Generating Entropy Graphs

In the context of file analysis, Entropy represents the randomness of the data contained in a file.

Since compressed and encrypted data is, by nature, very random, this is useful for identifying sections of a file that may be compressed or encrypted.

Binwalk can be used to generate an entropy graph of a file where the x-axis represents the file offset and y axis represents the file data's entropy; the y-axis of this graph is a unit-less scale of 0 (not random at all) to 8 (very random).

Example

Here you can see a file that has two clear sections of high-entropy data, with the beginning, middle, and end of the file containing lower-entropy data:

binwalk --entropy a8v2.2-up-noboot_2023-08-24_21.42.12.bin

example entropy

Tip

The entropy graph will be saved as a PNG to your current working directory

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Generating Entropy Graphs

Example

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally