Entropy Diagrams

‘Entropy’ is basically code for ‘how random data is’.

This is a 3D representation of a software binary’s entropy. The brighter parts are ‘low entropy’ and would allow you to identify where it might have code, like a self-extracting bootstrapper:

Entropy Diagram - UnzoomedAn entropy diagram in 3D

Entropy Diagram - ZoomedA close-up view of the diagram’s construction

Generally, compressed, or pseudorandom data has a ‘high entropy’. This is because there aren’t many patterns. The lack of patterns in high entropy data also explains why it’s mathematically impossible to losslessly compress truely random data. This is despite a patent being awarded for doing so!

Anyway, entropy allows you to graphically view a file (usually binary code, or an executable), and see where it may contain compressed or hidden data that ordinarily isn’t obvious. This data is often obfuscated through compression or encryption.

Note that this software was written for my previous employer, which means I do not hold the licence, and cannot sell it myself.

  • Written by Greg
  Leave a comment

Comments are closed.