onekey-sec
diff --git a/‎docs/guide.md‎
Lines changed: 59 additions & 51 deletions b/‎docs/guide.md‎
Lines changed: 59 additions & 51 deletions
diff --git a/‎docs/index.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/index.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎tests/test_cli.py‎
Lines changed: 3 additions & 3 deletions b/‎tests/test_cli.py‎
Lines changed: 3 additions & 3 deletions
@@ -114,12 +114,18 @@ $ cat alpine-report.json
 ]
 ```
 
-### Entropy calculation
+### Randomness calculation
 
 If you are analyzing an unknown file format, it might be useful to know the
-entropy of the contained files, so you can quickly see for example whether the
+randomness of the contained files, so you can quickly see for example whether the
 file is **encrypted** or contains some random content.
 
+Two values are calculated as part of randomness measurements:
+- Shannon's entropy
+- χ² probability
+
+You can find detailed information about both measures [here](https://www.fourmilab.ch/random/).
+
 Let's make a file with fully random content at the start and end:
 
 ```console
@@ -128,59 +134,61 @@ $ dd if=/dev/random of=random2.bin bs=10M count=1
 $ cat random1.bin alpine-minirootfs-3.16.1-x86_64.tar.gz random2.bin > unknown-file
 ```
 
-A nice ASCII entropy plot is drawn on verbose level 3:
+A nice ASCII randomness plot is drawn on verbose level 3:
 
 ```console
 $ unblob -vvv unknown-file | grep -C 15 "Entropy distribution"
 
-2022-07-30 07:58.16 [debug    ] Ended searching for chunks     all_chunks=[0xa00000-0xc96196] pid=19803
-2022-07-30 07:58.16 [debug    ] Removed inner chunks           outer_chunk_count=1 pid=19803 removed_inner_chunk_count=0
-2022-07-30 07:58.16 [warning  ] Found unknown Chunks           chunks=[0x0-0xa00000, 0xc96196-0x1696196] pid=19803
-2022-07-30 07:58.16 [info     ] Extracting unknown chunk       chunk=0x0-0xa00000 path=unknown-file_extract/0-10485760.unknown pid=19803
-2022-07-30 07:58.16 [debug    ] Carving chunk                  path=unknown-file_extract/0-10485760.unknown pid=19803
-2022-07-30 07:58.16 [debug    ] Calculating entropy for file   path=unknown-file_extract/0-10485760.unknown pid=19803 size=0xa00000
-2022-07-30 07:58.16 [debug    ] Entropy calculated             highest=99.99 lowest=99.98 mean=99.98 pid=19803
-2022-07-30 07:58.16 [warning  ] Drawing plot                   pid=19803
-2022-07-30 07:58.16 [debug    ] Entropy chart                  chart=
-                              Entropy distribution
-   ┌---------------------------------------------------------------------------┐
-100┤•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••│
- 90┤                                                                           │
- 80┤                                                                           │
- 70┤                                                                           │
- 60┤                                                                           │
- 50┤                                                                           │
- 40┤                                                                           │
- 30┤                                                                           │
- 20┤                                                                           │
- 10┤                                                                           │
-  0┤                                                                           │
-   └┬---┬---┬---─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬┘
-    1  4  7  12  16  20  24  29  33  37  41  46  50  54  59  63  67  71  76  80
-[y] entropy %                        [x] mB
- pid=19803
-2022-07-30 07:58.16 [info     ] Extracting unknown chunk       chunk=0xc96196-0x1696196 path=unknown-file_extract/13197718-23683478.unknown pid=19803
-2022-07-30 07:58.16 [debug    ] Carving chunk                  path=unknown-file_extract/13197718-23683478.unknown pid=19803
-2022-07-30 07:58.16 [debug    ] Calculating entropy for file   path=unknown-file_extract/13197718-23683478.unknown pid=19803 size=0xa00000
-2022-07-30 07:58.16 [debug    ] Entropy calculated             highest=99.99 lowest=99.98 mean=99.98 pid=19803
-2022-07-30 07:58.16 [warning  ] Drawing plot                   pid=19803
-2022-07-30 07:58.16 [debug    ] Entropy chart                  chart=
-                              Entropy distribution
-   ┌---------------------------------------------------------------------------┐
-100┤•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••│
- 90┤                                                                           │
- 80┤                                                                           │
- 70┤                                                                           │
- 60┤                                                                           │
- 50┤                                                                           │
- 40┤                                                                           │
- 30┤                                                                           │
- 20┤                                                                           │
- 10┤                                                                           │
-  0┤                                                                           │
-   └┬---┬---┬---─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬--─┬┘
-    1  4  7  12  16  20  24  29  33  37  41  46  50  54  59  63  67  71  76  80
-[y] entropy %                        [x] mB
+2024-10-30 10:52.03 [debug    ] Calculating chunk for pattern match handler=arc pid=1963719 real_offset=0x1685f5b start_offset=0x1685f5b
+2024-10-30 10:52.03 [debug    ] Header parsed                  header=<arc_head archive_marker=0x1a, header_type=0x1, name=b'8\xa7i&po\xc77\xd5h\x9a\x9d\xf1', size=0x26d171fa, date=0x1bfd, time=0xe03f, crc=-0x3b95, length=0x349997d5> pid=1963719
+2024-10-30 10:52.03 [debug    ] Ended searching for chunks     all_chunks=[0xa00000-0xc96196] pid=1963719
+2024-10-30 10:52.03 [debug    ] Removed inner chunks           outer_chunk_count=1 pid=1963719 removed_inner_chunk_count=0
+2024-10-30 10:52.03 [warning  ] Found unknown Chunks           chunks=[0x0-0xa00000, 0xc96196-0x1696196] pid=1963719
+2024-10-30 10:52.03 [info     ] Extracting unknown chunk       chunk=0x0-0xa00000 path=unknown-file_extract/0-10485760.unknown pid=1963719
+2024-10-30 10:52.03 [debug    ] Carving chunk                  path=unknown-file_extract/0-10485760.unknown pid=1963719
+2024-10-30 10:52.03 [debug    ] Calculating randomness for file path=unknown-file_extract/0-10485760.unknown pid=1963719 size=0xa00000
+2024-10-30 10:52.03 [debug    ] Shannon entropy calculated     block_size=0x20000 highest=99.99 lowest=99.98 mean=99.98 path=unknown-file_extract/0-10485760.unknown pid=1963719 size=0xa00000
+2024-10-30 10:52.03 [debug    ] Chi square probability calculated block_size=0x20000 highest=97.88 lowest=3.17 mean=52.76 path=unknown-file_extract/0-10485760.unknown pid=1963719 size=0xa00000
+2024-10-30 10:52.03 [debug    ] Entropy chart                  chart=
+                              Randomness distribution                           
+   ┌───────────────────────────────────────────────────────────────────────────┐
+100┤ •• Shannon entropy (%)        •••••••••♰••••••••••••••••••••••••••••••••••│
+ 90┤ ♰♰ Chi square probability (%)   ♰ ♰ ♰♰♰♰                    ♰    ♰  ♰     │
+ 80┤♰ ♰ ♰♰  ♰♰       ♰♰       ♰ ♰   ♰♰♰♰♰♰♰♰♰   ♰           ♰♰♰♰♰♰   ♰♰ ♰♰     │
+ 70┤♰♰♰♰  ♰ ♰ ♰ ♰   ♰♰♰  ♰ ♰  ♰ ♰   ♰♰♰♰♰♰♰♰♰  ♰♰      ♰ ♰ ♰   ♰♰♰  ♰♰♰♰♰♰     │
+ 60┤♰♰♰♰  ♰♰  ♰♰ ♰ ♰♰♰♰ ♰ ♰♰ ♰  ♰ ♰ ♰♰♰♰♰♰ ♰♰ ♰ ♰     ♰♰♰♰ ♰   ♰♰♰ ♰♰♰♰♰♰♰     │
+ 50┤ ♰♰♰  ♰♰  ♰♰ ♰♰ ♰♰♰♰  ♰♰ ♰  ♰♰♰ ♰♰♰♰♰♰  ♰ ♰ ♰    ♰♰♰♰♰ ♰   ♰♰♰ ♰ ♰♰♰♰♰  ♰  │
+ 40┤  ♰♰  ♰♰   ♰ ♰♰ ♰♰♰♰  ♰♰ ♰  ♰♰♰ ♰♰♰♰♰♰   ♰♰  ♰♰ ♰♰♰♰♰♰ ♰   ♰♰♰ ♰  ♰♰♰♰ ♰♰ ♰│
+ 30┤   ♰  ♰♰     ♰♰ ♰♰♰♰  ♰ ♰♰  ♰♰ ♰♰ ♰ ♰♰    ♰   ♰ ♰♰♰ ♰ ♰     ♰♰ ♰  ♰♰♰ ♰♰ ♰ │
+ 20┤      ♰♰     ♰♰  ♰♰♰  ♰ ♰♰   ♰ ♰♰    ♰        ♰ ♰ ♰ ♰         ♰    ♰♰      │
+ 10┤       ♰      ♰    ♰  ♰  ♰     ♰♰    ♰         ♰                   ♰♰      │
+  0┤                                ♰                                   ♰      │
+   └─┬──┬─┬──┬────┬───┬──┬──┬──┬───┬───┬──┬────┬───┬────┬──┬──┬────┬──┬───┬──┬─┘
+   0 2  5 7 11   16  20 23 27 30  34  38 42   47  51   56 60 63   68 71  76 79  
+                                   131072 bytes                                 
+ path=unknown-file_extract/0-10485760.unknown pid=1963719
+2024-10-30 10:52.03 [info     ] Extracting unknown chunk       chunk=0xc96196-0x1696196 path=unknown-file_extract/13197718-23683478.unknown pid=1963719
+2024-10-30 10:52.03 [debug    ] Carving chunk                  path=unknown-file_extract/13197718-23683478.unknown pid=1963719
+2024-10-30 10:52.03 [debug    ] Calculating randomness for file path=unknown-file_extract/13197718-23683478.unknown pid=1963719 size=0xa00000
+2024-10-30 10:52.03 [debug    ] Shannon entropy calculated     block_size=0x20000 highest=99.99 lowest=99.98 mean=99.98 path=unknown-file_extract/13197718-23683478.unknown pid=1963719 size=0xa00000
+2024-10-30 10:52.03 [debug    ] Chi square probability calculated block_size=0x20000 highest=99.03 lowest=0.23 mean=42.62 path=unknown-file_extract/13197718-23683478.unknown pid=1963719 size=0xa00000
+2024-10-30 10:52.03 [debug    ] Entropy chart                  chart=
+                              Randomness distribution                           
+   ┌───────────────────────────────────────────────────────────────────────────┐
+100┤ •• Shannon entropy (%)        •••••••••••••••••••••♰••••••••••••••••••••••│
+ 90┤ ♰♰ Chi square probability (%)         ♰           ♰♰            ♰         │
+ 80┤♰♰        ♰♰    ♰♰    ♰               ♰♰       ♰   ♰♰        ♰  ♰♰         │
+ 70┤♰ ♰   ♰  ♰  ♰  ♰ ♰    ♰ ♰    ♰        ♰♰      ♰♰   ♰♰♰   ♰  ♰♰  ♰♰         │
+ 60┤  ♰  ♰♰ ♰   ♰ ♰  ♰  ♰♰♰♰♰   ♰♰        ♰♰ ♰♰   ♰ ♰  ♰♰♰  ♰♰ ♰ ♰  ♰♰   ♰     │
+ 50┤  ♰ ♰♰♰ ♰   ♰ ♰  ♰ ♰ ♰♰♰♰ ♰ ♰♰      ♰ ♰♰♰ ♰   ♰ ♰  ♰♰♰  ♰♰ ♰ ♰  ♰♰  ♰♰   ♰ │
+ 40┤  ♰♰♰♰ ♰♰    ♰♰  ♰ ♰ ♰♰  ♰♰♰  ♰♰♰  ♰♰♰ ♰♰ ♰   ♰  ♰ ♰♰ ♰ ♰♰ ♰ ♰ ♰ ♰ ♰♰♰  ♰♰ │
+ 30┤  ♰♰♰♰ ♰♰    ♰♰   ♰♰ ♰♰   ♰♰     ♰♰♰♰♰ ♰♰ ♰   ♰  ♰ ♰♰  ♰♰♰ ♰ ♰ ♰ ♰ ♰ ♰  ♰ ♰│
+ 20┤   ♰♰♰  ♰     ♰      ♰♰   ♰♰      ♰♰♰♰ ♰♰ ♰   ♰  ♰ ♰♰   ♰♰ ♰ ♰♰  ♰♰  ♰  ♰  │
+ 10┤     ♰                ♰    ♰       ♰ ♰  ♰ ♰ ♰♰   ♰ ♰♰     ♰♰ ♰♰   ♰  ♰ ♰   │
+  0┤                                           ♰ ♰    ♰♰          ♰       ♰♰   │
+   └─┬──┬─┬──┬────┬───┬──┬──┬──┬───┬───┬──┬────┬───┬────┬──┬──┬────┬──┬───┬──┬─┘
+   0 2  5 7 11   16  20 23 27 30  34  38 42   47  51   56 60 63   68 71  76 79  
+                                   131072 bytes                                 
 ```
 
 ### Skip extraction with file magic
 
@@ -94,7 +94,7 @@ unblob identifies known and unknown chunks of data within a file:
   extracted content, looking for chunks in extracted files.
 
 - a report on metadata can be generated by unblob, providing detailed
-  information about identified chunks (format, offsets, size, entropy) and their
+  information about identified chunks (format, offsets, size, randomness) and their
   extracted content if available (ownership, permissions, timestamps, ...).
 
 ![unblob_architecture.webp](unblob_architecture.webp)
@@ -115,7 +115,7 @@ special **DirectoryExtractor**.
 - For extracting recognized formats, we use all kinds of different [Extractors](extractors.md).
 - For ELF analysis, we are using [LIEF](https://lief-project.github.io/) with
   its [Python bindings](https://pypi.org/project/lief/).
-- For CPU-intensive tasks (e.g. entropy calculation), we use
+- For CPU-intensive tasks (e.g. randomness calculation), we use
   [Rust](https://www.rust-lang.org/) to speed things up.
 - For the pretty command line interface, we are using the
   [Click library](https://click.palletsprojects.com/).
 
@@ -184,7 +184,7 @@ def test_dir_for_file(tmp_path: Path):
 
 
 @pytest.mark.parametrize(
-    "params, expected_depth, expected_entropy_depth, expected_process_num, expected_verbosity, expected_progress_reporter",
+    "params, expected_depth, expected_randomness_depth, expected_process_num, expected_verbosity, expected_progress_reporter",
     [
         pytest.param(
             [],
@@ -233,7 +233,7 @@ def test_dir_for_file(tmp_path: Path):
 def test_archive_success(
     params,
     expected_depth: int,
-    expected_entropy_depth: int,
+    expected_randomness_depth: int,
     expected_process_num: int,
     expected_verbosity: int,
     expected_progress_reporter: Type[ProgressReporter],
@@ -263,7 +263,7 @@ def test_archive_success(
     config = ExtractionConfig(
         extract_root=tmp_path,
         max_depth=expected_depth,
-        entropy_depth=expected_entropy_depth,
+        entropy_depth=expected_randomness_depth,
         entropy_plot=bool(expected_verbosity >= 3),
         process_num=expected_process_num,
         handlers=BUILTIN_HANDLERS,