

Visualizing Entropy in Binary Files - jgrodziski
http://corte.si/%2Fposts/visualisation/entropy/index.html

======
cortesi
Author of the post here. I'm working on a browser-based interactive analysis
tool based on these visualizations. It's nowhere near ready for release, but
those who are interested can find a demo here:

[http://binvis.io](http://binvis.io)

This is not even an alpha yet - I plan to announce the initial release in the
next month or so. Eventually, I would like to add the ability to upload, share
and annotate files for analysis. Comments and criticisms welcome!

~~~
13
The level of detail and structure you can pick out with this tool is amazing.

[https://i.imgur.com/lsRA1RN.png](https://i.imgur.com/lsRA1RN.png)

~~~
muyuu
Removed?

------
fenollp
Have a look at Cantor Dust [1], a visual reverse-engineering program that is
promising.

The author says in a presentation [2] that CD is based on Cortesi's work.

[1] [https://sites.google.com/site/xxcantorxdustxx/visual-
re](https://sites.google.com/site/xxcantorxdustxx/visual-re)

[2]
[https://www.youtube.com/watch?v=4bM3Gut1hIk](https://www.youtube.com/watch?v=4bM3Gut1hIk)

Here is a demo: [https://media.blackhat.com/bh-
us-12/Arsenal/Domas/_cantor.du...](https://media.blackhat.com/bh-
us-12/Arsenal/Domas/_cantor.dust_.7z.zip)

------
wxs
These images remind me of Piet[1], an esoteric programming language where the
programs _are_ images. There you see the structure of the algorithm, rather
than the binary, visually presented.

[1]
[http://www.dangermouse.net/esoteric/piet/samples.html](http://www.dangermouse.net/esoteric/piet/samples.html)

------
pmoriarty
This reminds me of a tool that came out 10 or 15 years ago, which allowed you
to feed it arbitrary binary data that it could display in 3D.

I remember reading a Slashdot article on it in which one of the examples was a
3D, freely-rotating view of the Linux kernel binary.

Does anyone know what I'm talking about? I can't seem to recall the name of
the project or find it.

Also related:

[http://vimeo.com/110257380](http://vimeo.com/110257380)

[http://gynvael.coldwind.pl/?id=199](http://gynvael.coldwind.pl/?id=199)

[https://www.youtube.com/watch?v=5f7hZBoEwV0](https://www.youtube.com/watch?v=5f7hZBoEwV0)

[https://github.com/pwaller/binview](https://github.com/pwaller/binview)

------
seivadmas
Perhaps a naive question but... what is this useful for?

~~~
cyphunk
reverse engineering binaries. as patterns are visualised you can also skip
reverse engineering for some goals. for example general entropy levels of
bytes (in relation to their siblings) may allow one to quickly pull out
encryption keys from binaries or memory images.

