where the x-axis represents the file offset and y axis represents the file data's entropy; the y-axis of this graph is a unit-less scale of 0
(not random at all) to 8
(very random).
Here you can see a file that has two clear sections of high-entropy data, with the beginning, middle, and end of the file containing lower-entropy data:
binwalk --entropy a8v2.2-up-noboot_2023-08-24_21.42.12.bin
Tip
By default, the entropy graph will be saved as a PNG to your current working directory.
Use the --png
argument to specify an alternative PNG output file.